In this article, we will see the Backbone.js escape() model. The Backbone.js escape() model is used to return or get the HTML escaped version of an attribute in the given model. It is similar to a get() model. While interpolating the data from the model to the HTML, use the escape that will help to retrieve the attributes, in order to prevent it from XSS attack.
Syntax:
Backbone.Model.escape(attribute);
Parameters: It accepts an only a single parameter:
- attribute: It specifies the attribute in a model to be returned.
Example 1: The following example demonstrates the book model returning its attributes (string data) using the JSON.stringify() method.
HTML
<!DOCTYPE html> <html>
<head>
<script src=
type="text/javascript">
</script>
<script src=
type="text/javascript">
</script>
<script src=
type="text/javascript">
</script>
</head>
<body>
<script type="text/javascript">
var Books = Backbone.Model.extend();
var book = new Books({bookid:23,price:678,book_name:"css"});
document.write(' Values: ' + JSON.stringify(book));
</script>
</body>
</html>
|
Output:
Values: {"bookid":23,"price":678,"book_name":"css"}Example 2: The following example demonstrates the escape() model.
HTML
<!DOCTYPE html> <html>
<head>
<script src=
type="text/javascript">
</script>
<script src=
type="text/javascript">
</script>
<script src=
type="text/javascript">
</script>
</head>
<body>
<script type="text/javascript">
var Books = Backbone.Model.extend();
var book = new Books({bookid:23,price:678,book_name:"css"});
document.write('bookid: ',book.escape('bookid'));
document.write("<br>");
document.write('price: ',book.escape('price'));
document.write("<br>");
document.write('book_name: ',book.escape('book_name'));
</script>
</body>
</html>
|
Output:
bookid: 23 price: 678 book_name: css
Reference: https://backbonejs.org/#Model-escape