Escape or update bound value on change event


#1

I have come to the realization that

{($value)}=“diagnosis.shortName”

is not escaping when it is loaded from the database. That is, “<script>” is acted on by the browser.

Escaping invalid text on input is perfectly acceptable to me.

  • I can examine the value of the tag in the change event but .val() doesn’t write through to the viewModel.

  • I have looked but see no handle to touch the viewModel from the change event to update it directly.

The data structure is pretty complicated so post processing is an unattractive option.

Mostly, I’d love the binding to behave as normal state does, i.e., escape. If there was a syntax that would cause that, I’d be very happy.

Thoughts?

tqii


#2

@tqwhite are you saying that diagnosis.shortName has a <script> tag in it and that script is executed?


#4

Yes.

When diagnosis.shortName has a , it executes.