How to use the Canonicalized data by easpi in javascript

How i use Esapi to Canonicalize the data as suggested by veracode.

out.print(ESAPI.encoder().encodeForHTML(jsonObj.toJSONString()));

Now the data seen in console is

&#x7b;&quot;total&quot;&#x3a;1,&quot;records&quot;&#x3a;5,&quot;rows&quot;&#x3a;&#x5b;&#x7b;&quot;id&quot;&#x3a;&quot;RLCP.NS&quot;,&quot;cell&quot;&#x3a;&#x7b;&quot;ser&quot;&#x3a;&quot;EQ&quot;,&quot;bdlt&quot;&#x3a;1,&quot;e&quot;&#x3a;&quot;NSE&quot;,&quot;chigh&quot;&#x3a;&quot;534.7&quot;,&quot;tick&quot;&#x3a;&quot;0.05&quot;,&quot;m&quot;&#x3a;1,&quot;prec&quot;&#x3a;2,&quot;W&#x5c;&#x2f;L&quot;&#x3a;null,&quot;exch&quot;&#x3a;&quot;nse_cm&quot;,&quot;tk&quot;&#x3a;&quot;2882&quot;,&quot;action&quot;&#x3a;&quot;&lt;button class&#x3d;&#x27;button-style-s button-alt2&#x27; onclick&#x3d;&#x27;Buy&#x28;&#x29;&#x3b;&#x27;&gt;Buy&lt;&#x5c;&#x2f;button&gt;&lt;button class&#x3d;&#x27;button-style-s button-alt1&#x27; onclick&#x3d;&#x27;Sell&#x28;&#x29;&#x3b;&#x27;&gt;Sell&lt;&#x5c;&#x2f;button&gt;&quot;,&quot;rowtoken&quot;&#x3a;&quot;NSE2882&quot;,&quot;ts&quot;&#x3a;&quot;RLCP.NS&quot;,&quot;clow&quot;&#x3a;&quot;437.5&quot;&#x7d;&#x7d;,&#x7b;&quot;id&quot;&#x3a;&quot;SBI.NS&quot;,&quot;cell&quot;&#x3a;&#x7b;&quot;ser&quot;&#x3a;&quot;EQ&quot;,&quot;bdlt&quot;&#x3a;1,&quot;e&quot;&#x3a;&quot;NSE&quot;,&quot;chigh&quot;&#x3a;&quot;339.8&quot;,&quot;tick&quot;&#x3a;&quot;0.05&quot;,&quot;m&quot;&#x3a;1,&quot;prec&quot;&#x3a;2,&quot;W&#x5c;&#x2f;L&quot;&#x3a;null,&quot;exch&quot;&#x3a;&quot;nse_cm&quot;,&quot;tk&quot;&#x3a;&quot;3045&quot;,&quot;action&quot;&#x3a;&quot;&lt;button class&#x3d;&#x27;button-style-s button-alt2&#x27; onclick&#x3d;&#x27;Buy&#x28;&#x29;&#x3b;&#x27;&gt;Buy&lt;&#x5c;&#x2f;button&gt;&lt;button class&#x3d;&#x27;button-style-s button-alt1&#x27; onclick&#x3d;&#x27;Sell&#x28;&#x29;&#x3b;&#x27;&gt;Sell&lt;&#x5c;&#x2f;button&gt;&quot;,&quot;rowtoken&quot;&#x3a;&quot;NSE3045&quot;,&quot;ts&quot;&#x3a;&quot;SBI.NS&quot;,&quot;clow&quot;&#x3a;&quot;278.1&quot;&#x7d;&#x7d;,&#x7b;&quot;id&quot;&#x3a;&quot;YESB.NS&quot;,&quot;cell&quot;&#x3a;&#x7b;&quot;ser&quot;&#x3a;&quot;EQ&quot;,&quot;bdlt&quot;&#x3a;1,&quot;e&quot;&#x3a;&quot;NSE&quot;,&quot;chigh&quot;&#x3a;&quot;948.65&quot;,&quot;tick&quot;&#x3a;&quot;0.05&quot;,&quot;m&quot;&#x3a;1,&quot;prec&quot;&#x3a;2,&quot;W&#x5c;&#x2f;L&quot;&#x3a;null,&quot;exch&quot;&#x3a;&quot;nse_cm&quot;,&quot;tk&quot;&#x3a;&quot;11915&quot;,&quot;action&quot;&#x3a;&quot;&lt;button class&#x3d;&#x27;button-style-s button-alt2&#x27; onclick&#x3d;&#x27;Buy&#x28;&#x29;&#x3b;&#x27;&gt;Buy&lt;&#x5c;&#x2f;button&gt;&lt;button class&#x3d;&#x27;button-style-s button-alt1&#x27; onclick&#x3d;&#x27;Sell&#x28;&#x29;&#x3b;&#x27;&gt;Sell&lt;&#x5c;&#x2f;button&gt;&quot;,&quot;rowtoken&quot;&#x3a;&quot;NSE11915&quot;,&quot;ts&quot;&#x3a;&quot;YESB.NS&quot;,&quot;clow&quot;&#x3a;&quot;776.25&quot;&#x7d;&#x7d;,&#x7b;&quot;id&quot;&#x3a;&quot;BOB.NS&quot;,&quot;cell&quot;&#x3a;&#x7b;&quot;ser&quot;&#x3a;&quot;EQ&quot;,&quot;bdlt&quot;&#x3a;1,&quot;e&quot;&#x3a;&quot;NSE&quot;,&quot;chigh&quot;&#x3a;&quot;212.45&quot;,&quot;tick&quot;&#x3a;&quot;0.05&quot;,&quot;m&quot;&#x3a;1,&quot;prec&quot;&#x3a;2,&quot;W&#x5c;&#x2f;L&quot;&#x3a;null,&quot;exch&quot;&#x3a;&quot;nse_cm&quot;,&quot;tk&quot;&#x3a;&quot;4668&quot;,&quot;action&quot;&#x3a;&quot;&lt;button class&#x3d;&#x27;button-style-s button-alt2&#x27; onclick&#x3d;&#x27;Buy&#x28;&#x29;&#x3b;&#x27;&gt;Buy&lt;&#x5c;&#x2f;button&gt;&lt;button class&#x3d;&#x27;button-style-s button-alt1&#x27; onclick&#x3d;&#x27;Sell&#x28;&#x29;&#x3b;&#x27;&gt;Sell&lt;&#x5c;&#x2f;button&gt;&quot;,&quot;rowtoken&quot;&#x3a;&quot;NSE4668&quot;,&quot;ts&quot;&#x3a;&quot;BOB.NS&quot;,&quot;clow&quot;&#x3a;&quot;173.85&quot;&#x7d;&#x7d;,&#x7b;&quot;id&quot;&#x3a;&quot;SBNK.NS&quot;,&quot;cell&quot;&#x3a;&#x7b;&quot;ser&quot;&#x3a;&quot;EQ&quot;,&quot;bdlt&quot;&#x3a;1,&quot;e&quot;&#x3a;&quot;NSE&quot;,&quot;chigh&quot;&#x3a;&quot;128.85&quot;,&quot;tick&quot;&#x3a;&quot;0.05&quot;,&quot;m&quot;&#x3a;1,&quot;prec&quot;&#x3a;2,&quot;W&#x5c;&#x2f;L&quot;&#x3a;null,&quot;exch&quot;&#x3a;&quot;nse_cm&quot;,&quot;tk&quot;&#x3a;&quot;7179&quot;,&quot;action&quot;&#x3a;&quot;&lt;button class&#x3d;&#x27;button-style-s button-alt2&#x27; onclick&#x3d;&#x27;Buy&#x28;&#x29;&#x3b;&#x27;&gt;Buy&lt;&#x5c;&#x2f;button&gt;&lt;button class&#x3d;&#x27;button-style-s button-alt1&#x27; onclick&#x3d;&#x27;Sell&#x28;&#x29;&#x3b;&#x27;&gt;Sell&lt;&#x5c;&#x2f;button&gt;&quot;,&quot;rowtoken&quot;&#x3a;&quot;NSE7179&quot;,&quot;ts&quot;&#x3a;&quot;SBNK.NS&quot;,&quot;clow&quot;&#x3a;&quot;105.45&quot;&#x7d;&#x7d;&#x5d;&#x7d;

But it renders in html as

{"total":1,"records":5,"rows":[{"id":"RLCP.NS","cell":{"ser":"EQ","bdlt":1,"e":"NSE","chigh":"534.7","tick":"0.05","m":1,"prec":2,"W\/L":null,"exch":"nse_cm","tk":"2882","action":"<button class='button-style-s button-alt2' onclick='Buy();'>Buy<\/button><button class='button-style-s button-alt1' onclick='Sell();'>Sell<\/button>","rowtoken":"NSE2882","ts":"RLCP.NS","clow":"437.5"}},{"id":"SBI.NS","cell":{"ser":"EQ","bdlt":1,"e":"NSE","chigh":"339.8","tick":"0.05","m":1,"prec":2,"W\/L":null,"exch":"nse_cm","tk":"3045","action":"<button class='button-style-s button-alt2' onclick='Buy();'>Buy<\/button><button class='button-style-s button-alt1' onclick='Sell();'>Sell<\/button>","rowtoken":"NSE3045","ts":"SBI.NS","clow":"278.1"}},{"id":"YESB.NS","cell":{"ser":"EQ","bdlt":1,"e":"NSE","chigh":"948.65","tick":"0.05","m":1,"prec":2,"W\/L":null,"exch":"nse_cm","tk":"11915","action":"<button class='button-style-s button-alt2' onclick='Buy();'>Buy<\/button><button class='button-style-s button-alt1' onclick='Sell();'>Sell<\/button>","rowtoken":"NSE11915","ts":"YESB.NS","clow":"776.25"}},{"id":"BOB.NS","cell":{"ser":"EQ","bdlt":1,"e":"NSE","chigh":"212.45","tick":"0.05","m":1,"prec":2,"W\/L":null,"exch":"nse_cm","tk":"4668","action":"<button class='button-style-s button-alt2' onclick='Buy();'>Buy<\/button><button class='button-style-s button-alt1' onclick='Sell();'>Sell<\/button>","rowtoken":"NSE4668","ts":"BOB.NS","clow":"173.85"}},{"id":"SBNK.NS","cell":{"ser":"EQ","bdlt":1,"e":"NSE","chigh":"128.85","tick":"0.05","m":1,"prec":2,"W\/L":null,"exch":"nse_cm","tk":"7179","action":"<button class='button-style-s button-alt2' onclick='Buy();'>Buy<\/button><button class='button-style-s button-alt1' onclick='Sell();'>Sell<\/button>","rowtoken":"NSE7179","ts":"SBNK.NS","clow":"105.45"}}]}

As shown, my javscript fails to understand the data and fails. What can i do to resolve this problem.

Solution

I used ESAPI.encode().escapeForJavaScript() I got the following result

\x7B\x22mw0\x22\x3A\x22Default\x22\x7D

Now to change it to a format that could be understood by the java script I used following code.

data="\x7B\x22mw0\x22\x3A\x22Default\x22\x7D"
decodeURIComponent(data.replace(/\\x/g, '%'));

Return is

"{"mw0":"Default"}"