I have a router which has multiple routes. Currently, I am escaping every parameter being passed to the method separately in the method itself.
I need to escape all the parameters which are being passed in the URL for security purpose.
class MyRouter extends Backbone.Router
routes:
"student/:id/:name" : "student"
"teacher/:tid/:tname" : "teacher"
"teacher/:tid/:tname/share" : "teacher_share"
student: (id, name) ->
id = _.escape(id)
name = _.escape(name)
#do stuff
teacher: (tid, tname) ->
tid = _.escape(tid)
tname = _.escape(tname)
#do stuff
teacher_share: (tid, tname) ->
tid = _.escape(tid)
tname = _.escape(tname)
#do stuff
Is it possible to escape all the parameters in all the routes at once, so that I don't have to explicitly escape them in every respective method?
You can override execute
execute
router.execute(callback, args, name)This method is called internally within the router, whenever a route matches and its corresponding callback is about to be executed. Return false from execute to cancel the current transition. Override it to perform custom parsing or wrapping of your routes, for example, to parse query strings before handing them to your route callback, like so:var Router = Backbone.Router.extend({ execute: function(callback, args, name) { if (!loggedIn) { goToLogin(); return false; } args.push(parseQueryString(args.pop())); if (callback) callback.apply(this, args); } });