[eluser]mallix[/eluser]
Hello,
i have a quick question.
Assume i have a view for creating a team [input field id="team"]
I pass the value to ajax.js [createTeam(team)], which goes to controller Team.
Then in the same ajax.js i have a function [deleteTeam(teamId)] which goes to another controller to delete the team based on the id.
So if i go to the input field and write [script type="text/javascript"]deleteTeam(48)[/script] and hit save i get:
newly created team [removed]deleteTeam(48)[removed]
BUT team with id 48 is deleted.
How can i prevent that ?
I am using jQuery to post form data to controllers, inside the controllers i have xss filters, but this happens before the logic goes to controllers.
Thank you in advance, any tip-help is really appreciated.