The Review of my add-on arrived and I got the comment “the ... line ... seems to create a script from strings with dynamic parameters and it looks like these are coming from a remote file. Given the dynamic parameters are not escaped script injection could occur. Please make sure the values are escaped.“
Can anyone tell me how to escape these parameters in a secure way? Is there a single JS-Function to call?
Since we know that jsonValue is in fact valid JSON, it is ok to directly paste it into the code.
(Your solution would break if the string is for example "a ' single quote").
On a site note: If you work with code that needs to be evaluated in a different context, you can also do this: