I have unescaped data from users. So is it safe to use like this: var data = '<test>a&f"#</test>'; // example data from ajax response if (typeof(data) === 'string') $('body').text(data); Can I use like this or there is some problems like encoding or some specific symbols that I should be careful and add more strict validation?
![Is jQuery .text() method XSS safe?](https://cdn-ak-scissors.b.st-hatena.com/image/square/98d6f053a97a87156775f60757c60865d0f2c47d/height=288;version=1;width=512/https%3A%2F%2Fcdn.sstatic.net%2FSites%2Fstackoverflow%2FImg%2Fapple-touch-icon%402.png%3Fv%3D73d79a89bded)