How should I be properly securing the transfer of large sections of HTML via AJAX and then storing in the WordPress database as a post_meta field? The HTML would be around 100-500kb.
Below is the code I am using to send the HTML. I think that the storing of it will not be such an issue as I am more adept at PHP, but I am wondering about XSS and the like when using Javascript.
Is this a safe way to do this? What steps do I need to take to secure this? It will be behind a paid login, so that will reduce any threats a fair bit.
$('#save-report').on( 'click', function( e ){
e.preventDefault();
var $url = $( '#save-report' ).data( 'url' );
var $report = $( '#report-wrapper' ).html();
jQuery.ajax({
url: zee.ajax_url,
data: {
action : 'zee_save_report',
report : $report,
url : $url,
nonce : zee.nonce
},
type: 'post',
dataType: 'json',
success : function(response) {
console.log(response)
return false;
}
});
});