It should either be escaped by converting angular brackets to < and > (which can be done automatically if you paste the string into the WYSIWYG part of the editor instead of the source code section and then converted back by accessing .textContent of the element wherever you are using it in JS) or placed inside one of the HTML tags that allow unescaped raw code (<script> tags are automatically removed from field content as part of santitisation, but <xmp> seems to still be available and possible to be read with .innerHTML, although it is depricated).
Alternatively, you can use quote alternation to avoid interference between the plain-text part of the string and the HTML code:
Still a little confused, but if I am understanding correct, you are saying it is because anki fields are html fields and I am using it as a javascript field, so the problem is that anki fields undergo html sanitisation which mistakenly interprets my js as html and messes it up. So the root problem is that I am using an html field as an javascript field. Is this correct? And if so, how can I somehow pass javascript (or even json) data structures to my templates via an anki field? Is there some convention you guys use?
Yes, all fields in Anki are stored as HTML, so any other format should be properly escaped to be put inside.
Sanitisation itself is not the problem, and is not inherent to HTML, it is just what Anki started applying from version 25.2 onwards for security reasons. It somewhat limits the solution options, but only prohibits the least advisable one anyway.
You escape it as I described in the previous post and parse it using JS in the card template.
Thank you so much for the explanation! Would have spent days on this. So I discovered that I actually was mistaken and have to use json not js literals, and json is more restrictive so I can’t use the single quotes strategy. So I take json string and html encode it so the anki field won’t sanitise it away, then how to access within the template? Because currently I have