Escape quotes in JavaScript

Question

I m outputting values from a database  it isn t really open to public entry  but it is open to entry by a user at the company -- meaning  I m not worried about XSS    I m trying to output a tag like this    lt a href    onclick  DoEdit  DESCRIPTION     gt Click Me lt  a gt    DESCRIPTION is actually a value from the database that is something like this   Prelim Assess  Mini  Report   I ve tried replacing   with     but no matter what I try  Firefox keeps chopping off my JavaScript call  after the space after the word Assess  and it is causing all sorts of issues   I must bemissing the obvious answer  but for the life of me I can t figure it out   Anyone care to point out my idiocy   Here is the entire HTML page  it will be an ASP NET page eventually  but in order to solve this I took out everything else but the problem code    lt html gt       lt body gt           lt a href     onclick  DoEdit  Preliminary Assessment   Mini      return false   gt edit lt  a gt       lt  body gt   lt  html gt

User · Answer

If you re assembling the HTML in Java  you can use this nice utility class from Apache commons-lang to do all the escaping correctly      org apache commons lang StringEscapeUtils Escapes and unescapes   Strings for Java  Java Script  HTML  XML  and SQL

User · Answer

lt html gt       lt body gt           lt a href     onclick  DoEdit  Preliminary Assessment  amp quot Mini amp quot     return false   gt edit lt  a gt       lt  body gt   lt  html gt    Should do the trick

User · Answer

You can copy those two functions  listed below   and use them to escape unescape all quotes and special characters  You don t have to use jQuery or any other library for this   function escape s        return       s           replace     g                   replace   t g     t            replace   n g     n            replace   u00A0 g     u00A0            replace   amp  g     x26            replace    g     x27            replace    g     x22            replace   lt  g     x3C            replace   gt  g     x3E       function unescape s        s         s          replace    x3E g    gt            replace    x3C g    lt            replace    x22 g               replace    x27 g               replace    x26 g    amp            replace    u00A0 g    u00A0           replace    n g    n           replace    t g    t         return s replace       g

User · Answer

You can use the escape   and unescape   jQuery methods  Like below   Use escape str   to escape the string and recover again using unescape str esc

User · Answer

Escape whitespace as well  It sounds to me like Firefox is assuming three arguments instead of one    amp nbsp  is the non-breaking space character   Even if it s not the whole problem  it may still be a good idea

User · Answer

You need to escape the string you are writing out into DoEdit to scrub out the double-quote characters  They are causing the onclick HTML attribute to close prematurely   Using the JavaScript escape character     isn t sufficient in the HTML context  You need to replace the double-quote with the proper XML entity representation   amp quot

User · Answer

amp quot  would work in this particular case  as suggested before me  because of the HTML context   However  if you want your JavaScript code to be independently escaped for any context  you could opt for the native JavaScript encoding    becomes  x27   becomes  x22  So your onclick would become DoEdit  Preliminary Assessment  x22Mini x22     This would work for example also when passing a JavaScript string as a parameter to another JavaScript method  alert   is an easy test method for this    I am referring you to the duplicate Stack Overflow question  How do I escape a string inside JavaScript code inside an onClick handler

User · Answer

Folks  there is already the unescape function in JavaScript which does the unescaping for       lt script type  text javascript  gt      var str  this is   good         document write unescape str    lt  script gt

User · Answer

This is how I do it  basically str replace        g            x000D   x000D  var display   document getElementById  output    x000D  var str    class  whatever-foo  input  id  node-key    x000D  display innerHTML   str replace        g          x000D   x000D    will return class   whatever-foo  input   id   node-key   x000D   lt span id  output  gt  lt  span gt  x000D   x000D   x000D

User · Answer

You need to escape quotes with double backslashes    This fails  produced by PHP s json encode     lt script gt    var jsonString       key   my   value           var parsedJson   JSON parse jsonString    lt  script gt    This works    lt script gt    var jsonString       key   my    value            var parsedJson   JSON parse jsonString    lt  script gt

User · Answer

The problem is that HTML doesn t recognize the escape character  You could work around that by using the single quotes for the HTML attribute and the double quotes for the onclick    lt a href     onclick  DoEdit  Preliminary Assessment   Mini      return false   gt edit lt  a gt

User · Answer

I have done a sample one using jQuery  var descr    test inside outside     function           div1   append   lt a href     onclick  DoEdit descr    gt Click Me lt  a gt                 function DoEdit desc        alert   desc        And this works in Internet nbsp Explorer and Firefox

User · Answer

Please find in the below code which escapes the single quotes as part of the entered string using a regular expression  It validates if the user-entered string is comma-separated and at the same time it even escapes any single quote s  entered as part of the string   In order to escape single quotes  just enter a backward slash followed by a single quote like       as part of the string  I used jQuery validator for this example  and you can use as per your convenience   Valid String Examples    Hello    Hello    World    Hello   World    Hello   World        It  s my world    Can  t enjoy this without me     Welcome  Guest   HTML    lt tr gt       lt td gt           lt label class  control-label  gt              String Field           lt  label gt           lt div class  inner-addon right-addon  gt               lt input type  text  id  stringField                     name  stringField                     class  form-control                     autocomplete  off                     data-rule-required  true                     data-msg-required  Cannot be blank                      data-rule-commaSeparatedText  true                     data-msg-commaSeparatedText  Invalid comma separated value s    gt           lt  div gt       lt  td gt      JavaScript                   param  type  param1     param  type  param2     param  type  param3     jQuery validator addMethod  commaSeparatedText   function value  element         if  value length     0            return true            var expression   new RegExp                                         w  s      -                                                            s                                       w  s      -                                                            return expression test value       Invalid comma separated string values

[javascript] Escape quotes in JavaScript

Examples related to javascript

Examples related to quotes

Examples related to escaping