Prev: How to detect what Library is behind the $ function?
Next: How do I modify a dropdown box?
From: Thomas 'PointedEars' Lahn on 4 May 2010 18:50
Garrett Smith wrote:

> <?php addslashes($str); ?>

<?php echo addslashes($str); ?>

> [...]

I'll look into the rest later.


PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
From: nick on 4 May 2010 20:38
On May 4, 6:50 pm, Thomas 'PointedEars' Lahn <PointedE...(a)web.de>
wrote:

>   <?php echo addslashes($str); ?>

In production code designed to run under an unknown PHP configuration
and version, addslashes should not be used on values coming from GET,
POST, or cookies without first checking that the "magic_quotes_gpc"
config setting (deprecated as of 5.3.0) is not enabled.

In other words, I think this example is a bit of an
oversimplification. It might be better to explain that text must be
escaped properly before outputting, pointing out the issues identified
in this thread, and then leave the actual example of outputting the
data as simple as possible:

<?php echo $str; ?>

/2c
From: Garrett Smith on 12 May 2010 02:08
Garrett Smith wrote:
> nick wrote:
>> On May 4, 6:50 pm, Thomas 'PointedEars' Lahn <PointedE...(a)web.de>
>> wrote:

[...]

> What we need is one or two good example pages to link to.
>

In JSP, using Apache Commons: org.apache.commons.lang.StringEscapeUtils

var jsvar = "<%= StringEscapeUtils.escapeJavaScript(jspVar) %>";

http://commons.apache.org/lang/api-2.5/org/apache/commons/lang/StringEscapeUtils.html#escapeJavaScript%28java.io.Writer,%20java.lang.String%29
--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
From: Garrett Smith on 12 May 2010 03:26
Garrett Smith wrote:
> Garrett Smith wrote:
>> nick wrote:
>>> On May 4, 6:50 pm, Thomas 'PointedEars' Lahn <PointedE...(a)web.de>
>>> wrote:
>
> [...]
>
>> What we need is one or two good example pages to link to.
>>
>
> In JSP, using Apache Commons: org.apache.commons.lang.StringEscapeUtils
>
> var jsvar = "<%= StringEscapeUtils.escapeJavaScript(jspVar) %>";
>
> http://commons.apache.org/lang/api-2.5/org/apache/commons/lang/StringEscapeUtils.html#escapeJavaScript%28java.io.Writer,%20java.lang.String%29
>


| 11.3 How do I get a jsp/php variable into client-side javascript?
|
| Use the server-side language to generate the javascript. Some
| characters, such as reverse solidus and quote marks \ must be escaped
| by backslash.
|
| JSP example using Apache Commons StringEscapeUtils:
| var jsVar = "<%= StringEscapeUtils.escapeJavaScript(jspVar) %>";
|
| PHP example using addslashes:
| <?php echo addslashes($phpVar); ?>;
|
| * http://php.net/manual/en/function.addslashes.php
| *
http://commons.apache.org/lang/api-2.5/org/apache/commons/lang/StringEscapeUtils.html#escapeJavaScript%28java.io.Writer,%20java.lang.String%29

Suggestions and comments?
--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
From: Garrett Smith on 12 May 2010 04:38
Garrett Smith wrote:
> Garrett Smith wrote:
>> Garrett Smith wrote:
>>> nick wrote:
>>>> On May 4, 6:50 pm, Thomas 'PointedEars' Lahn <PointedE...(a)web.de>
>>>> wrote:
>>
>> [...]
>>
>>> What we need is one or two good example pages to link to.
>>>
>>
>> In JSP, using Apache Commons: org.apache.commons.lang.StringEscapeUtils
>>
>> var jsvar = "<%= StringEscapeUtils.escapeJavaScript(jspVar) %>";
>>
>> http://commons.apache.org/lang/api-2.5/org/apache/commons/lang/StringEscapeUtils.html#escapeJavaScript%28java.io.Writer,%20java.lang.String%29
>>
>
>
> | 11.3 How do I get a jsp/php variable into client-side javascript?
> |
> | Use the server-side language to generate the javascript. Some
> | characters, such as reverse solidus and quote marks \ must be escaped
> | by backslash.
> |

Revised.

| Use a server-side language to generate the javascript value.
|
| Certain characters of ECMAScript strings must be escaped by backslash.
| These include quote marks, backslash, and line terminators.
--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: How to detect what Library is behind the $ function?
Next: How do I modify a dropdown box?