string with apostrophes
in [JavaScript]
|
Prev: What browser doesn't support ajax ?
Next: Mutex
From: Paul Hovnanian P.E. on 14 Jan 2010 12:50 Thomas 'PointedEars' Lahn wrote: > Paul Hovnanian P.E. wrote: > >> e = document.getElementById('results'); >> for(i=0; i<data.books.length; i++) { >> >> e.innerHTML += "<li><a href=\"#\" onclick=\"document.getElementById >> (\'search-q\').value='" + encodeURI(data.books[i].name) + "';\" >" + >> data.books >> [i].name + "</a></li> "; >> >> } > > Nonsense. If this even works, the server (or client) will receive > gibberish as the escaped string is escaped again on submit of the form > (resulting e.g. in "%25" for the "%" of "%22" for <">). > This might work: data.books[i].name.replace( /'/g, "%27" ) or this, for HTML content: data.books[i].name.replace( /'/g, "'" ) The above should only replace the single quote/apostrophe rather than escaping the whole string. -- Paul Hovnanian paul(a)hovnanian.com ---------------------------------------------------------------------- Have gnu, will travel.
From: David Mark on 14 Jan 2010 14:51
Paul Hovnanian P.E. wrote: > Thomas 'PointedEars' Lahn wrote: > >> Paul Hovnanian P.E. wrote: >> >>> e = document.getElementById('results'); >>> for(i=0; i<data.books.length; i++) { >>> >>> e.innerHTML += "<li><a href=\"#\" onclick=\"document.getElementById >>> (\'search-q\').value='" + encodeURI(data.books[i].name) + "';\" >" + >>> data.books >>> [i].name + "</a></li> "; >>> >>> } >> Nonsense. If this even works, the server (or client) will receive >> gibberish as the escaped string is escaped again on submit of the form >> (resulting e.g. in "%25" for the "%" of "%22" for <">). >> > This might work: > > data.books[i].name.replace( /'/g, "%27" ) > > or this, for HTML content: > > data.books[i].name.replace( /'/g, "'" ) > > The above should only replace the single quote/apostrophe rather than > escaping the whole string. > Just use double quotes around the attribute values and a standard text to HTML escape function (e.g. ">" becomes ">", "<" becomes "<" and double quote becomes """). Just make sure you do them in the right order. ;) |