Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Java (http://www.velocityreviews.com/forums/f30-java.html)
-   -   Java code to output escaped Javascript? (http://www.velocityreviews.com/forums/t749297-java-code-to-output-escaped-javascript.html)

laredotornado 06-01-2011 01:11 PM

Java code to output escaped Javascript?
 
Hi,

I'm using Java 6. I want to output code for a Javascript variable ...

String jsValue = escapeForJS(value);
String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

Is there anything standard that will do this? I came up with my own
function, but I don't want to worry about leaving anything out.

/* creates a JS expression that can be used within quotes. */
private String escapeForJS(String value) {
value = value.replace("\n", "\\n");
value = value.replace("\r", "\\r");
value = value.replace("\"", "\\\"");
return value;
}

- Dave

Travers Naran 06-01-2011 02:47 PM

Re: Java code to output escaped Javascript?
 
> I'm using Java 6. I want to output code for a Javascript variable ...
>
> String jsValue = escapeForJS(value);
> String expression = "storedVars['myVar'] = \"" + jsValue + "\";";
>
> Is there anything standard that will do this? I came up with my own
> function, but I don't want to worry about leaving anything out.
>
> /* creates a JS expression that can be used within quotes. */
> private String escapeForJS(String value) {
> value = value.replace("\n", "\\n");
> value = value.replace("\r", "\\r");
> value = value.replace("\"", "\\\"");
> return value;
> }


That's how I would do it, but if you want existing code, maybe you can
adapt something from this library:

http://www.json.org/java/

Specifically, this class:
http://www.json.org/javadoc/org/json/JSONWriter.html

Joshua Cranmer 06-01-2011 02:50 PM

Re: Java code to output escaped Javascript?
 
On 06/01/2011 09:11 AM, laredotornado wrote:
> Hi,
>
> I'm using Java 6. I want to output code for a Javascript variable ...
>
> String jsValue = escapeForJS(value);
> String expression = "storedVars['myVar'] = \"" + jsValue + "\";";
>
> Is there anything standard that will do this? I came up with my own
> function, but I don't want to worry about leaving anything out.


Any Java->JSON library worth its salt should be able to do this.

> /* creates a JS expression that can be used within quotes. */
> private String escapeForJS(String value) {
> value = value.replace("\n", "\\n");
> value = value.replace("\r", "\\r");
> value = value.replace("\"", "\\\"");
> return value;
> }


You also forgot `\' as well as every character in the range
'\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
non-BMP characters, keep in mind that JS is like Java in that it has the
same UCS-2/UTF-16 hairyness].

--
Beware of bugs in the above code; I have only proved it correct, not
tried it. -- Donald E. Knuth

laredotornado@zipmail.com 06-01-2011 04:58 PM

Re: Java code to output escaped Javascript?
 
On Jun 1, 9:50*am, Joshua Cranmer <Pidgeo...@verizon.invalid> wrote:
> On 06/01/2011 09:11 AM, laredotornado wrote:
>
> > Hi,

>
> > I'm using Java 6. *I want to output code for a Javascript variable ....

>
> > * * * * * * * * * *String jsValue = escapeForJS(value);
> > * * * * * * * * * *String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

>
> > Is there anything standard that will do this? *I came up with my own
> > function, but I don't want to worry about leaving anything out.

>
> Any Java->JSON library worth its salt should be able to do this.
>
> > * */* creates a JS expression that can be used within quotes. */
> > * *private String escapeForJS(String value) {
> > * * * * * *value = value.replace("\n", "\\n");
> > * * * * * *value = value.replace("\r", "\\r");
> > * * * * * *value = value.replace("\"", "\\\"");
> > * * * * * *return value;
> > * *}

>
> You also forgot `\' as well as every character in the range
> '\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
> non-BMP characters, keep in mind that JS is like Java in that it has the
> same UCS-2/UTF-16 hairyness].
>
> --
> Beware of bugs in the above code; I have only proved it correct, not
> tried it. -- Donald E. Knuth


Yeah, you hit on exactly what I was talking -- a bunch of characters
that it is not practical to hard-code for. I'm not outputting JSON
objects, so is the Java -> JSON route you suggest still the way to go?
- Dave

Lawrence D'Oliveiro 06-01-2011 10:17 PM

Re: Java code to output escaped Javascript?
 
In message <is5jk2$l36$1@dont-email.me>, Joshua Cranmer wrote:

> On 06/01/2011 09:11 AM, laredotornado wrote:
>
>> private String escapeForJS(String value) {
>> value = value.replace("\n", "\\n");
>> value = value.replace("\r", "\\r");
>> value = value.replace("\"", "\\\"");
>> return value;
>> }

>
> You also forgot `\' as well as every character in the range
> '\u0000'-'\u001f' and '\u007f-\uffff' ...


Can’t they just occur literally?

Joshua Cranmer 06-02-2011 01:47 AM

Re: Java code to output escaped Javascript?
 
On 06/01/2011 06:17 PM, Lawrence D'Oliveiro wrote:
> In message<is5jk2$l36$1@dont-email.me>, Joshua Cranmer wrote:
>
>> On 06/01/2011 09:11 AM, laredotornado wrote:
>>
>>> private String escapeForJS(String value) {
>>> value = value.replace("\n", "\\n");
>>> value = value.replace("\r", "\\r");
>>> value = value.replace("\"", "\\\"");
>>> return value;
>>> }

>>
>> You also forgot `\' as well as every character in the range
>> '\u0000'-'\u001f' and '\u007f-\uffff' ...

>
> Can’t they just occur literally?


According to the ECMAScript specification, Line terminators (i.e.,
\u000A, \u000D, \u2028, and \u2029), `\', and the string character (",
in this case) are prohibited from appearing in strings outright. In
practice, anything that isn't pure ASCII puts you on shaky grounds due
to the potential for charset confusion (the specification assumes that
the input source text is already normalized to Unicode canonical form,
so how engines see what you input may be different). I would also hold
the use of, in particular, NUL and form-feed characters as potentially
problematic. In short:

The following characters are always safe *not* to escape:
* A-Z, a-z, 0-9
* ~!@#$%^&*()_+`-={}[]|\:;<>?,./
* spaces

The following should be okay:
* ' or ", depending on how you open the string
* "simple" accented characters (i.e., \xa0-ff in your favorite 8-bit
charset, mostly UTF-8 or Cp1252)

Never valid:
* \, \n, \r, \u2028, and \u2029

Anything else (particularly "\u0000") is potentially risky.

--
Beware of bugs in the above code; I have only proved it correct, not
tried it. -- Donald E. Knuth


All times are GMT. The time now is 09:57 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.