Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > Escaping quotes withing quotes

Reply
Thread Tools

Escaping quotes withing quotes

 
 
duwayne@gmail.com
Guest
Posts: n/a
 
      05-13-2005
I have a problem of escaping quotes in javascript.

Ex:

onclick='alert( "Mister O'Hara" )'
onclick='alert( "Mister O\'Hara" )'

both gives me an error. How would I escape this?

 
Reply With Quote
 
 
 
 
Martin Honnen
Guest
Posts: n/a
 
      05-13-2005


http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> I have a problem of escaping quotes in javascript.
>
> Ex:
>
> onclick='alert( "Mister O'Hara" )'


onclick="alert('Mister O\'Hara')"
is one way, or use a HTML escape e.g. character reference
onclick='alert("Mister O'Hara")'

--

Martin Honnen
http://JavaScript.FAQTs.com/
 
Reply With Quote
 
 
 
 
Lasse Reichstein Nielsen
Guest
Posts: n/a
 
      05-13-2005
(E-Mail Removed) writes:

> I have a problem of escaping quotes in javascript.


Nope

> onclick='alert( "Mister O'Hara" )'
> onclick='alert( "Mister O\'Hara" )'
>
> both gives me an error. How would I escape this?


Your problem is that the outer (single-)quotes are not Javascript
quotes, but HTML quotes. It is the HTML parser that barfs over your
code, not Javascript, so you would need an HTML escape, not the
Javascript escape.

The HTML "escape" of a single quote is the entity ',
so
onclick='alert("Mister O'Hara");'

Alternatively, you could use double quotes in HTML and single in
Javascript, and then use a Javascript escape:
onclick="alert('Mister O\'Hara');"

/L
--
Lasse Reichstein Nielsen - (E-Mail Removed)
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
 
Reply With Quote
 
Martin Honnen
Guest
Posts: n/a
 
      05-14-2005


Lasse Reichstein Nielsen wrote:


> Your problem is that the outer (single-)quotes are not Javascript
> quotes, but HTML quotes. It is the HTML parser that barfs over your
> code, not Javascript, so you would need an HTML escape, not the
> Javascript escape.
>
> The HTML "escape" of a single quote is the entity &apos;,
> so
> onclick='alert("Mister O&apos;Hara");'


HTML 4.01 does not define an enity by the name apos, the above does not
validate therefore.
Nowadays most modern browsers support apos nevertheless but for instance
Netscape 4 does not. Thus a numeric character reference ' is safer.

--

Martin Honnen
http://JavaScript.FAQTs.com/
 
Reply With Quote
 
duwayne@gmail.com
Guest
Posts: n/a
 
      05-16-2005
Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
would solve the problem if the user use ' (single quote), but they can
type in " (double quote). In that case, we have the same problem.

 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      05-17-2005
Lasse Reichstein Nielsen wrote:

> (E-Mail Removed) writes:
>> I have a problem of escaping quotes in javascript.

>
> Nope
>
>> onclick='alert( "Mister O'Hara" )'
>> onclick='alert( "Mister O\'Hara" )'
>>
>> both gives me an error. How would I escape this?

>
> [...] It is the HTML parser that barfs over your code, not
> Javascript, [...]


That is not entirely true. The markup -- dare I say "tag soup" --
parser does what it can to correct this invalid markup which
results in

onclick='alert( "Mister O'
onclick='alert( "Mister O\'

But then the script engine is passed this code when the event fires,
and so:

| Error: Unterminated string literal
|
| alert( "Mister O
| ------------------^
| alert( "Mister O\'
| --------------------^


PointedEars
--
When the power of love overcomes the love
of power, the world will know peace.
-- Jimi Hendrix
 
Reply With Quote
 
Jimnbigd
Guest
Posts: n/a
 
      05-17-2005
> Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
> would solve the problem if the user use ' (single quote), but they can
> type in " (double quote). In that case, we have the same problem.


How is the user inputting "Mister O'Hara"? Maybe you can assign this to a
JavaScript variable. I don't think there is any problem using both single
and double quotes inside the variable. Example (in the body code)-- I
tested this in IE 6.0:
<script type="text/javascript">
var myVar = 'Mister O\'Hara says, "Hi."';
</script>
<p onclick='alert(myVar)'>Click here.</p>
...Jim in Dallas...


 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      05-17-2005
(E-Mail Removed) wrote:

> Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
> would solve the problem if the user use ' (single quote), but they can
> type in " (double quote). In that case, we have the same problem.


If the string data is provided by user input, I doubt you
have to care about that unless you misuse the eval() method.


PointedEars
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Escaping Quotes in HMTL/ASPX? ResolveUrl?? <% jc ASP .Net 2 03-19-2008 05:41 PM
escaping only double quotes cesco Python 2 08-31-2007 04:43 PM
escaping quotes John Salerno Python 2 02-28-2006 08:00 PM
JSTL and Escaping Quotes (Newbie Question) DartmanX Java 1 01-23-2005 07:11 AM
Multiline quotes - escaping quotes - et al Lawrence Tierney Java 3 12-24-2003 05:12 PM



Advertisments