A tricky Javascript question...

[howachen]

Hi,

I have one very simple tricky question which is quite interesting, I
would like to share with all of you here...


//=======================================

<script type="text/javascript">

function func1() {
var str = "123\'s";
document.write('<a href="javascript:alert(\'' + str+'\')">test
link</a>');
}

</script>

//=======================================

If "str" is just a normal text, e.g. "123", then you can have a link
which lead to an alert box when onclick.

However, when there is a quote in the string, the function will not
work...

Any workaround for this problem?


Thanks.

Rdgs,
Howa

 

[Llorenc Sole]

Hi,

However, when there is a quote in the string, the function will not
work...

Try to double escape your string:

var str = "123\\''s";

HTH,

Llorenc

 

[howachen]

I agree this is ok, but what if the string is pass from a variable?

e.g.

func1("123\'s");
function func1(str) {
document.write('<a href="javascript:alert(\'' + str+'\')">test
link</a>');
}

 

[Evertjan.]

wrote on 22 feb 2006 in comp.lang.javascript:

agree this is ok,

What is ok?

Please quote what you are replying to. If you want to post a followup via
groups.google.com, don't use the "Reply" link at the bottom of the article.
Click on "show options" at the top of the article, then click on the
"Reply" at the bottom of the article headers.
<http://www.safalra.com/special/googlegroupsreply/>

 

[Michael Winter]

On 22/02/2006 14:40, (e-mail address removed) wrote:

[snip]

function func1() {
var str = "123\'s";

The single quote doesn't need to be escaped there. The literal, "123's"
is exactly equivalent.

document.write('<a href="javascript:alert(\'' + str+'\')">test
link</a>');

As this code is within HTML, the closing tag needs to broken up. That
is, instead of '</a>', use '<\/a>'. In addition, using the javascript:
pseudo-scheme is inadvisable due to its side effects, even in a
situation like this where the anchor will only exist if scripting is
enabled.

[snip]

However, when there is a quote in the string, the function will not
work...

Any workaround for this problem?

Yes, a simple one. You need to observe what the output will be for this
code. For the example above:

<a href="javascript:alert('123's')">test link</a>

The solution is to include a literal backslash in the string, str. This
can either be added manually:

var str = "123\\'s";

document.write('<a href="#" onclick="alert(\''
+ str + '\');return false;">test link<\/a>');

or programatically:

var str = '123\'s';

document.write('<a href="#" onclick="alert(\''
+ str.replace(/'/g, '\\\'')
+ '\');return false;">test link<\/a>');

In either case, the output will now be:

<a href="#" onclick="alert('123\'s');return false;">test link</a>

Hope that helps,
Mike

 

[Llorenc Sole]

Hi,

I agree this is ok, but what if the string is pass from a variable?

Try this:

<script type="text/javascript">
var str = '123\'s';
function func1(str) {
document.write('<a href="javascript:alert(\'' + str.replace('\'',
'\\\'') + '\')">test link</a>');
}
func1(str);
</script>

HTH,

Llorenc

 

[howachen]

Sorry for that.

Thanks for your advice.

wrote on 22 feb 2006 in comp.lang.javascript:


What is ok?

Please quote what you are replying to. If you want to post a followup via
groups.google.com, don't use the "Reply" link at the bottom of the article.
Click on "show options" at the top of the article, then click on the
"Reply" at the bottom of the article headers.
<http://www.safalra.com/special/googlegroupsreply/>

 

[RobG]

On 22/02/2006 14:40, (e-mail address removed) wrote:
[...]

The solution is to include a literal backslash in the string, str. This
can either be added manually:

var str = "123\\'s";

document.write('<a href="#" onclick="alert(\''
+ str + '\');return false;">test link<\/a>');

or programatically:

var str = '123\'s';

document.write('<a href="#" onclick="alert(\''
+ str.replace(/'/g, '\\\'')
+ '\');return false;">test link<\/a>');

In either case, the output will now be:

<a href="#" onclick="alert('123\'s');return false;">test link</a>

That's one solution (probably the best). Another is to use the Unicode
hex code:

<a href="#" onclick="alert('123\u0027s');return false;">test link</a>

 

[Thomas 'PointedEars' Lahn]

On 22/02/2006 14:40, (e-mail address removed) wrote:
[...]
In either case, the output will now be:

<a href="#" onclick="alert('123\'s');return false;">test link</a>

That's one solution (probably the best). Another is to use the Unicode
hex code:

<a href="#" onclick="alert('123\u0027s');return false;">test link</a>

Or the HTML UCS character reference:

<... onclick="alert('123's');return false;">...</a>

<... onclick="alert('123's');return false;">...</a>


PointedEars

 

[Michael Winter]

Michael Winter wrote:
[snip]

The solution is to include a literal backslash in the string, str.
This can either be added manually:

var str = "123\\'s";

[snip]

Another is to use the Unicode hex code:

<a href="#" onclick="alert('123\u0027s');return false;">test link</a>

That would still need to be subject to an escaping mechanism. That is,
the variable above (str) would need to be assigned '123\\u0027s'.

Still, I should have written 'A solution' as I did also consider
character references, as Thomas mentioned.

Mike