Doogie said:
So consider a parameter called "State". If the user doesn't pass that
in if I do this:
var state = <%=Request.QueryString["State"]%>
This returns an undefined object that I can't seem to do any checks
against it.
Suppose the code between `<%=' and `%>' is server-side JScript with ASP
(.NET), there are two probable outcomes if the parameter was not provided:
A) var state = undefined
or
var state = null
In this case the following applies: The server-side application
generates a string representation of the `undefined'/`null' value which
in turn would mean the `undefined' literal (or property of the Global
Object) or the `null' literal client-side.
`undefined'/`null' is _not_ an object, it is a primitive value.
(Contrary to popular belief, not *everything* is an object in current
ECMAScript implementations.) As this value does not represent an object
and is not implicitly converted into one, using a property accessor on it
fails.
B) var state =
In that case the string representation of `undefined'/`null' would be the
empty string or a string containing only whitespace. The result is
client-side code with a syntax error (AssignmentExpression
expected).
So I was told to do this instead (put ticks around the Request.QueryString):
var state = '<%=Request.QueryString["State"]%>'
This works if State is empty. But it fails if it contains a value.
It could only fail in the non-empty case if that value included unescaped
<'> characters (which would end the client-side string literal
prematurely) --
var state = ' foo 'bar' '
^ ^
-- or unescaped newlines (which would be a "SyntaxError: unterminated string
literal" client-side):
var state = 'foo
bar';
At least your console/debugger would have shown you that.
So the solution you need is *server-side* escaping of those characters.
Suppose what you posted in `<%= ... %>' is server-side JScript with ASP
(.NET), the following should work:
var state = '<%= Request.QueryString["State"]
.replace(/'/g, "\\$&")
.replace(/(\r?\n|\r)/g, "\\n")) %>';
(Do not be confused by the fact that the expression is not on a single line;
the client-side script engine never sees `<%= ... %>' and the server-side
JScript engine does not care about newlines here.)
It may also be necessary to insert
.replace(/^\s*(undefined|null)\s*$/, "")
before all other replaces, depending on the string representation of the
value retrieved with Request.QueryString["State"].
So how do I handle the possibility that State might not be sent?
You are attempting to cure the wrong problem. It would appear to be best if
you familiarized yourself with the workings of server-side scripting in
general, and your server-side application in particular, first.
PointedEars