i have an Html String in which i have some elements having single quotes.When i put this inside a $('varHtml'); Since the varHtml already contains some single quotes it qives an error, Can Somebody help me how to Escape the single quotes in the varHtml
Thanks in Advance
Thomson
If you have a HTML string in a variable, then you don't need to put it in quotes:
var varHtml = "<div id='foo'></div>";
$(varHtml);
javascript lacks something like an htmlencode to run client side. So you will have to use one of the script libraries. You can try this jQuery solution:
http://www.edentity.ca/WhoWeAre/Blog/Easy-Client-Side-html-EncodeDecode-using-jQuery.aspx
Or you could simply use a javascript string replace function like the one explained here: http://www.w3schools.com/jsref/jsref_replace.asp. Replace ' with ' or the HTML code you prefer. Reference: http://www.degraeve.com/reference/specialcharacters.php
Related
I was wondering if there is a way to write paragraphs containing both the double quotes and single quotes that can't pass on [ document.write(""); document.write('');] whichever I use. Is there some features that I'm not aware of? Please enlighten me
Thanks
You can use backticks (template literals):
``
document.write`<p class="my-class">'Hi', she said.</p>`;
I have a function that, when clicked, fills in a field of the parent window. In this case, it's a name (text) field.
The problem I'm having is if the field has a single quote in it (ex. Bill's Chili) the function fails because it reads the single quote as the end of the parameter.
Here is the call:
href="javascript:selectItem('recipe','recipe_name','<recipe_description')"
Again, if the name is Bill's Chili, it causes a syntax error.
Is there a way to automatically convert that single quote to the HTML equivalent so it will read properly?
Thanks
For the single quotes in the field use \' More info on escape characters here.
href="javascript:selectItem('Bill\'s Chilli','recipe_name','<recipe_description')"
The answer I found was completely different than I thought. The page itself is written is ASP (Sorry I forgot to mention that, I didn't think it mattered since the function was javascript and it was called in HTML).
Therefore, I just used this:
<%fixed_name = Replace(recipe_name,"'","") %>
And then used fixed_name instead of recipe_name in the function call.
Thanks for all your help, it set me in the right direction!
try this
href='javascript:selectItem("recipe","recipe_name","<recipe_description")'
You may try to use escaped 'double' quote like that:
href="javascript:selectItem(\"recipe\",\"recipe_name\",\"recipe_description\")"
Please let me know whether it works.
You could use str.replace
Just remplace " by " et ' by ' . :)
But actually, I'm assuming you're getting all of that stuff from a php script (from some sort of storage), in which case you could escape the quotes directly with php, that would be way more safer.
I'm using some javascript/jquery in an asp.net mvc view and I'm appending some html code using a html helper.
$("#update").append('#Html.CustomHelper(m => m.Values)');
The custom html helper generates a block of html a few lines long. The problem is the first line starts with a ' and then the last line ends with a ', but the rest of the lines aren't string.
Is there a way in JavaScript or jQuery to stringify the block of HTML?
Better approach would be to encode the string for Javascript on the ASP.NET side.
Use maybe:
HttpUtility.JavaScriptStringEncode(string)
This way you are guaranteed to have a consistent and valid encoding without worrying about quotes etc.. Just substitute your string in the method.
You could have your CustomHelper method return a properly JS-Encoded encoded string. Right before you return from your method call, you could use HttpUtility.JavaScriptStringEncode(yourStringHere).
You could use Html.Raw
$("#update").append("#Html.Raw(Html.CustomHelper(m => m.Values))");
Why not to use double quotes?
$("#update").append("#Html.CustomHelper(m => m.Values)");
Can anyone help me to convert this to proper JavaScript?
<script>var datePostForAll = '<div class='date-header'><data:post.dateHeader/></div>';</script>
Thank you!
:*
It is proper JavaScript. It's the same as writing:
<script>
var datePostForAll = "<div class='date-header'><data:post.dateHeader/></div>";
</script>
They're used ' instead of an apostrophe so they don't have to escape ' and " marks inside the string. The <data:post.dateHeader/> is custom Blogger markup and will be evaluated when it is run. Because the contents of <data:post.dateHeader/> may include quote marks, they chose to wrap the string in ' to prevent accidentally introducing unescaped elements into the string. Regardless, as this will be outputting a date, wrapping it in quotes should be fine.
I have some addHtml JavaScript function in my JS code. I wonder how to escape HTML/JS code properly. Basically, what I am trying right now is:
addHtml("<a onclick=\"alert(\\\"Hello from JS\\\")\">click me</a>")
However, that doesn't work. It adds the a element but it doesn't do anything when I click it.
I don't want to replace all " by ' as a workaround. (If I do, it works.)
I wonder how to escape HTML/JS code properly.
To insert string content into an HTML event handler attribute:
(1) Encode it as a JavaScript string literal:
alert("Hello \"world\"");
(2) Encode the complete JavaScript statement as HTML:
<a onclick="alert("Hello \"world\""">foo</a>
And since you seem to be including that HTML inside a JavaScript string literal again, you have to JS-encode it again:
html= "<a onclick=\"alert("Hello \\"world\\""\">foo<\/a>";
Notice the double-backslashes and also the <\/, which is necessary to avoid a </ sequence in a <script> block, which would otherwise be invalid and might break.
You can make this less bad for yourself by mixing single and double quotes to cut down on the amount of double-escaping going on, but you can't solve it for the general case; there are many other characters that will cause problems.
All this escaping horror is another good reason to avoid inline event handler attributes. Slinging strings full of HTML around sucks. Use DOM-style methods, assigning event handlers directly from JavaScript instead:
var a= document.createElement('a');
a.onclick= function() {
alert('Hello from normal JS with no extra escaping!');
};
My solution would be
addHtml('<a onclick="alert(\'Hello from JS\')">click me</a>')
I typically use single quotes in Javascript strings, and double quotes in HTML attributes. I think it's a good rule to follow.
How about this?
addHtml("<a onclick=\"alert("Hello from JS")\">click me</a>");
It worked when I tested in Firefox, at any rate.
addHtml("<a onclick='alert(\"Hello from JS\")'>click me</a>")
The problem is probably this...
As your code is now, it will add this to the HTML
<a onclick="alert("Hello from Javascript")"></a>
This is assuming the escape slashes will all be removed properly.
The problem is that the alert can't handle the " inside it... you'll have to change those quotes to single quotes.
addHtml("<a onclick=\"alert(\\\'Hello from JS\\\')\">click me</a>")
That should work for you.
What does the final HTML rendered in the browser look like ? I think the three slashes might be causing an issue .