Escaping quotes withing quotes

Discussion in 'Javascript' started by duwayne@gmail.com, May 13, 2005.

  1. Guest

    I have a problem of escaping quotes in javascript.

    Ex:

    onclick='alert( "Mister O'Hara" )'
    onclick='alert( "Mister O\'Hara" )'

    both gives me an error. How would I escape this?
     
    , May 13, 2005
    #1
    1. Advertising

  2. wrote:

    > I have a problem of escaping quotes in javascript.
    >
    > Ex:
    >
    > onclick='alert( "Mister O'Hara" )'


    onclick="alert('Mister O\'Hara')"
    is one way, or use a HTML escape e.g. character reference
    onclick='alert("Mister O'Hara")'

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
     
    Martin Honnen, May 13, 2005
    #2
    1. Advertising

  3. writes:

    > I have a problem of escaping quotes in javascript.


    Nope :)

    > onclick='alert( "Mister O'Hara" )'
    > onclick='alert( "Mister O\'Hara" )'
    >
    > both gives me an error. How would I escape this?


    Your problem is that the outer (single-)quotes are not Javascript
    quotes, but HTML quotes. It is the HTML parser that barfs over your
    code, not Javascript, so you would need an HTML escape, not the
    Javascript escape.

    The HTML "escape" of a single quote is the entity ',
    so
    onclick='alert("Mister O'Hara");'

    Alternatively, you could use double quotes in HTML and single in
    Javascript, and then use a Javascript escape:
    onclick="alert('Mister O\'Hara');"

    /L
    --
    Lasse Reichstein Nielsen -
    DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
    'Faith without judgement merely degrades the spirit divine.'
     
    Lasse Reichstein Nielsen, May 13, 2005
    #3
  4. Lasse Reichstein Nielsen wrote:


    > Your problem is that the outer (single-)quotes are not Javascript
    > quotes, but HTML quotes. It is the HTML parser that barfs over your
    > code, not Javascript, so you would need an HTML escape, not the
    > Javascript escape.
    >
    > The HTML "escape" of a single quote is the entity &apos;,
    > so
    > onclick='alert("Mister O&apos;Hara");'


    HTML 4.01 does not define an enity by the name apos, the above does not
    validate therefore.
    Nowadays most modern browsers support apos nevertheless but for instance
    Netscape 4 does not. Thus a numeric character reference ' is safer.

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
     
    Martin Honnen, May 14, 2005
    #4
  5. Guest

    Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
    would solve the problem if the user use ' (single quote), but they can
    type in " (double quote). In that case, we have the same problem.
     
    , May 16, 2005
    #5
  6. Lasse Reichstein Nielsen wrote:

    > writes:
    >> I have a problem of escaping quotes in javascript.

    >
    > Nope :)
    >
    >> onclick='alert( "Mister O'Hara" )'
    >> onclick='alert( "Mister O\'Hara" )'
    >>
    >> both gives me an error. How would I escape this?

    >
    > [...] It is the HTML parser that barfs over your code, not
    > Javascript, [...]


    That is not entirely true. The markup -- dare I say "tag soup" --
    parser does what it can to correct this invalid markup which
    results in

    onclick='alert( "Mister O'
    onclick='alert( "Mister O\'

    But then the script engine is passed this code when the event fires,
    and so:

    | Error: Unterminated string literal
    |
    | alert( "Mister O
    | ------------------^
    | alert( "Mister O\'
    | --------------------^


    PointedEars
    --
    When the power of love overcomes the love
    of power, the world will know peace.
    -- Jimi Hendrix
     
    Thomas 'PointedEars' Lahn, May 17, 2005
    #6
  7. Jimnbigd Guest

    > Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
    > would solve the problem if the user use ' (single quote), but they can
    > type in " (double quote). In that case, we have the same problem.


    How is the user inputting "Mister O'Hara"? Maybe you can assign this to a
    JavaScript variable. I don't think there is any problem using both single
    and double quotes inside the variable. Example (in the body code)-- I
    tested this in IE 6.0:
    <script type="text/javascript">
    var myVar = 'Mister O\'Hara says, "Hi."';
    </script>
    <p onclick='alert(myVar)'>Click here.</p>
    ...Jim in Dallas...
     
    Jimnbigd, May 17, 2005
    #7
  8. wrote:

    > Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
    > would solve the problem if the user use ' (single quote), but they can
    > type in " (double quote). In that case, we have the same problem.


    If the string data is provided by user input, I doubt you
    have to care about that unless you misuse the eval() method.


    PointedEars
     
    Thomas 'PointedEars' Lahn, May 17, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lawrence Tierney

    Multiline quotes - escaping quotes - et al

    Lawrence Tierney, Dec 24, 2003, in forum: Java
    Replies:
    3
    Views:
    4,543
    Andrew Thompson
    Dec 24, 2003
  2. DartmanX
    Replies:
    1
    Views:
    3,491
    Chris Smith
    Jan 23, 2005
  3. John Salerno

    escaping quotes

    John Salerno, Feb 28, 2006, in forum: Python
    Replies:
    2
    Views:
    362
    John Salerno
    Feb 28, 2006
  4. cesco

    escaping only double quotes

    cesco, Aug 31, 2007, in forum: Python
    Replies:
    2
    Views:
    282
    iapain
    Aug 31, 2007
  5. jc
    Replies:
    2
    Views:
    835
    George Ter-Saakov
    Mar 19, 2008
Loading...

Share This Page