Escaping quotes withing quotes

D

duwayne

I have a problem of escaping quotes in javascript.

Ex:

onclick='alert( "Mister O'Hara" )'
onclick='alert( "Mister O\'Hara" )'

both gives me an error. How would I escape this?
 
M

Martin Honnen

I have a problem of escaping quotes in javascript.

Ex:

onclick='alert( "Mister O'Hara" )'

onclick="alert('Mister O\'Hara')"
is one way, or use a HTML escape e.g. character reference
onclick='alert("Mister O'Hara")'
 
L

Lasse Reichstein Nielsen

I have a problem of escaping quotes in javascript.

Nope :)
onclick='alert( "Mister O'Hara" )'
onclick='alert( "Mister O\'Hara" )'

both gives me an error. How would I escape this?

Your problem is that the outer (single-)quotes are not Javascript
quotes, but HTML quotes. It is the HTML parser that barfs over your
code, not Javascript, so you would need an HTML escape, not the
Javascript escape.

The HTML "escape" of a single quote is the entity ',
so
onclick='alert("Mister O'Hara");'

Alternatively, you could use double quotes in HTML and single in
Javascript, and then use a Javascript escape:
onclick="alert('Mister O\'Hara');"

/L
 
M

Martin Honnen

Lasse Reichstein Nielsen wrote:

Your problem is that the outer (single-)quotes are not Javascript
quotes, but HTML quotes. It is the HTML parser that barfs over your
code, not Javascript, so you would need an HTML escape, not the
Javascript escape.

The HTML "escape" of a single quote is the entity ',
so
onclick='alert("Mister O'Hara");'

HTML 4.01 does not define an enity by the name apos, the above does not
validate therefore.
Nowadays most modern browsers support apos nevertheless but for instance
Netscape 4 does not. Thus a numeric character reference ' is safer.
 
D

duwayne

Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
would solve the problem if the user use ' (single quote), but they can
type in " (double quote). In that case, we have the same problem.
 
T

Thomas 'PointedEars' Lahn

Lasse said:
I have a problem of escaping quotes in javascript.

Nope :)
onclick='alert( "Mister O'Hara" )'
onclick='alert( "Mister O\'Hara" )'

both gives me an error. How would I escape this?

[...] It is the HTML parser that barfs over your code, not
Javascript, [...]

That is not entirely true. The markup -- dare I say "tag soup" --
parser does what it can to correct this invalid markup which
results in

onclick='alert( "Mister O'
onclick='alert( "Mister O\'

But then the script engine is passed this code when the event fires,
and so:

| Error: Unterminated string literal
|
| alert( "Mister O
| ------------------^
| alert( "Mister O\'
| --------------------^


PointedEars
 
J

Jimnbigd

Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
would solve the problem if the user use ' (single quote), but they can
type in " (double quote). In that case, we have the same problem.

How is the user inputting "Mister O'Hara"? Maybe you can assign this to a
JavaScript variable. I don't think there is any problem using both single
and double quotes inside the variable. Example (in the body code)-- I
tested this in IE 6.0:
<script type="text/javascript">
var myVar = 'Mister O\'Hara says, "Hi."';
</script>
<p onclick='alert(myVar)'>Click here.</p>
...Jim in Dallas...
 
T

Thomas 'PointedEars' Lahn

Thanks for clarifying that. Using onclick="alert('Mister O\'Hara');"
would solve the problem if the user use ' (single quote), but they can
type in " (double quote). In that case, we have the same problem.

If the string data is provided by user input, I doubt you
have to care about that unless you misuse the eval() method.


PointedEars
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top