Java code to output escaped Javascript?

[laredotornado]

Hi,

I'm using Java 6. I want to output code for a Javascript variable ...

String jsValue = escapeForJS(value);
String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

Is there anything standard that will do this? I came up with my own
function, but I don't want to worry about leaving anything out.

/* creates a JS expression that can be used within quotes. */
private String escapeForJS(String value) {
value = value.replace("\n", "\\n");
value = value.replace("\r", "\\r");
value = value.replace("\"", "\\\"");
return value;
}

- Dave

 

[Travers Naran]

I'm using Java 6. I want to output code for a Javascript variable ...

String jsValue = escapeForJS(value);
String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

Is there anything standard that will do this? I came up with my own
function, but I don't want to worry about leaving anything out.

/* creates a JS expression that can be used within quotes. */
private String escapeForJS(String value) {
value = value.replace("\n", "\\n");
value = value.replace("\r", "\\r");
value = value.replace("\"", "\\\"");
return value;
}

That's how I would do it, but if you want existing code, maybe you can
adapt something from this library:

http://www.json.org/java/

Specifically, this class:
http://www.json.org/javadoc/org/json/JSONWriter.html

 

[Joshua Cranmer]

Hi,

I'm using Java 6. I want to output code for a Javascript variable ...

String jsValue = escapeForJS(value);
String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

Is there anything standard that will do this? I came up with my own
function, but I don't want to worry about leaving anything out.

Any Java->JSON library worth its salt should be able to do this.

/* creates a JS expression that can be used within quotes. */
private String escapeForJS(String value) {
value = value.replace("\n", "\\n");
value = value.replace("\r", "\\r");
value = value.replace("\"", "\\\"");
return value;
}

You also forgot `\' as well as every character in the range
'\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
non-BMP characters, keep in mind that JS is like Java in that it has the
same UCS-2/UTF-16 hairyness].

 

[laredotornado]

Hi,

I'm using Java 6.  I want to output code for a Javascript variable ....

                   String jsValue = escapeForJS(value);
                   String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

Is there anything standard that will do this?  I came up with my own
function, but I don't want to worry about leaving anything out.

Any Java->JSON library worth its salt should be able to do this.

   /* creates a JS expression that can be used within quotes. */
   private String escapeForJS(String value) {
           value = value.replace("\n", "\\n");
           value = value.replace("\r", "\\r");
           value = value.replace("\"", "\\\"");
           return value;
   }

You also forgot `\' as well as every character in the range
'\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
non-BMP characters, keep in mind that JS is like Java in that it has the
same UCS-2/UTF-16 hairyness].

Yeah, you hit on exactly what I was talking -- a bunch of characters
that it is not practical to hard-code for. I'm not outputting JSON
objects, so is the Java -> JSON route you suggest still the way to go?
- Dave

 

[Lawrence D'Oliveiro]

You also forgot `\' as well as every character in the range
'\u0000'-'\u001f' and '\u007f-\uffff' ...

Can’t they just occur literally?

 

[Joshua Cranmer]

Can’t they just occur literally?

According to the ECMAScript specification, Line terminators (i.e.,
\u000A, \u000D, \u2028, and \u2029), `\', and the string character (",
in this case) are prohibited from appearing in strings outright. In
practice, anything that isn't pure ASCII puts you on shaky grounds due
to the potential for charset confusion (the specification assumes that
the input source text is already normalized to Unicode canonical form,
so how engines see what you input may be different). I would also hold
the use of, in particular, NUL and form-feed characters as potentially
problematic. In short:

The following characters are always safe *not* to escape:
* A-Z, a-z, 0-9
* ~!@#$%^&*()_+`-={}[]|\:;<>?,./
* spaces

The following should be okay:
* ' or ", depending on how you open the string
* "simple" accented characters (i.e., \xa0-ff in your favorite 8-bit
charset, mostly UTF-8 or Cp1252)

Never valid:
* \, \n, \r, \u2028, and \u2029

Anything else (particularly "\u0000") is potentially risky.