Java code to output escaped Javascript?

Discussion in 'Java' started by laredotornado, Jun 1, 2011.

  1. Hi,

    I'm using Java 6. I want to output code for a Javascript variable ...

    String jsValue = escapeForJS(value);
    String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

    Is there anything standard that will do this? I came up with my own
    function, but I don't want to worry about leaving anything out.

    /* creates a JS expression that can be used within quotes. */
    private String escapeForJS(String value) {
    value = value.replace("\n", "\\n");
    value = value.replace("\r", "\\r");
    value = value.replace("\"", "\\\"");
    return value;
    }

    - Dave
    laredotornado, Jun 1, 2011
    #1
    1. Advertising

  2. > I'm using Java 6. I want to output code for a Javascript variable ...
    >
    > String jsValue = escapeForJS(value);
    > String expression = "storedVars['myVar'] = \"" + jsValue + "\";";
    >
    > Is there anything standard that will do this? I came up with my own
    > function, but I don't want to worry about leaving anything out.
    >
    > /* creates a JS expression that can be used within quotes. */
    > private String escapeForJS(String value) {
    > value = value.replace("\n", "\\n");
    > value = value.replace("\r", "\\r");
    > value = value.replace("\"", "\\\"");
    > return value;
    > }


    That's how I would do it, but if you want existing code, maybe you can
    adapt something from this library:

    http://www.json.org/java/

    Specifically, this class:
    http://www.json.org/javadoc/org/json/JSONWriter.html
    Travers Naran, Jun 1, 2011
    #2
    1. Advertising

  3. On 06/01/2011 09:11 AM, laredotornado wrote:
    > Hi,
    >
    > I'm using Java 6. I want to output code for a Javascript variable ...
    >
    > String jsValue = escapeForJS(value);
    > String expression = "storedVars['myVar'] = \"" + jsValue + "\";";
    >
    > Is there anything standard that will do this? I came up with my own
    > function, but I don't want to worry about leaving anything out.


    Any Java->JSON library worth its salt should be able to do this.

    > /* creates a JS expression that can be used within quotes. */
    > private String escapeForJS(String value) {
    > value = value.replace("\n", "\\n");
    > value = value.replace("\r", "\\r");
    > value = value.replace("\"", "\\\"");
    > return value;
    > }


    You also forgot `\' as well as every character in the range
    '\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
    non-BMP characters, keep in mind that JS is like Java in that it has the
    same UCS-2/UTF-16 hairyness].

    --
    Beware of bugs in the above code; I have only proved it correct, not
    tried it. -- Donald E. Knuth
    Joshua Cranmer, Jun 1, 2011
    #3
  4. laredotornado

    Guest

    On Jun 1, 9:50 am, Joshua Cranmer <> wrote:
    > On 06/01/2011 09:11 AM, laredotornado wrote:
    >
    > > Hi,

    >
    > > I'm using Java 6.  I want to output code for a Javascript variable ....

    >
    > >                    String jsValue = escapeForJS(value);
    > >                    String expression = "storedVars['myVar'] = \"" + jsValue + "\";";

    >
    > > Is there anything standard that will do this?  I came up with my own
    > > function, but I don't want to worry about leaving anything out.

    >
    > Any Java->JSON library worth its salt should be able to do this.
    >
    > >    /* creates a JS expression that can be used within quotes. */
    > >    private String escapeForJS(String value) {
    > >            value = value.replace("\n", "\\n");
    > >            value = value.replace("\r", "\\r");
    > >            value = value.replace("\"", "\\\"");
    > >            return value;
    > >    }

    >
    > You also forgot `\' as well as every character in the range
    > '\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about
    > non-BMP characters, keep in mind that JS is like Java in that it has the
    > same UCS-2/UTF-16 hairyness].
    >
    > --
    > Beware of bugs in the above code; I have only proved it correct, not
    > tried it. -- Donald E. Knuth


    Yeah, you hit on exactly what I was talking -- a bunch of characters
    that it is not practical to hard-code for. I'm not outputting JSON
    objects, so is the Java -> JSON route you suggest still the way to go?
    - Dave
    , Jun 1, 2011
    #4
  5. In message <is5jk2$l36$>, Joshua Cranmer wrote:

    > On 06/01/2011 09:11 AM, laredotornado wrote:
    >
    >> private String escapeForJS(String value) {
    >> value = value.replace("\n", "\\n");
    >> value = value.replace("\r", "\\r");
    >> value = value.replace("\"", "\\\"");
    >> return value;
    >> }

    >
    > You also forgot `\' as well as every character in the range
    > '\u0000'-'\u001f' and '\u007f-\uffff' ...


    Can’t they just occur literally?
    Lawrence D'Oliveiro, Jun 1, 2011
    #5
  6. On 06/01/2011 06:17 PM, Lawrence D'Oliveiro wrote:
    > In message<is5jk2$l36$>, Joshua Cranmer wrote:
    >
    >> On 06/01/2011 09:11 AM, laredotornado wrote:
    >>
    >>> private String escapeForJS(String value) {
    >>> value = value.replace("\n", "\\n");
    >>> value = value.replace("\r", "\\r");
    >>> value = value.replace("\"", "\\\"");
    >>> return value;
    >>> }

    >>
    >> You also forgot `\' as well as every character in the range
    >> '\u0000'-'\u001f' and '\u007f-\uffff' ...

    >
    > Can’t they just occur literally?


    According to the ECMAScript specification, Line terminators (i.e.,
    \u000A, \u000D, \u2028, and \u2029), `\', and the string character (",
    in this case) are prohibited from appearing in strings outright. In
    practice, anything that isn't pure ASCII puts you on shaky grounds due
    to the potential for charset confusion (the specification assumes that
    the input source text is already normalized to Unicode canonical form,
    so how engines see what you input may be different). I would also hold
    the use of, in particular, NUL and form-feed characters as potentially
    problematic. In short:

    The following characters are always safe *not* to escape:
    * A-Z, a-z, 0-9
    * ~!@#$%^&*()_+`-={}[]|\:;<>?,./
    * spaces

    The following should be okay:
    * ' or ", depending on how you open the string
    * "simple" accented characters (i.e., \xa0-ff in your favorite 8-bit
    charset, mostly UTF-8 or Cp1252)

    Never valid:
    * \, \n, \r, \u2028, and \u2029

    Anything else (particularly "\u0000") is potentially risky.

    --
    Beware of bugs in the above code; I have only proved it correct, not
    tried it. -- Donald E. Knuth
    Joshua Cranmer, Jun 2, 2011
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anders Both

    about escaped Query string

    Anders Both, Jan 15, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    401
    Anders Both
    Jan 16, 2004
  2. Vance Kessler

    Re: Unescaping ASP vbscript escaped string

    Vance Kessler, Mar 1, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    2,569
    Vance Kessler
    Mar 1, 2004
  3. CJ Taylor

    Attribute being escaped

    CJ Taylor, Dec 15, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    306
    neeraj
    Dec 16, 2004
  4. =?Utf-8?B?bWF2cmljazEwMQ==?=

    UrlDecode !!! retrieving querystring from an 'escaped' url

    =?Utf-8?B?bWF2cmljazEwMQ==?=, Apr 22, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    5,696
    =?Utf-8?B?bWF2cmljazEwMQ==?=
    Apr 22, 2005
  5. Derek Basch
    Replies:
    2
    Views:
    444
    Derek Basch
    Mar 25, 2005
Loading...

Share This Page