SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    *********! *********!!! jackli's Avatar
    Join Date
    Sep 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    js "quotes" protection

    this is a very basic question, but i have to ask it:

    when you accept input from a form field, which is fed into javascript, how do you make sure the javascript doesn't break if someone enters a bunch of both double and single quotes in the field?

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you provide an example of what you mean by "breaking", i.e. what behavior you would like from js that you don't get when someone enters quotes into a text field?

  3. #3
    *********! *********!!! jackli's Avatar
    Join Date
    Sep 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    variable="once upon a time there was a "dfsdf" who lived in the "dfssdf's"dungeon."

    suppose variable contains the text someone enters through a form field... would the double and single quotes break the javascript?

    is there a javascript function to escape quotes?

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Unlike server side languages Javascript doesn't have built-in functions for this but you can easily add your own - http://javascript.about.com/library/bladdslash.htm
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    variable="once upon a time there was a "dfsdf" who lived in the "dfssdf's"dungeon."
    That would produce an error, but what's that got to do with accessing the value of a textbox? In that line of code, you are attempting to stick a string literal(i.e. anything with quotes around it) into a variable. When you do that, nested quotes can cause problems because js thinks your string literal ends at the second quote mark.

    However, when you retrieve the .value property of an html element, js has already stuck the user's input in a variable for you. How js does that is really none of your concern and a trivial example can show you that js has no problems with quote marks entered into a textbox. Create a page with one textbox. Assign an onchange event handler to the textbox that calls a function which alerts the textbox's value. Then type this into the textbox: "this is" "input" with" "lots of" quote" marks", and then click outside the textbox to fire the onchange event.

    suppose variable contains the text someone enters through a form field...
    Then the variable would contain whatever text the user typed in.

    would the double and single quotes break the javascript?
    Break what javascript? You aren't going to be making any mysql queries in js where a string variable containing a string with quotes in it is going to mess up the query.

    is there a javascript function to escape quotes?
    To what end?
    Last edited by 7stud; Feb 26, 2007 at 04:22.

  6. #6
    *********! *********!!! jackli's Avatar
    Join Date
    Sep 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 7stud View Post
    To what end?
    Suppose you have server data hooked up to frontend by means of JSON (rather than XML). Say a row of column usertext in your mysql table has value <img src="picture.jpg" /> ... you can htmlencode() via php, but that means the img src won't be displayed as an image, but as verbatim text. or, you can have it as is, with the quotes: js will break


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •