Solved

escape single quote mark

Posted on 2004-04-26
18
3,392 Views
Last Modified: 2008-02-26
when i escape a single quote mark (via ASP) in javascript, it still breaks (Ned's Test Project):

<A HREF="JavaScript:alert('Ned%27s+Test+Project')">click me</A>

when you click the "click me" link, it throws an error, evidently seeing the %27 as an actual single quote mark, becuase you get the identical behavior when you don't escape the character in the string.

is this a bug in javascript? is there a workaround?

I'm using IE 6.
0
Comment
Question by:SweatCoder
  • 8
  • 6
  • 4
18 Comments
 
LVL 33

Accepted Solution

by:
knightEknight earned 125 total points
ID: 10922560
<A HREF="#" onclick="alert('Ned\\'s+Test+Project');return false;">click me</A>
0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10922598
ok, but why does javascript choke on a %27 as if it's an unescaped single quote mark?
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10922599
Better single escape character:

<A HREF="#" onclick="alert('Ned\'s+Test+Project');return false;">click me</A>


0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10922623
And for your %27 question, look into browser status bar, and you will see that you have three quotas.
0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10922733
three quotas? i guess you mean 3 quotes? actually, no. in the status bar when i hover over the link i see a single quote, as if the status bar is unescaping the single quote to show me the real string.

still doesn't explain this strange behavior.
0
 
LVL 33

Expert Comment

by:knightEknight
ID: 10922746
If you still want to display it in the status bar, do this:

<A HREF="Ned's Test Project" onclick="alert('Ned\\'s+Test+Project');return false;">click me</A>
0
 
LVL 33

Expert Comment

by:knightEknight
ID: 10922751
anything you put in the href is ignored when you return false from the onclick.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10927523
Hello  knightEknight,

you posted twice a syntactically incorrect single source code line.
So I suppose that you did not do that by accident.
Can you explain why you think that your line is correct?

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10932046
Only for completeness here the corrected syntax of upper line:

<A HREF=":: Ned's Test Project" onClick="alert('Ned\'s Test Project');return false;">click me</A>


0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 33

Expert Comment

by:knightEknight
ID: 10934146
actually, it did not work for me unless I put two back-slashes ... I don't know why, but I recognize that it defies convention.
0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10934287
that's odd. the single slash works right for me:  ('Ned\'s Test Project')
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10935706
Ok, thanks for the feedback.
My intention was only not to let this PAQ with wrong solution.

Cheers,
Zvonko

0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10939919
still no one has answered why javascript chokes on %27, as if it's the single quote itself rather than the escape code for the single quote.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10940764
What answer do you expect?
Your web server writes %27 to the browser stream.
Depending in which context is that stram embeddit, it is interpreted as html tag entity or as script String constant.

<A HREF="JavaScript:alert('Ned\%27s+Test+Project')">click me</A>
<script>alert('Ned%27s+Test+Project')</script>


0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10941090
the point is, i understand why js would break on an unescaped single quote inside a string surrounded by single quotes. i DO NOT understand why js would break on %27. it's got to be a bug in js.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10941168
It breaks because at that point is %27 already translated to apostroph by html tag interpreter.
As you see in my upper second line is %27 NOT translated to apostrophe in script section context, only in html tag context.

0
 
LVL 11

Author Comment

by:SweatCoder
ID: 10941221
so, in other words, it's a bug.  :-)
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 10941374
I wonder how you got your MCP :/
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Today I would like to talk about localizing (Internationalization) JavaScript applications. Introduction When creating an application that is going to be used by many people around the globe, it is important to remember that not everyone speak…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now