[thelist] quote in variable
Will Budreau
Will.Budreau at entrust.com
Mon May 14 12:40:28 CDT 2007
You have two choices
1) you can force the users to use only a set of characters you approve
of (for example alphanumeric and certain characters), and return
validation errors anytime they enter anything else. That, in theory,
ensures users can never enter a value that causes this problem. OR
2) Create a _server-side_ function to escape special characters in any
user-provided string output before inserting into a javascript variable.
I've found many methods for preparing strings for insertion in HTML and
XML, but none for inserting into javascript.
Here's a list of special characters in javascript.
http://www.c-point.com/javascript_tutorial/special_characters.htm
-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Daniel Kessler
Sent: Monday, May 14, 2007 10:21 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] quote in variable
> var answer = window.confirm("Would you like to delete the publication
> " + the_publication + "; #" + ticket_num + "?");
> http://www.htmlgoodies.com/beyond/javascript/article.php/3470891
That's great and all, but the reason that I asked is that I don't
know what text will be in the variable the_publication. It's user-
entered, so difficult to escape.
Is there no function used in this case?
--
Daniel Kessler
College of Health and Human Performance
University of Maryland
Suite 2387 Valley Drive
College Park, MD 20742-2611
Phone: 301-405-2545
http://hhp.umd.edu
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list