[thelist] quote in variable

Will Budreau Will.Budreau at entrust.com
Mon May 14 12:40:28 CDT 2007

You have two choices
1) you can force the users to use only a set of characters you approve
of (for example alphanumeric and certain characters), and return
validation errors anytime they enter anything else. That, in theory,
ensures users can never enter a value that causes this problem. OR
2) Create a _server-side_ function to escape special characters in any
user-provided string output before inserting into a javascript variable.
I've found many methods for preparing strings for insertion in HTML and
XML, but none for inserting into javascript.

Here's a list of special characters in javascript.

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Daniel Kessler
Sent: Monday, May 14, 2007 10:21 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] quote in variable

> var answer = window.confirm("Would you like to delete the publication
> " + the_publication + "; #" + ticket_num + "?");

> http://www.htmlgoodies.com/beyond/javascript/article.php/3470891

That's great and all, but the reason that I asked is that I don't  
know what text will be in the variable the_publication.  It's user- 
entered, so difficult to escape.
Is there no function used in this case?


Daniel Kessler

College of Health and Human Performance
University of Maryland
Suite 2387 Valley Drive
College Park, MD  20742-2611
Phone: 301-405-2545


* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 

More information about the thelist mailing list