Kalle Korhonen-2 wrote:
>
> I needed to escape some strings pulled from database for Javascript, and
> it
> turned out to be surprisingly difficult. AFAIK, none of the Tapestry/Tacos
> markup writers/character translators escapes a single quote '
Well, that's because you don't necessarily have to escape the single quote.
In javascript, these two are equivalent:
alert('something'); // single quote
alert("something else"); // double quote
Also note, it's rather dangerous to assume a simple backslash will escape
the string--it depends on the assumption that every JS field is using a
particular quote (single or double). Much safer would be to use HTML
entitites. This has been working for me...
public String safeJsStr(String unsafejs) {
return unsafejs == null ? "" : unsafejs.replace("\\",
"\\\").replace("'", "\\'").replace("\"",
""").replace("\n", "\\n").replace("\r","");
}
--
View this message in context:
http://www.nabble.com/-T4--escaping-text-for-Javascript-tp14826733p14919079.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
