aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes Using Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Using " and Watch "Using " and New topic
Author

Using " and ' and more?

Ryan Schutte
Greenhorn

Joined: Apr 26, 2009
Posts: 13
Here is how I am calling a function:



The problem is, anyting in [ ] are pulled from a database and put in to the html code when the page is created. The [cdescription] often times may have a single quote (') in it which ruins the script. I don't know of anytime that it has the double quotes ("), but I suppose it could have it as well. Is there some way I can pass this argument to the script and keep it in tact regardless of what it has in it?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Yeah, escape the quotes.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60046
    
  65

Just as with Java string literals, quotes inside the literal must be escaped.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ryan Schutte
Greenhorn

Joined: Apr 26, 2009
Posts: 13
I suppose that's a big problem with creating something around another design. I am making my own interface to a shopping cart and the [cdescription] part where it pulls it in is part of that shopping cart, so I can't go in to that and escape the quotes and on most of the pages where I'm not using this particular function, it would also put the escape characters in the description when it puts it in the cart.

I may just have to leave the description part out. The important part to know what is being ordered is the [cname], and the img, the [cdescription] just reinforces what it is.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60046
    
  65

Or you might look into the concept of "Unobtrusive JavaScript" to learn how to better organize your markup and avoid crap like this entirely.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

How are you creating your HTML?
Ryan Schutte
Greenhorn

Joined: Apr 26, 2009
Posts: 13
David Newton wrote:How are you creating your HTML?


I use a shopping cart called VP-ASP. The asp script creates the html from a template file. The template file is where you put the [cdescription], etc in that pulls from the database to create the html page.

http://www.Natural-Beauty.com is the web page. As you go a little deeper in to the site, you will see "Photos & Web Site Copyright © 2004-2008 Natural-Beauty Photography. All rights reserved." at the very bottom of the page. Any page with this was dynamically created by VP-ASP.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Then Bear's suggestion to look into unobtrusive JS is probably your only hope--drop the description somewhere where it doesn't matter that it's not escaped (like a div or whatever) and have the JS refer only to JS-safe entities.

Heck, while I really hate to even suggest it, you could always put the description in a hidden div and pull it out using innerHTML.

All that said, any product that doesn't give you the option of HTML- and/or JS-escaping is suspect: maybe check out their templating language and see if there isn't an option for this; seems like a no-brainer to me.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60046
    
  65

David Newton wrote:All that said, any product that doesn't give you the option of HTML- and/or JS-escaping is suspect...

I'd go further than that -- I'd say that it is one that is not used.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using " and ' and more?
 
Similar Threads
Images on HTML
i need help
tab - getting little gap b/w images
Dropdown list
calling a Javascript variable in anchor tag