• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using " and ' and more?

 
Ryan Schutte
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is how I am calling a function:



The problem is, anyting in [ ] are pulled from a database and put in to the html code when the page is created. The [cdescription] often times may have a single quote (') in it which ruins the script. I don't know of anytime that it has the double quotes ("), but I suppose it could have it as well. Is there some way I can pass this argument to the script and keep it in tact regardless of what it has in it?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah, escape the quotes.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64959
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just as with Java string literals, quotes inside the literal must be escaped.
 
Ryan Schutte
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suppose that's a big problem with creating something around another design. I am making my own interface to a shopping cart and the [cdescription] part where it pulls it in is part of that shopping cart, so I can't go in to that and escape the quotes and on most of the pages where I'm not using this particular function, it would also put the escape characters in the description when it puts it in the cart.

I may just have to leave the description part out. The important part to know what is being ordered is the [cname], and the img, the [cdescription] just reinforces what it is.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64959
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Or you might look into the concept of "Unobtrusive JavaScript" to learn how to better organize your markup and avoid crap like this entirely.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How are you creating your HTML?
 
Ryan Schutte
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:How are you creating your HTML?


I use a shopping cart called VP-ASP. The asp script creates the html from a template file. The template file is where you put the [cdescription], etc in that pulls from the database to create the html page.

http://www.Natural-Beauty.com is the web page. As you go a little deeper in to the site, you will see "Photos & Web Site Copyright © 2004-2008 Natural-Beauty Photography. All rights reserved." at the very bottom of the page. Any page with this was dynamically created by VP-ASP.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Then Bear's suggestion to look into unobtrusive JS is probably your only hope--drop the description somewhere where it doesn't matter that it's not escaped (like a div or whatever) and have the JS refer only to JS-safe entities.

Heck, while I really hate to even suggest it, you could always put the description in a hidden div and pull it out using innerHTML.

All that said, any product that doesn't give you the option of HTML- and/or JS-escaping is suspect: maybe check out their templating language and see if there isn't an option for this; seems like a no-brainer to me.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64959
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:All that said, any product that doesn't give you the option of HTML- and/or JS-escaping is suspect...

I'd go further than that -- I'd say that it is one that is not used.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic