$("<h2/>", {"class" : "wi wi"+data.today.code}).text(" " + data.city + data.today.temp.now + "F").appendTo(custom_example);
Hi there, I'm trying to alter the code above to add the degrees icon just before the (F)arenheit marker. I've tried entering + html("°") + but it doesn't work. My JS is pretty rough and I was hoping I could get a quick answer here before I spent too long trying and failing. Thanks!
I want the end result to print something like: Encinitas 65°F
Special characters are characters that must be escaped by a backslash\, like:
Single quote \'
Double quote \"
Backslash \\
The degree ° is not a special character, you can just write it, as it is.
Edit: If you want to use the unicode of °F, just write: '\u2109'.
Escape Special Characters JavaScript
JavaScript uses the \ (backslash) as an escape characters for:
\' single quote
\" double quote
\ backslash
\n new line
\r carriage return
\t tab
\b backspace
\f form feed
\v vertical tab (IE < 9 treats '\v' as 'v' instead of a vertical tab
('\x0B').
If cross-browser compatibility is a concern, use \x0B instead of \v.)
\0 null character (U+0000 NULL) (only if the next character is not a
decimal digit; else it’s an octal escape sequence)
Note that the \v and \0 escapes are not allowed in JSON strings.
First of all the degree character needs not to be escaped. So simply entering "°F" should do the job.
However, if you are in doubt with the codepage of your JS code you could use a JavaScript escape sequence. JS escape sequences are quite different from HTML escapes. The do not support decimal values at all. So first of all you have to convert 176 to hex: b0. The correctly escaped equivalent to "°F" is "\xb0F". It will work too and is more robust with respect to codepage issues of you platform's source editor.
If you really want to assign HTML code you need to use the .html() function. But this is mutual exclusive to .text(). So in this case all of your content needs to be HTML rather than plain text. Otherwise an HTML injection vulnerability arises. I.e. you need to properly escape angle brackets and some other symbols in data.city and maybe data.today.temp.now as well.
JS itself has no built-in function to escape HTML. But JQuery provides a trick: $('<div/>').text(data.city).html() will return appropriately escaped HTML. See HTML-encoding lost when attribute read from input field for more details.
I would recommend not to use .html() unless you really need it, e.g. if you want to apply styles or formatting to parts of the text only.
Related
I noticed that backslash is escaped when I get "attribute value including backslash" with JavaScript in the following code.
console.log(document.getElementById("test").getAttribute("class")); // -> \A
console.log(document.getElementById("test").getAttribute("class").replace("\\A", "\A")); // -> A
console.log(document.getElementById("test").dataset.b); // -> \B
console.log(document.getElementById("test").dataset.b.replace("\\B", "\B")); // -> B
<div id="test" class="\A" data-b="\B"></div>
The backslash is treated as a special character in JavaScript, and two backslashes (\\) represent one backslash (\).
The result of the above code means that when getting the attribute value with JavaScript using getAttribute(), one backslash (\) is escaped to two backslashes (\\) at somewhere.
However, in the specification, it seems that the corresponding process is not applied.
Question
In which process of getAttributes() the backslash of HTML attribute is escaped (\ -> \\)?
There's a difference between string literals (which require escaping) and string values from other places (like html, ajax, etc), which are what they look like. Only when converted to literals (ex: JSON.stringify, some console views, etc) do JS strings have backslash escaping. The escape is an output formatting artifact; internally, there are no escapes in the sequence of characters.
HTML doesn't need the same escaping on blackslashes, due to different roots of the standard. An attribute isn't "converted" to one with escaped backslashes unless it's formatted as a string literal. That would happen at a stage between the string and it's visible output. You can use alert() instead of console.log() to see the string as it really is. I believe that specifically for the console, the
goal is to be more helpful to developers than accurate to the internals.
I have a string that is automatically generated by some code that encodes a Google Static Map polyline set of longitude,latitude. However, it places these pesky backslashes in the string which tries to escape the character after it.
enc:{eggEhwnQDYOCZuDv#q#H}#v#k#^v#TQh#Aw#j#AJJ#CZKA?LNZ[RUEALDDCRC#AJBBCJ\FAEACC?GM?K#GDGDEJC#BDADBFB#F#HANGH?DB#D\W|#g#QIZm#I#YoAO
I am not putting the encode directly into the HTML (where it would be fine) but instead using JavaScript to do it so this polyline encode gets put into a variable like so:
mapcoords:"path=color:0x00000000|fillcolor:0xFF9999|enc:{eggEhw`nQDYOCZuDv#q#H}#v#k#^v#TQh#`Aw#j#AJJ#CZKA?LNZ[RUEALDDCRC#AJBBCJ\FAEACC?GM?K#GDGDEJC#BDADBFB#F#HANGH?DB#D\W|#g#QIZm#I#YoAO"
Any suggestions how I go around the escaping? I've looked for the ampersand symbol for backslash but it seems one does not exist (if it would even help). So I am not sure how else to go about this.
You have to escape the backslash with a backslash like this:
var some_string = "my string with a backslash here: \\ ";
Most editors today have a find/replace function that you can use to replace a single backslash with two backslashes. If you use Notepad++ you can use CTRL+H to access this function, but as I said, most recent editors and IDE's have this function.
All you need to do is escape the escape character, so you simply get \\ instead of a single \. You will have to do this replacement wherever it is you're outputting that string to the client.
The original problem:
I send a JSON string with Unicode strings (many different languages and also md5 hashes) from a Java servlet to web clients. I URLEncoder.encode("my strings", "UTF-8") the strings before creating the JSON array.
(I'm almost sure something is wrong in this approach too, and I am probably doing one encoding too much though)
Anyway:
in javascript I run a unescape() to get back the result, but spaces (encoded as +) are not decoded.
So I use .replace(/\+/g,' ') to replace + with space before calling unescape().
But:
leading and trailing + signs are omitted
and
consecutive + signs are replaced by a single space.
Please lend me a hand (or mind) :)
Use this
var string="+Salvis+Sumeet+Jacob,Srlawrjhkjh+"
var str=string.replace(/[+ ]+/g, " ");
console.log(str)
DEMO HERE
So I guess
leading and trailing + signs are omitted and consecutive + signs are replaced by a single space.
is what you want to achieve, not the outcome you currently get and want to avoid. If that's the case then
.replace(/\++/g,' ').trim()
will replace every one or more + characters with a single space, then remove leading/trailing space.
"++foo+bar++baz+".replace(/\++/g,' ').trim()
// "foo bar baz"
You may need String.prototype.trim polyfill for IE8 and older
The reason that unescape() doesn't change + to spaces is because ... it's not part of its spec.
The ascii-space-character-as-plus-sign encoding is rather non-standard (though widely supported) and dates back to early versions of HTML.
Per the spec for unescape() and escape(), the only things that are changed by unescape() are hexadecimal escape sequences in the form %XX and %uXXXX. escape() replaces unicode characters outside a small subset of unrestricted characters with such hexadecimal escape sequences; unescape(), naturally, just reverses the operation.
I am trying to create some random unicode strings within javascript and was wondering if there was an easy way. I tried doing something like this...
var username = "David Perry" + "/u4589";
But it just appends /u4589 to the end which is to be expected since it's just a string. What I WANT it to do is convert that into the unicode character in the string (AS IF I typed ALT 4589 on the keypad). I'm trying to build the string within javascript because I wanna test my form with various symbols and stuff and I'm tired of trying ALT codes to see what weird characters there are... so I thought.. I would loop through ALL unicode characters for FUN and populate my form and submit it automatically...
I was going to start at /u0000 and go up to /uffff and see which codes break my website when outputting them :)
I know there are different functions in JS but I can't seem to figure out why I can't build a string of unicode characters. lol.
If it's too complicated don't worry about it. It's just something I wanted to tinker with.
Try "\u4589" instead of "/u4589":
>>> "/u4589"
"/u4589"
>>> "\u4589"
"䖉"
the forward slash (/) is just a forward slash in a string, however the backslash (\) is an escape character.
If you wish to generate random characters or loop through a range of characters, then you could use String.fromCharCode(), which gives you the character with the Unicode number passed as argument, e.g. String.fromCharCode(0x4589) or String.fromCharCode(i) where i is a variable with an integer value.
Both the \uxxxx notation and the String.fromCharCode() work up to 0xFFFF only, i.e. for Basic Multilingual Plane characters. This may well suffice, but if you need non-BMP characters, check out e.g. the MDN page on fromCharCode.
Before POST-ing a form with text fields, I'm able to convert curly quotes from word into normal quotation marks with the following JavaScript snippet:
s = s.replace( /\u201c/g, '"' );
s = s.replace( /\u201d/g, '"' );
But I've recently encountered double opening/closing quotes as shown in brackets in the Question Title, does anyone know the unicode numbers for these?
U+201C and U+201D are the Unicode characters “ and ”! You should already be catching them.
If you want to also pick up the single-quote characters ‘ and ’ and convert them to ', that would be U+2018 and U+2019.
However, this kind of replacement is a Unicode Smell. What are you trying to do here and why? ‚‘’„“”«»–— etc are perfectly valid characters and if your app can't handle them it won't be able to handle other non-ASCII characters either, which would generally be considered a Bad Thing. If at all possible, it is better to fix whatever problem these characters are currently triggering, rather than sweep it under the rug with a replacement.
You could easily find this out for yourself, in JavaScript, by using charCodeAt. You could even do it in the Firebug console:
>>> "”".charCodeAt(0).toString(16)
201d
To toString call at the end even converts it to hexadecimal for you. Remember to pad it with zeros if it's shorted than 4 digits.
Your code looks correct for unicode:
for start quote : U+201C
for end quote : U+201D
Source: http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
HTML Escaped entities:
“ ”
Converted with this tool: http://u-n-i.co/de/