In my script, text(message.image) returns a dynamic URL path of an image. What would be the correct statement in a javascript?
This fails:
$('<div/>').'<img src=\"'.text(message.image).'\">'.appendTo($('#msgDiv'));
The real answer is:
$('<div><img src="'+message.image+'"/></div>').appendTo($('#msgDiv'));
You have a couple syntactic errata in your code snippet:
You can't access a property with a string like you do.
Concatenation of strings is not with a dot but with a plus.
You are trying to execute text() on a string, not on the div.
I think you're missing (),+,append method and escaping " incorrectly, try with this:
$('<div/>').append('<img src="' + text(message.image) + '"/>').appendTo($('#msgDiv'));
Hope this helps,
I think you have a problem because you're using (double)quote badly
You escape the double quote but you're using simplequote. Try that :
$('<div/>').'<img src=\''.text(message.image).'\'>'.appendTo($('#msgDiv'));
And are you sure concerning the syntax $('').'SOME HTML CODE' ?
You are missing ( and ) there.
Also, you dont need to escape double quotes since you are using single quotes outside.
Try this:
$('<div/>').('<img src="'+text(message.image)+'">').appendTo($('#msgDiv'));
Related
Is there a way to automatically enclosure all quotes inside the string of js-code which contains other strings by itself? I just failed to make a RegExp valuable to identify all the quotes properly. Because in some cases (blocks of code generated by script) there strings of code like:
$(".class1.class2:contains('text')").param(s1+s2+"-"+s3+"_"+i)...
var r=new RegExp("blabla[qwer]\\'\\w+\\d\\'");
//etc.
More complex actually and less readable =)
But anyways is there a way to get rid of constant http/ajax/json requests and make code to work without injection but via eval? It's not intended to be used in outer net so it's safe, dont tell me anything 'bout eval =) The main problem: how to make enclosurement of quotes inside the string...
Edit:
Sorry i just don't know how to say it in English, so by enclosurement i mean insertion of a specific symbol before char which has dual meaning to clarify it's definition for compiler or machine-interpreter.
Example1: ('first_part_of_string enclosured_quote=\' second_part_of_string')
Example2: `<- these symbols don't get interpreted as code-markers because of enclosurement ->`
Sure, here it is with single quotes:
'
$(".class1.class2:contains(\'text\')").param(s1+s2+"-"+s3+"_"+i)...
var r=new RegExp("blabla[qwer]\\\\\'\\\w+\\\d\\\\\'");
'
here it is with double quotes:
"
$(\".class1.class2:contains('text')\").param(s1+s2+\"-\"+s3+\"_\"+i)...
var r=new RegExp(\"blabla[qwer]\\\\'\\\\w+\\\\d\\\\'\");
"
You can use the Mega-String tool to do this automatically
I used the single / double quote option from the Other category..
I am trying to pass a python dictionary from a chameleon template to a javascript function. But since the dictionary contains single quotes or ' which need to be escaped I get an error in firebug that says : SyntaxError: missing ) after argument list.
My code looks like this:
<div id = "divsfp">
<input type="button" id="sfp" value="SFP"
onclick="get_sfp('${dict_value}')"></input></div>
Where dict_value is a python dictionary. How can I escpae ' in chameleon template before passing the data or in Javascript function itself?
You need to JSON encode the dictionary. You don't then need to put quotes around the dictionary, and JavaScript will see it as a JavaScript object.
Use double-quotes, encoded as ":
onclick="get_sfp("${dict_value}")"
Chameleon will escape any double-quotes in dict_value.
You can try this, if this helps
"get_sfp('"+${dict_value}+"')"
Also from your implementation it seems that the dict_value is the variable you already know. So whats the problem accessing it from the get_sfp function.
Sorry couldn't comment as I still don't have that privilege.
onclick= "_deleteWPSchemeData(${viewWPMasterGrid.id}, '${viewWPMasterGrid.name}')"
${viewWPMasterGrid.name} retutrns me a string(for e.g. W.P.WINT OFF ALL'10) which often has single quote character so from the calling javascript method I am not getting the second parameter at all. How to deal with problem?
When a dynamic String can be put inside a JavaScript string literal, it should be JS-escaped. Just as when a dynamic String is put inside a HTML page, it's HTML-escaped.
Use commons-lang StringEscapeUtils.escapeECMAScript (or escapeJavaScript depending on the version) to escape the String. You could create a very simple EL function to do that straight from the JSP.
Note that you could have problems with single quotes, but also double quotes, tags, EOLs, backslash, which must all be escaped in a JS String literal.
It looks like you could split the second parameter out into its own variable first. If I have understood your question correctly.
var viewWPMasterGridName = "${viewWPMasterGrid.name}";
onclick = "_deleteWPSchemeData(${viewWPMasterGrid.id},'" + viewWPMasterGridName + "')";
Use '${viewWPMasterGrid.name.replaceAll("'", "\'")}'
try this,
var name = "${viewWPMasterGrid.name}".replace(/'/g,"\\'");
I am passing a Struts property to my JavaScript function as follows:
facemode('<s:property value="caseemailnumber" />');
I am getting the emailnumber as 'abc#gmail.com'. I want to remove the single quotes. How can I do this?
Use the replaceAll String method and the backslash for the character ', like this:
facemode('<s:property value="caseemailnumber.replaceAll('\'','')" />');
I faced almost the same problem today and it was driving me crazy. Hope it helps.
Use the escapeJavaScript attribute of the tag:
facemode('<s:property value="caseemailnumber" escapeJavaScript="true"/>');
However, as BalusC says, it should be stored correctly in the first place--consider scrubbing your data.
echo '<a onClick="articleDeleteConfirm("'.
$row["title_$lang"].'","'.$_GET["editPage"]).'">';
The main problem is with: $row["title_$lang"], I have to use $lang variable inside. " and ' just not enough.
The problem you describe actually has nothing to do with your PHP variables, those are all being output as expected. The problem is that you need to escape the " inside of the <a> and you've misplaced a ).
Your original would output:
<a onClick="articleDeleteConfirm("value1","value2">
That is not valid HTML (even the highlighter dislikes it). Now, notice the \'s in the following (and that the paren was moved into the string).
echo '<a onClick="articleDeleteConfirm(\''
.$row["title_".$lang."].'\',\''.$_GET["editPage"].'\')">';
The escaped version outputs:
<a onClick="articleDeleteConfirm('value1','value2')">
It uses single quotes inside of double quotes to provide easy to read (and valid) html. Now, you have another issue with your code.
Any time you output a $_REQUEST variable to the browser, you risk something called cross-site-scripting. Someone could put JavaScript into $_GET["editPage"] and it would smell bad. The easy way to avoid it? Use htmlentities($_GET["editPage"])
I had same problem too, I don't know exactly why but I had syntax error no matter what I did, So I tried this and got answer.
The problem is that you're using a double quotation to open onClick and again you're using another double quotation to open an string.
Use this and you'll get answer.
echo '<a onClick="articleDeleteConfirm('.char(39).$row["title_$lang"].char(39).','.char(39).$_GET["editPage"]).char(39).'>';