I have a grid with link button and on RowDatabound:
lbutton.Attributes.Add("onclick",
"javascript:window.showModalDialog('Showsome.aspx?ID=" + lbutton.CommandArgument + " &IsMA=M" +
"','window.self','dialogWidth:800px; dialogHeight:800px;center:yes; status:yes; scroll:no; help:no');");
I am able to retrieve ID from Request.QueryString["ID"];
However, I am not able to retrieve Request.QueryString["IsMA"]
How can this be achieved?
I tried the suggestions, no more spaces and did URL encode and I am not getting the value correctly. I have another approach since it is a hardcoded value 'M' that is needed along with the value I am now appending it in ID value itself 'Showsome.aspx?ID=M" . Thanks for you support.
Theres a space between the CommandArgument and &IsMA
Could this be causing your problem?
Try:
+ lbutton.CommandArgument + "&IsMA=M"
What is CommandArgument value? You may need to encode this. I would recommend doing this either way.
+ Server.UrlEncode(lbutton.CommandArgument) + "&IsMA=M"
Try removing the space before the ampersand character:
lbutton.CommandArgument + "&IsMA=M"
EDIT: As SLaks points out below, escaping the ampersand character is not necessary. Accordingly, the documentation for Attributes.Add() says:
If the string in the value parameter contains an ampersand (&), the
character is automatically encoded. The resulting HTML representation
is "&".
Related
I have a string in JS side which is url.QueryEscaped.
Spaces were replaced with + sign by url.QueryEscape. They don't get converted back to space in decodeURIComponent. Should I manually do a string replace all + with space? What is the right way to decode it?
One simple method is to replace all the + characters with spaces prior to decoding. For example:
decodeURIComponent("%2f+%2b".replace(/\+/g, " "))
will correctly decode the string to "/ +". Note that it is necessary to perform the replacement prior to decoding, since there could be encoded + characters in the string.
If you control Go side, use url.PathEscape and then you can simply use decodeURIComponent without anything extra.
I'm struggling with a complex nested quotes statement here :
var name = "foo";
$("#list").append("<li data-theme='c'><a href='#details' onclick='sessionStorage.name=PRINT_VAR_NAME_HERE;' data-transition='slide'>PRINT_VAR_NAME_HERE</a></li>");
I am able to print the variable's value fine in the second position by using : "+name+"
But not sure how to get it done in the first position.
(I have used 'PRINT_VAR_NAME_HERE' as a placeholder for the first and second positions)
Any ideas ? Thanks.
Just use the string-delimiters (the ") to break the string and concatenate the string with your variable, and escape (with the backslash) any quotes that you need to appear in the string itself:
$("#list")
.append("<li data-theme='c'><a href='#details' onclick='sessionStorage.name=\"" + name + "\"' data-transition='slide'>"+ name + "</a></li>");
I am, of course, assuming that you want to quote the variable in the string, otherwise I couldn't see what the problem would be.
I was running into the same issue of trying to figure out how to nest quotes in a javaScript in order to generate HTML. I was hitting a particular snag in the 'onclick' area because I was including a variable within it. In addition, the browser was interpreting my quotes incorrectly.
The solution: You have to explicitly tell the browser which quotes you ARE using and where. And you do this by using ' for single-quote, and " for double-quotes.
Hopefully this is helpful to someone...
document.getElementById("item-controls-" + id).innerHTML = "<span class=\'controls\' id=\'save-control\' onclick='saveForm(\"" + id + "\")'>save</span> ...
I have a web application where I am dynamically creating a url. The url has a parameter and I must pass a double quote. I have tried this all different ways but it is still not working. Anybody have any ideas?
To create the URL:
searchSurveyDetail.setSurveyFormURL(surveyDetail.getSurveyFormURL()+"#search="+ "\"" + searchValue + "\"");
on the Page:
onClick="window.open('${surveyDetail.surveyInstructionsURL}')"
The result:
onClick="window.open('http://www.mytest.com/survey1.pdf#search="company"')"
The short answer is you need to double escape the double quotes. So you need:
searchSurveyDetail.setSurveyFormURL(surveyDetail.getSurveyFormURL()+"#search="+ "\\\"" + searchValue + "\\\"");
which produces:
onClick="window.open('http://www.mytest.com/survey1.pdf#search=\"company\"')"
which will escape the quotes properly.
Couple of things to keep in mind:
This doesn't take care of double quotes in the search term itself. Make sure you escape that.
I'm not sure why you want to wrap the search term in double quotes. For a typical search url, you'll want a query string like: search=term not search="term" because you'll just end up stripping the quotes later. But maybe you need that for some reason.
I gather you're using PHP on the server side? In that case you should run the URL through htmlspecialchars() before concatenating it to the HTML.
I have an issue with submitting post data. I have a form which have a couple of text fields in, and when a button is pressed to submit the data, it is run through a custom from validation (JS), then I construct a query string like
title=test&content=some content
which is then submitted to the server. The problem I had is when I have '&' (eg  ) entered into one of the inputs which then breaks up the query string. Eg:
title=test&content=some content  
How do I get around this?
Thanks in advance,
Harry.
Run encodeURIComponent over each key and value.
var title = "test";
var content = "some content   ";
var data = encodeURIComponent('title') + /* You don't actually need to encode this as it is a string that only contains safe characters, but you would if you weren't sure about the data */
'=' + encodeURIComponent(title) +
'&' + encodeURIComponent('content') +
'=' + encodeURIComponent(content);
Encode the string..when you want to encode a query string with special characters you need to use encoding. ampersand is encoded like this
title=test&content=some content %26
basically any character in a query string can be replaced by its ASCII Hex equivalent with a % as the prefix
Space = %20
A = %41
B = %42
C = %43
...
You need to encode your query to make it URL-safe. You can refer to the following links on how to do that in JS:
http://xkr.us/articles/javascript/encode-compare/
http://www.webtoolkit.info/javascript-url-decode-encode.html
You said:
...and when a button is pressed to submit the data, it is run through a custom from validation (JS), then I construct a query string...
In the section where you are building the query string you should also run the value of each input through encodeURIComponent() as David Dorward suggested.
As you do - be careful that you only assign the new value to your processed query string and NOT the form element value, otherwise your users will think their input was somehow corrupted and potentially freak out.
[EDIT]
I just re-read your question and realized something important: you're encoding an   ;character. This is probably a more complicated issue than other posters here have read into. If you want that character, and other &code; type characters to transfer over you'll need to realize that they are codes. Those characters &, n, b, s, p and ; are not themselves the same as " " which is a space character that does not break.
You'll have to add another step of encoding/decoding. You can place this step either before of after the data is sent (or "POSTed").
Before:
(Using this question's answers)
var data = formElement.value;
data = rhtmlspecialchars(data, 0);
Which is intended to replace your "special" characters like with " " so that they are then properly encoded by encodeURIComponent(data)
Or after:
(using standard PHP functions)
<?PHP
$your_field_name = htmlspecialchars_decode(urldecode($_POST['your_field_name']));
?>
This assumes that you escaped the & in your POST with %26
If you replaced it with some function other than encodeURIComponent() you'll have to find a different way to decode it in PHP.
This should solve your problem:
encodeURIComponent(name)+'='+encodeURIComponent(value)+'&'+encodeURIComponent(name2)+'='+encodeURIComponent(value2)
You need to escape each value (and name if you want to be on the safe side) before concatenating them when you're building your query.
The JavaScript global function encodeURIComponent() does the escaping.
The global function escape() (DOM) does this for you in a browser. Although people are saying it is not doing the escaping well for unicode chars. Anyway if you're only concerned about '&' then this would solve your problem.
I'm reading the value of an input text field and passing it to be used as ajax data
The field value has a +
<input name="someval" type="text" value="Receive (+ open)" />
and looks like when parsed with data, it parses the + as a jquery concatenation.
data: 'someval=' + $("input[name=someval]").val(),
This is the first time I notice this behavior.
First, how do I solve it.
Second, I have no way of knowing when the output might have these special chars, so is there a known best practice way to escape input so that whenever it happens we're covered?
Thanks
Try encodeURIComponent:
'someval=' + encodeURIComponent($("input[name=someval]").val())
Better yet, let jQuery handle it for you:
data: { someval:$("input[name=someval]").val() }
jQuery will automatically escape your values (and keys) into the correct format (using jQuery.param()) for the data type (eg "application/x-www-form-urlencoded").