My problem right now is that i have a piece of text in a function call inside an onClick.
I can swear that the double quotation mark is encoded to " but the whole thing just breaks down because it changes somehow back to a normal double quotation mark.
usShow("LCD TV 0-23" SONY");
I have to add that it is all built dynamically in JS.
Does JS changes encoded characters to their original form on the fly, or there is something I've never understood about coding?
usShow("LCD TV 0-23\" SONY");
Simple, huh? There's even another solution:
usShow('LCD TV 0-23" SONY');
How is that line of code generated? I know in ASP.Net there were (are?) certain output functions which (incorrectly) decode HTML encoded characters. If you're having trouble, try outputting the following instead:
usShow("LCD TV 0-23\" SONY");
That should be easier to output.
Related
I'm building and inventory system and I'm trying to insert some data into MySql and noticed that I get errors when trying to insert things such as 1" Monitor Cable, or anything with quotation marks for that matter. Things such as part description and the part name could all potentially contain quotation marks or apostrophes.
I know that I can just put a "\" before the quotation marks or apostrophe's by using javascript's replace method, but I'm not sure what that would look like. If anyone could help me out, that would be great!
I assume that you process some sql in node.js and its parts are not directly copied from user input (this will be danger/unsafe) but first you filter input to prevent sql injection - if yes then try
let str = '1" Monitor Cable'
console.log( str.replace(/"/g,'\\"') );
My issue is that CL-WHO begins each expression with a single quotation market when it turns the Lisp S-expressions into html output. This is okay most of the time, but it is an issue since I am linking my file to an external javascript file. I am trying to make this project simple, and since none of the javascript developers on my team know Common Lisp, using parenscript is likely out of the equation. Here is an example of my issue and one of the errors in my program:
:onclick "alertUser('id')"
When a particular element is pressed within the html document, this should trigger a JavaScript function called alertUser, and the id of the tag should be passed to the JavaScript function as an argument. But no matter what I do, CL-WHO will convert that string into single quotation marks, so I end up with an invalid expression. Here is what that code converts to:
onclick='alertUser('id')'>
Everything is a single quotation so 'alertUser(' is passed as the first string which is obviously invalid and I receive a syntax area in my developer tools. I thought that I could solve this problem by using the format function with escape characters. This would equate to:
CL-USER> (format t "\"alertUser('id')\"")
"alertUser('id')"
NIL
CL-USER>
But when I try that with CL-WHO:
:onclick (format nil "\"alertUser('id')\"")
That translates to:
onclick='"alertUser('locos-tacos-order')"'>
Which is also invalid html. As you can see, CL-WHO will start with a single quote no matter what. Next I tried the CL-WHO fmt function:
:onclick (fmt "\"alertUser('locos-tacos-order')\"")
When I use the fmt function it gets rid of my :onclick expression entirely when it is converted to html!:
id='id'"alertUser('id')">
Lastly I tried the str function, and got similarly invalid output to my original attempt:
onclick='"alertUser('id')"'
Obviously if I code this in pure html it will look like:
onclick="alertUser('id')">
Which is valid.
My question is simply how do I enable CL-WHO to use double quotation marks in these situations instead of single quotation marks?
#jkiiski was has the correct answer in the comments underneath my question, but I wanted to post the answer so that anyone with a similar issue in the future can resolve the problem. As #jkiiski said, there is a variable called ATTRIBUTE-QUOTE-CHAR in the cl-who package that defaults to #\'. You can simply set that variable to #\" instead in order for the default quotations used to be double quotation marks:
(setf *attribute-quote-char* #\")
After adding that line of code near the top of the file my html defaults to:
onclick="alertUser('id')"
and now the javascript can execute properly. Credit to #jkiiski for a correct answer.
I keep getting kicked out of the shell when I try to paste in an HTML text file. How can this be done? Do I first need to use some javascript to encode it or something?
Example:
db.test.insert({x:"<div id='product-description'><p>Who hasn’t wished for a mini-Roomba to handle the arduous task of cleaning their iPhone screen? Now your dreams have come true!</p> <p>See the Takara web page for a <a href='http://www.takaratomy.co.jp/products/automee/' title='automee s' target='_blank'>demo video.</a></p>
<p><strong>Colors: </strong> White, Red, Orange and Blue<br>
Runs on a single AA battery.</p>
<p>1,575 yen</p><!-- end #product-description --></div>"})
EDIT
I put only single quotes inside my html and wrapped the whole thing in double-quotes, but still no good. shell error:
> j = ({z:"<div id='product-description'><p>Who hasn
---
Unicode text could not be correctly displayed.
Please change your console font to a Unicode font (e.g. Lucida Console).
---
’
bye
You need to remove or encode the control characters in your string.
For example, paste your text in here, and encode to UTF-8 ECMAScript (which means javascript strings).
ps: here an article about strings in javascript. tells you what needs escaping. http://docstore.mik.ua/orelly/webprog/jscript/ch03_02.htm
rompetroll provided some good references to get started. I too found a good solution online which works fine:
Link
But I think there is still some confusion regarding "displaying html back to browser from db". So, following are the steps which removes this confusion :
Step 1: Store html in mongodb
Mongo store everything in form of object. Basically convert your html into utf-8 or ASCII complied string and then store it to mongo.
<div>hi!</div> [from]
<div>hi!</div> [to UTF-8]
Step 2: Display html to browser
This is the step which is the source of confusion to some. People often forget to convert string back to html before displaying it to browser.
You have to decode your html using the same method you used for encoding.
<div>hi!</div> [output from mongo (decode it to html)]
<div>hi!</div> [browser output of above string]
(browser will read it as string and display as it is and not html(hi!) and hence needs to be decoded)
Link that I have provided have reference for both the steps.
Hope this will help
Cheers :)
Use compass, you don't need to encode. Studio3T editor also works, but you need a license.
To add html through MongoDB console, you need to escape your string.
Use this: https://www.freeformatter.com/json-escape.html#ad-output
Steps
copy HTML
go to the link above, paste HTML click on "Escape"
copy the Escaped HTML
Insert HTML (e.g: db.Emails.updateMany({name: 'email/seller'}, {$set: {template: "<!DOCTYPE html\">\r\n<html lang=\"en\"> ..."}})
I need to extract a HTML-Substring with JS which is position dependent. I store special characters HTML-encoded.
For example:
HTML
<div id="test"><p>lösen & grüßen</p></div>
Text
lösen & grüßen
My problem lies in the JS-part, for example when I try to extract the fragment
lö, which has the HTML-dependent starting position of 3 and the end position of 9 inside the <div> block. JS seems to convert some special characters internally so that the count from 3 to 9 is wrongly interpreted as "lösen " and not "lö". Other special characters like the & are not affected by this.
So my question is, if someone knows why JS is behaving in that way? Characters like ä or ö are being converted while characters like & or are plain. Is there any possibility to avoid this conversion?
I've set up a fiddle to demonstrate this: JSFiddle
Thanks for any help!
EDIT:
Maybe I've explained it a bit confusing, sorry for that. What I want is the HTML:
<p>lösen & grüßen</p> .
Every special character should be unconverted, except the HTML-Tags. Like in the HTML above.
But JS converts the ö or ü into ö or ü automatically, what I need to avoid.
That's because the browser (and not JavaScript) turns entities that don't need to be escaped in HTML into their respective Unicode characters (e.g. it skips &, < and >).
So by the time you inspect .innerHTML, it no longer contains exactly what was in the original page source; you could reverse this process, but it involves the full map of character <-> entity pairs which is just not practical.
If i understand you correctly, then try use innerHTML or .html('your html code') for jQuery on the target element
I am having problem with escaping the single and double quotes inside the hrefs JavaScript function.
I have this JavaScript code inside href. It's like -
click this
Now, since double quotes inside double quote is not valid, I need to escape the inner double quotes for it to be treated as part of the string -
so, I need to do this -
click this
The problem is, even the above code is not working. The JavaScript code is getting truncated at -- myFunc(
I tried with the single quote variation too - but even that doesn't seem to work (meaning that if I have a single quote inside my string literal then the code gets truncated).
This is what I did with a single quote:
<a href = 'javascript:myFunc("fileDir/fileName.doc" , true)'> click this </a>
This works, but if I have a single quote inside the string then the code gets truncated in the same way as that of double quotes one.
Using backslashes to escape quotes is how it works in JavaScript, but you're not actually writing JavaScript code there: you're writing HTML. You can do it by using the HTML escaping method: character entities.
" // "
' // '
For example:
...
In case anyone needs to escape some thing like this:
<a href="www.google.com/search?q="how+to+escape+quotes+in+href""</a>
You can use ASCII code for double quotes %22:
<a href="www.google.com/search?q=%22how+to+escape+quotes+in+href%22"</a>
It is especially useful if you pass the link to JavaScript from PHP
As a general best practice, use double-quotes in HTML and single-quotes in JavaScript. That will solve most of your problems. If you need a single-quote in a JavaScript string, you can just escape it using \' - and you probably shouldn't be nesting literal strings any deeper than that.
As noted elsewhere, HTML entities are a possibility if the code is embedded in HTML. But you'll still have to deal with escaping quotes in strings in your JavaScript source files, so it's best to just have a consistent strategy for dealing with JavaScript.
If you are following this strategy and end up with a double-quote embedded in your JavaScript embedded in your HTML, just use the HTML entity ".
Normally, this kind of code is working without problems:
Click this
With this code, do you have any problem?