I am using FCKEditor in a CMS and need to post some javascript code in the editor.
This is stored in my database but it removes the + sign from this javascript code:
function _check(val){
loadFragmentInToElement('captcha_check.php?val='+val,'captcha_div','');
}
Now why would it remove the + sign?
I've tried using + and %2B but then it posts + and %2B instead of a + sign.
No, outside parties will not be able to access this to post stuff.
Edit....
The form with the editor is submitted using a javascript function
called submitform. The editor content is passed as an object called
noofeditor. I see where it 'escapes' the code retrieved from
the editor using this:
if(noofeditor){
var editorArray=noofeditor.split('::');
for (l=0;l<editorArray.length;l++){
strData += "&"+editorArray[l]+"="+escape(FCKeditorAPI.GetInstance(editorArray[l]).GetXHTML());
}
}
Is there a way to prevent it from escaping the + sign?
How about the following:
function _check(val){
var path = 'captcha_check.php?val='+val;
loadFragmentInToElement(path,'captcha_div','');
}
Related
I used Google Tag Manager to create a custom data level variable to get the content of an ajax form. The result is in the attributes.response that looks like:
response:"{\"current_url\":\"https:\\/\\/domainname.com\\/ +
"manufacturer\\/category\\/model-number\\/\",\"h" +
"tml"\":{\"cart_status_528\":\"\\n <div id=\\\"s" +
...
"<a href=\\\"https:\\/\\/domainname.com\\/manufacturer" +
"-name\\/long-store-category-name\\/model-number-x\\/\\" +
"\" class=\\\"ty-product-notification__product-name\\\"" +
">PRODUCT-NAME THAT I WANT<\\/a>\\n " +
...
" <p><\\n more escaped html content +
}"
I am trying to extract/parse the attribute.response to retrieve the PRODUCT-NAME text. I have tried the following which matches in regexr. But, GTM keeps complaining there is an error in my javascript at the double quote symbol. What am I missing? Or is there a cleaner way to retrieve the text? Thanks
function() {
var regex = (?<=product-name(.|\n)*">)(.*)(?=<\\\\\/a);
var attributesResponse = {{attributes.response}};
if(regex.test{{attributesResponse}}
var ProductAddedToCart = regex.exec(attributesResponse)[1];
return ProductAddedToCart;
}
return false;
}
First of all, please read the top answer here: RegEx match open tags except XHTML self-contained tags
Secondly, your JS has many problems. Even the SO code highlighter indicates it. See some examples of how regex is used in JS.
The proper way to solve your task, however, would be adding a dataLayer push with the proper response details neatly stored in a dataLayer object. You would normally ask your front-end developers to add a push in their response callback. It should be trivial for them to tackle. You can read more on DL here.
I have a c# function that builds a string which in turn is used as a hyperlink to another page. However, with some strings with single quotes it is causing a javascript error as shown here:
I'm calling the javascript function in the code behind as so
linkFullMatch.NavigateUrl = "javascript:showFullMatches(" + sb.ToString() + ")";
the javascript is on the aspx function as so:
<script>
function showFullMatches(url) {
window.open(url, "_blank", "height=344,width=1100,scrollbars=yes,resizable=yes,toolbar=no,location=no,status=no,menubar=no,left=580,top=194");
}
Any help would be greatly appreciated. Any string that doesn't have a single quote in works fine and the page link opens as requested.
Rob
You need to add an additional layer of quote marks to make the sb.ToString() value an JS string. Adjust your call like:
linkFullMatch.NavigateUrl = "javascript:showFullMatches('" + sb.ToString() + "')";
Note the additional ' marks.
I have this problem:
array[i].idAuthor is a String variable. I want to pass this String to a function which is called inside an append-String.
The code works fine in Chrome and Firefox except for Internet Explorer. IE gives me this error: SCRIPT1014: Invalid character
I think the issue are the `-Quotes.
I hope the following example helps to express my problem.
<script>
(...)
$("#id").append("<div onClick='myFunc(`" + array[i].idAuthor + "`);'>" + i + "</div>");
(...)
<script>
Is there another way to handle my situation or to replace the `-Quotes with another character that is compatible with IE?
It looks like you're putting backticks (`) into your string there.
onClick='myFunc(`" + ... + "`);'>
In modern browsers, backticks are used for template literals. IE11 doesn't support template literals.
Instead, try escaping your quotes:
onClick='myFunc(\"" + array[i].idAuthor + "\");'>
You should use normal quotes, but escape them so they are parsed as part of the string:
$("#id").append("<div onClick='myFunc(\"" + array[i].idAuthor + "\");'>" + i + "</div>");
//------------------------------------^^ ----------------------^^
//create element using jquery
var elm = $('<div>');
//put ID as custom attribute
elm.attr('data-author-id', array[i].idAuthor);
//put some html content for new element
elm.html(i);
// catch click on it
elm.click(function(){
// call external function and pass your custom tag attribute as value
myFunc( $(this).attr('data-author-id') );
});
$("#id").append(elm);
something like that should work.
of more shot way:
$("#id").append($('<div>')
.attr('data-author-id', array[i].idAuthor)
.html(i)
.click(function(){
// call external function and pass your custom tag attribute as value
myFunc( $(this).attr('data-author-id') );
}));
jQuery have lot of functionality control tag attributes, events, values and lot's of useful stuff.
I have the following javascript:
tr.append("<a href='add_widget.html?id=" + data[i].id + "&pg=" + data[i].page_number + "&dest=" + data[i].dest + "&name=" + data[i].name.replace("'","\\'") + "'</a><button class='btn btn-xs btn-primary'>Edit</button> </td>");
The code in question has to do with the name field.
If I have a name like "John Doe" when I click on the hyperlink created by the above javascript, the new page's querystring has the full name.
However, if I try to pass a name like "John's stuff", the above logic creates a query string variable that looks like this:
&name=John\
How can I change the above code so that the entire string "John's stuff" is passed to the add_widget.html page?
Thanks.
replace("'","%27")
try http://meyerweb.com/eric/tools/dencoder/ it's an online URL encoder/decoder.
When you're trying to "protect" characters, you have to keep in mind what you're protecting them from. In this case, there are two interpreters you have to worry about:
You're building HTML, so you have to worry about the HTML parser;
You're building a URL, so you have to worry about how the browser and the server will parse the URL.
To deal with the first problem, you can replace the quotes with the HTML entity equivalent ('). To deal with the second, you can use encodeURIComponent().
I think you'd want to do the encodeURIComponent() call first, to avoid having the HTML entity notation get messed up. The entity notation will be gone after the HTML parser is finished with the string anyway:
function qEncode(str) {
return encodeURIComponent(str).replace(/'/g, "'");
}
To use that:
tr.append("<a href='add_widget.html?id=" +
qEncode(data[i].id) + "&pg=" +
qEncode(data[i].page_number) + "&dest=" +
qEncode(data[i].dest) + "&name=" +
qEncode(data[i].name) +
"'</a><button class='btn btn-xs btn-primary'>Edit</button> </td>"
);
Note that you could also encode double-quote characters too.
A totally different way of working around this problem would be to build the DOM content with DOM APIs. By doing that, you'd completely avoid the HTML parser, and you'd just need encodeURIComponent().
You need to think, what will be interpreting my code, so what do I need to escape for?
Your code will be interpreted by the HTML Interpreter in the browser
Your code will be interpreted as a URI
This means you need to escape/encode them in reverse order. Luckily JavaScript provides a URI encoder as encodeURIComponent, but it doesn't provide a HTML one (probably as we have DOM Methods) but it isn't too hard to implement for important characters, e.g.
function html_encode(str) {
var re_chars = /[<>'"]/g;
function replacer($0) {
return '&#' + $0.charCodeAt(0) + ';'
}
return str.replace(re_chars, replacer);
}
// example follows
html_encode('<foo bar="baz">'); // "<foo bar="baz">"
So for you,
attrib_value = html_encode(/* ... + */ encodeURIComponent(data[i].name) /* + ... */ );
For completeness,
function html_decode(str) {
var re = /&(?:#\d{1,3}|amp|quot|lt|gt|nbsp);/g, // notice extra entities
d = document.createElement('div');
function replacer($0) {
d.innerHTML = $0;
return d.textContent;
}
return str.replace(re, replacer);
}
// and an example
html_decode('<foo bar="baz">'); // "<foo bar="baz">"
Using escape(data[i].name) instead of data[i].name.replace("'","\\'"), will solve your problem.
I'm inserting content with js, that includes an onclick call to a function. This function passes a parameter which contains a database entry, which could contain a ' .
var action = 'Share';
Trouble is that when name contains a single apostrophe it breaks the function call. I've tried doing a string replace on name to replace ' with ' but this seems to still be converted back to a ' by the browser.
Any idea how I can get around this?
Use escape() or after JavaScript version 1.5. use encodeURI() or encodeURIComponent() instead.
Don't write code by mashing strings together with other code. You've got JavaScript inside HTML inside JavaScript and it is a recipe for headaches.
Use DOM manipulation instead.
var a = document.createElement('a');
a.href = "#"; // You should use a button instead of a link to the top of the page
a.className = "facebook-share";
a.addEventListener('click', function () {
facebookWallPost(name);
});
a.appendChild(
document.createTextNode('Share');
);