Encoding & Decoding text
in [JavaScript]
|
Prev: Show/Hide text field
Next: google pop-up blocker..
From: FP on 4 Jul 2006 19:50 I have a javascript variable set to the contents of a database comments field. To set the js variable I used the PHP addslashes function which encodes the apostrophe, double quotes and the backslash. I need to use the variable contents 3 times; - display on HTML page - pre-populate a text area with it - make it the body of an e-mail When I display the variable using document.write, things like "<b>" turn the text to bold. To get around this problem I found the function function htmlEncode(s){ return s.replace(/&(?!\w+([;\s]|$))/g, "&").replace(/</g, "<").replace(/>/g, ">");} However, this function turns my original single and double quotes into "&..." My thought now is I need to convert the single & double quotes back to their original characters, then run it through the above function. Is there an easier way to do this? If not, how do I convert the "&..." back to the real character before passing it to the above function? As far as I can tell the function works, does anyone see problems with it?
From: Bart Van der Donck on 5 Jul 2006 05:17 FP wrote: > I have a javascript variable set to the contents of a database comments > field. > To set the js variable I used the PHP addslashes function which encodes > the apostrophe, double quotes and the backslash. That isn't enough. The better way is to convert all suspicious characters to (numeric or not) HTML entities in PHP, before it reaches client script. I'ld say the PHP regex should at least affect < > " & and \. PHP has pre-built constructions for this kind of things. > I need to use the variable contents 3 times; > - display on HTML page > - pre-populate a text area with it > - make it the body of an e-mail Yes, those things know how to handle HTML entities (don't forget to set your email's Content-Type to 'text/html' and its MIME-Version >= 1). > When I display the variable using document.write, things like "<b>" > turn the text to bold. To get around this problem I found the function > function htmlEncode(s){ > return s.replace(/&(?!\w+([;\s]|$))/g, "&").replace(/</g, > "<").replace(/>/g, ">");} > > However, this function turns my original single and double quotes into > "&..." > My thought now is I need to convert the single & double quotes back to > their original characters, then run it through the above function. > > Is there an easier way to do this? > If not, how do I convert the "&..." back to the real character > before passing it to the above function? It should be done at PHP level; there's actually no need for javascript trickery here. -- Bart
From: FP on 6 Jul 2006 19:10 Bart Van der Donck wrote: > FP wrote: > > > I have a javascript variable set to the contents of a database comments > > field. > > To set the js variable I used the PHP addslashes function which encodes > > the apostrophe, double quotes and the backslash. > > That isn't enough. The better way is to convert all suspicious > characters to (numeric or not) HTML entities in PHP, before it reaches > client script. I'ld say the PHP regex should at least affect < > " & > and \. I checked for a regex() function but couldn't find one. The closest thing I found was the htmlspecialchars() function which converts the characters you mentioned. > > I need to use the variable contents 3 times; > > - display on HTML page > > - pre-populate a text area with it > > - make it the body of an e-mail > > Yes, those things know how to handle HTML entities (don't forget to set > your email's Content-Type to 'text/html' and its MIME-Version >= 1). This is going to sound stupid but how do I do that. Is this part of an href? I'm using javascript code because that's the only way I know to make a button in HTML the code I'm using is; function Email(TheText){ document.location.href=("mailto:?body=" + TheText); } <TD> <input type="button" onclick="Email('<? addslashes(PHP Result here) ?>')" value="E-mail" </TD> The PHP Results are the contents of a comment field. When I click the e-mail button I want the comment in the body of my e-mail, nothing else needs to be filled in. If there's an ampersand in the comments then all data after the ampersand is lost. The PHP addslashes() function adds ampersands when converting apostrophes. I tried putting the "E-mail" button in a form and having the PHP result as a hidden field hoping I didn't have to convert the apostrophe's in that case but then the E-mail button didn't line up with the 2 buttons before it so I gave up on that idea. Obviously I'm going about this the wrong way, what's the right way?
|
Pages: 1 Prev: Show/Hide text field Next: google pop-up blocker.. |