Prev: How to detect what Library is behind the $ function?
Next: How do I modify a dropdown box?
From: Ivan S on 12 May 2010 08:11
On May 12, 10:38 am, Garrett Smith <dhtmlkitc...(a)gmail.com> wrote:
> Revised.
>
> | Use a server-side language to generate the javascript value.
> |
> | Certain characters of ECMAScript strings must be escaped by backslash.
> | These include quote marks, backslash, and line terminators.

PHP's function "addslashes" doesn't cover all characters:

http://www.php.net/manual/en/function.addslashes.php

"Returns a string with backslashes before characters that need to be
quoted in database queries etc. These characters are single quote ('),
double quote ("), backslash (\) and NUL (the NULL byte)."

addcslashes (http://www.php.net/manual/en/function.addcslashes.php)
with list of above mentioned characters would be more appropriate.


Something like this:

<?php

$js_string = '...';

if (get_magic_quotes_gpc()) {
$js_string = stripslashes($js_string);
}

?>

....

var jsVar = "<?php echo addcslashes($js_string, "\\\"'\n\r"); ?>";

....



Ivan
From: Garrett Smith on 12 May 2010 13:57
Ivan S wrote:
> On May 12, 10:38 am, Garrett Smith <dhtmlkitc...(a)gmail.com> wrote:
>> Revised.
>>

[...]

> addcslashes (http://www.php.net/manual/en/function.addcslashes.php)
> with list of above mentioned characters would be more appropriate.
>

addcslashes - I thought that was a typo.

Thanks for the correction.

That PHP example doesn't cover \u2028 and \u2029 line terminators.

One or two simple statements of PHP code in the c.l.js FAQ seems
reasonable. Much more than that would be inappropriate. Is it necessary
for the example to include get_magic_quotes_gpc() call? Would this do?

<?php echo addcslashes($str,"\\\'\"\n\r\u2028\u2029"); ?>
--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
From: Garrett Smith on 13 May 2010 03:24
Garrett Smith wrote:
> Ivan S wrote:
>> On May 12, 10:38 am, Garrett Smith <dhtmlkitc...(a)gmail.com> wrote:
>>> Revised.

>
> <?php echo addcslashes($str,"\\\'\"\n\r\u2028\u2029"); ?>

I meant: \\u2028\\u2029, but it looks like PHP strings support those
characters, normally. I don't really know much about PHP.

<?php echo addcslashes($str,"\\\'\"\n\r"); ?>

| How do I get a jsp/php variable into client-side javascript?
|
|
| Use a server-side language to generate the javascript.
|
| Certain characters of ECMAScript strings must be escaped by backslash.
| These include quote marks, backslash, and line terminators.
|
| JSP Example, using Apache Commons:
org.apache.commons.lang.StringEscapeUtils
|
| var jsVar = "<%= StringEscapeUtils.escapeJavaScript(str) %>";
|
| PHP example using addcslashes:
|
| var jsVar = <?php echo addcslashes($str,"\\\'\"\n\r\\u2028\\u2029");?>
|
| * <example/addcslashes.php>
| * <http://php.net/manual/en/function.addcslashes.php>
| * <http://commons.apache.org/lang/>
--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
From: Garrett Smith on 13 May 2010 03:26
Garrett Smith wrote:
> Garrett Smith wrote:
>> Ivan S wrote:
>>> On May 12, 10:38 am, Garrett Smith <dhtmlkitc...(a)gmail.com> wrote:
>>>> Revised.

[...]
> | var jsVar = <?php echo addcslashes($str,"\\\'\"\n\r\\u2028\\u2029");?>
> |

Sorry, that should omit the last two:
| var jsVar = <?php echo addcslashes($str,"\\\'\"\n\r");?>

--
Garrett
comp.lang.javascript FAQ: http://jibbering.com/faq/
From: Ivan S on 13 May 2010 07:03
On May 12, 7:57 pm, Garrett Smith <dhtmlkitc...(a)gmail.com> wrote:
> Is it necessary for the example to include get_magic_quotes_gpc() call?

No. Unescaping makes sense if data (string) is comming from HTTP POST,
GET or COOKIE and PHP has magic quotes on (which are deprecated from
5.3 version). You can put example without it, developers that has that
configuration option on should know what they need to do first.



Ivan
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: How to detect what Library is behind the $ function?
Next: How do I modify a dropdown box?