16

I need to make this into a string in java:

 <script type="text/javascript">document.write("<img src=\"UpArrow.png\" /> \"); </script>

Can someone help? I keep trying and it ends up like this...

return "<script type=\"text/javascript\">document.write(\"<img src=\"UpArrow.png\" /> \"); </script>";

Which doesn't work because I need to double escape the quotes before and after UpArrow.png. since it needs to be escaped in javascript and not in java.

.

.

2019 Update: If you are looking at this, god help your soul. This is awful code and if you're trying to do things this way you're doing it wrong (As others suggested to me).

The correct way to do this would be jquery or one of the zillion DOM-modifying frameworks that exist now and popping stuff into / out of the scope of the DOM.

If you are doing this, you should not look at the code above or the solutions below, but should instead go learn more, as this is a path to make spaghetti code.

Improve this question
7
  • You must escape the \ (It will become \\\") Commented Aug 29, 2012 at 16:10
  • that doesn't look like a particualry good idea. I would not like to maintain code that embeds a javascript function, in a html page, via java Commented Aug 29, 2012 at 16:11
  • Unfortunately it's not my project to dictate that. I fought a good fight to use php / ajax and got stuck using JSP / Javascript / Xhtml. Commented Aug 29, 2012 at 16:12
  • 1
    nothing wrong with java/jsp, its just bad design, imho Commented Aug 29, 2012 at 16:13
  • Well, needing to include images based on database results at runtime was not my idea either. There aren't too many other ways I could handle this with a deadline tomorrow. Commented Aug 29, 2012 at 16:19

3 Answers 3

Reset to default
24

Apache commons have a methods just for this in StringEscapeUtils : the escapeJavaScript method.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

That's great for escaping parts of a dynamically built Javascript string, but I'm not sure this is quite what OP is looking for. Seems like the intent is to take a static piece of HTML/Javascript text and escape it as a Java string literal.
If you want a javascript (of document.write here) argument to be executed , you must also escape the simple quotes. That's done by this method and you can call it from a static literal initialization which will be (a little) cleaner than escaping it yourself. I agree with you that this kind of java+html+javascript code should be avoided whenever possible.
org.apache.commons.lang3.StringEscapeUtils doesn't have this function... any ideas?
Works for most things, but be warned that StringEscapeUtils doesn't correctly support certain legacy JavaScript engines that only support ISO 8859-1 (Latin-1) encoding, but do not support the \uXXXX unicode escape syntax.
9

It seems it moved yet again, now it is part of "commons-text" and is named:

StringEscapeUtils.escapeEcmaScript

But good it still exists.

Improve this answer

1 Comment

why do they keep moving, I have to keep refactoring
8

Looks like it was moved in Apache Commons Lang 3 to ESCAPE_ECMASCRIPT in StringEscapeUtils.

https://commons.apache.org/proper/commons-lang/javadocs/api-3.4/src-html/org/apache/commons/lang3/StringEscapeUtils.html#line.74

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.