1

I have JavaScript that outputs links (search results) but I'm having problems adding onclick in the anchor tag

var str = "<a href='#bokvisning' onclick='javascript:$(#bokvisning_content).load('http://www.akademika.no/node/"+item.link+"')'>" + item.title + "</a>";

It outputs this, which is wrong:

<a href="#bokvisning" onclick="javascript:$(#bokvisning_content).load(" http:="" www.akademika.no="" node="" link')'="">Title</a>`

Is it possible? What other options do I have?

Improve this question

2 Answers 2

Reset to default
3

The quick fix is the quotes, like this:

var str = "<a href='#bokvisning' onclick='javascript:$(\'#bokvisning_content\').load(\'http://www.akademika.no/node/"+item.link+"\')'>" + item.title + "</a>";

It would be better to add the click handler unobtrusively though, like this:

var anchor = $("<a/>", {href:'#bokvisning', text:item.title}).click(function() {
   $("#bokvisning_content").load("http://www.akademika.no/node/"+item.link);
});
//or for older jQuery versions (<1.4):
var anchor = $("<a href='#bokvisning'></a>").text(item.title).click(function() {
   $("#bokvisning_content").load("http://www.akademika.no/node/"+item.link);
});

Then append that to whatever element you're currently putting the string in.

Note: The second option above assumes jQuery is an option because your onclick is using it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 for always using DOM-like methods instead of unreliable and insecure HTML string-slinging—especially for event handlers, where you have multiple nested escaping contexts. However there is still an HTML injection hole here (potential XSS, if item.title is user-supplied). I suggest using the $('<a href="#bokvisning">', {text: item.title})... shortcut to avoid this.
@bobince - Good call, updated, though slightly differently, having attributes in the html string and the properties object throws an error, though it really should be handled.
Oh! You're right, it's taking the html, document overload instead of html, props. I'd never noticed this, as I've always set every attribute from props like in your example. Oh dear! I wish jQuery didn't try to shoehorn everything into one $() property, this kind of value-level overloading is crazy!
0

You have to properly escape the quotes:

var str = "<a href='#bokvisning' onclick='javascript:$(#bokvisning_content).load(&#39;http://www.akademika.no/node/"+item.link+"&#39;)'>" + item.title + "</a>";

I've replaced two apostrophes with &#39; inside your string.

Also, don't you mean $('#bokvisning_content').load ..., which would give us:

var str = "<a href='#bokvisning' onclick='javascript:$(&#39;#bokvisning_content&#39;).load(&#39;http://www.akademika.no/node/"+item.link+"&#39;)'>" + item.title + "</a>";

All in all, using @Nick Craver's solution to untangle the multiple layers of quoting might be best.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.