2

I'm writing a script for a signature function in a forum program and any time someone puts a quote or some other JavaScript parse-able character into it, it breaks my program.

Is there a way either to force JavaScript to recognize it as a string without parsing it as script or, failing that, a function that escapes all scripting within a string that will be dynamic?

I did a search and all I could find were endless webpages on how to escape individual characters with a slash - perhaps my search skills need work.

Improve this question

1 Answer 1

Reset to default
2

Are you putting the contents of the signature using a server-side language, dynamically, in a JavaScript string literal? That probably isn't the best way to go; you may want to reconsider the way you are doing it.

For example, a better way to do it could be that you could just have an element on the page for the signature (which doesn't have to be visually distinct) and then get the contents of that for use in the script during JavaScript runtime.

If you still wanted to take the route you are going, you could replace ' with \' (or " with \" if you are using double-quoted strings in your script) and replace \n with \\n, which replaces real newlines with newline escapes.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Well, here's how it's set up. It's a user panel page where users can alter their profile contents, one of the settings is the signature. PHP grabs all the info for the user from the database and slaps it in a javascript function that displays the correct div when the user wishes to change that setting. When it displays the signature that PHP pulled, it breaks the javascript via parseable information in the signature. I'd rather not change the entire format of the page - you think there'd be a way
Then my last statement in my question should help.
Individually escaping characters isn't possible here as the data is dynamic, unless I do a the javascript equivalent of a preg_replace on it each time to escape everything. There are functions that do it for you in PHP, I just thought javascript would have one
Yes, but you'd have to do it in PHP seeing as if you didn't do it in PHP, and echoed the contents into a JavaScript string literal, it'd be a JavaScript syntax error condition.
Understood, I'd figure there might be a function that gets parsed before any strings that defines the following string will get NO javascript parsing, just display. The problem with using PHP for this before I insert it into javascript is that javascript using different symbols and operators, etc (though many are the same) and PHP likely wouldn't catch all of the ones javascript would need removed. Grr, back to the drawing board, JS is a PITA.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.