Wrong text encoding in string sent to javascript

Question

I have a javascript method which is receiving a UTF-8 encoded string (ViewBag.errorText), and uses this as a parameter to a new function.

The problem is that the text displayed in show_error_dialog is displaying the html escaped characters (æ&#248 etc') and not the intended ("æåø" etc.).

I presume the problem is the enclosed <text> tags but can't seem to get around this.

<script type="text/javascript" charset="utf-8">
    function performLoadOperations() {
        @if(ViewBag.errorText!= null) {
            <text>show_error_dialog('@ViewBag.errorText');</text>
        }
    }
</script>

Zruty · Accepted Answer · 2011-06-09 10:15:21Z

19

I think all Razor-inserted text is HTML-encoded by default. Use Html.Raw() to pass the string unencoded.

<script type="text/javascript" charset="utf-8">
    function performLoadOperations() {
        @if(ViewBag.errorText!= null) {
            <text>show_error_dialog('@Html.Raw(ViewBag.errorText)');</text>
        }
    }
</script>

answered Jun 9, 2011 at 10:15

Zruty

8,7151 gold badge27 silver badges31 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Lucent Fox Over a year ago

This opens you up to an XSS exploit, you need to re-encode errorText for insertion into javascript.

Burak Over a year ago

Couldn't understand can you please explan Mr.Fox

Lucent Fox · Accepted Answer · 2012-01-11 23:20:46Z

5

Use: @Html.Raw(Ajax.JavaScriptStringEncode(Model))

to safely insert values into javascript

answered Jan 11, 2012 at 23:20

Lucent Fox

1,7951 gold badge16 silver badges24 bronze badges

1 Comment

Dani Over a year ago

Can you explain a bit about this, why this is safely and what does exactly each function? Thanks a lot, this worked for me !!!

melaos · Accepted Answer · 2011-06-09 10:16:20Z

1

just use javascript escape function:

function encode_utf8( s )
{
  return unescape( encodeURIComponent( s ) );
}

function decode_utf8( s )
{
  return decodeURIComponent( escape( s ) );
}

answered Jun 9, 2011 at 10:16

melaos

8,4385 gold badges61 silver badges95 bronze badges

Comments

Dimitar Marinov · Accepted Answer · 2011-06-09 10:16:04Z

0

I'm not sure but i think there was unescape() function with js. Try to pass your text with it. It might help

answered Jun 9, 2011 at 10:16

Dimitar Marinov

9426 silver badges14 bronze badges

Collectives™ on Stack Overflow

Wrong text encoding in string sent to javascript

4 Answers 4

2 Comments

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

2 Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related