How to escape apostrophe or quotes on a JSP (used by JavaScript)
Use the Apache StringEscapeUtils.escapeJavaScript function.
Escapes the characters in a String using JavaScript String rules.
Escapes any values it finds into their JavaScript String form.
Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and 't'.
escape single quotes inside onclick method JSP generated text
Use
${fn:replace(note.getRequiredInfoFieldValue('note-text'), /\"/g,'\"')}
inside onclick directly.
So that it will replace the single or double quotes with a escape sequence character.
Obviously you need to import jstl lib using:
<%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %>
- Use
<c:out value="${note.getRequiredInfoFieldValue('note-text')}"/>
directly inside onclick.
Use ${fn:escapeXml(note.getRequiredInfoFieldValue('note-text'))}
Third approach is most recommended because you need not to put manual efforts to escape particular symbols.
To escape character in javascript/jsp
Can you fix it using the technique mentioned in https://stackoverflow.com/a/1473192/476786 as suggested by @xdazz.
If not, try using double quotes as follows:
var description = "${requestScope.description}";
Edit: OP says that description
could also potentially contain " (double quotes):
In that case, you could replace the double quotes before you output the string as:
var description = "${requestScope.description.replace("\"", "''")}";
This would replace all instances of double quotes with 2 single quotes.
Please note that my jsp
isvery weak, and as such the code sample above might need a tweak or two... :)
How to escape JavaScript in JSP?
The forward slash is not an escape character. That's the backslash.
${fn:replace(Desc, "'", "\\'")}
(yes, it's been presented twice, because that's also an escape character in Java!)
However, you don't only need to repace '
by \'
, you also need to replace \n
(newlines) by \\n
. The string is been printed over multiple lines, which makes it also an invalid JS string variable. Your final result must basically look like this:
var itemNameList = ''
+ '\nWeyland Estate Santa Barbara Pinot Noir'
+ '\nRaymond \'Prodigal\' North Coast Cabernet Sauvignon'
+ '\nChateau Haute Tuque';
(please note that the syntax highlighter agrees on me here but not on yours)
There are however much more possible special characters which needs to be escaped. They are all covered by Apache Commons Lang StringEscapeUtils#escapeEcmaScript()
. Much easier is to create a custom EL function which calls exactly that method. If not done yet, download and drop commons-lang.jar
in /WEB-INF/lib
. Then create a /WEB-INF/functions.tld
file like follows:
<?xml version="1.0" encoding="UTF-8" ?>
<taglib
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"
version="2.1">
<display-name>Custom Functions</display-name>
<tlib-version>1.0</tlib-version>
<uri>http://example.com/functions</uri>
<function>
<name>escapeJS</name>
<function-class>org.apache.commons.lang3.StringEscapeUtils</function-class>
<function-signature>java.lang.String escapeEcmaScript(java.lang.String)</function-signature>
</function>
</taglib>
So that you can use it as follows:
<%@taglib prefix="util" uri="http://example.com/functions" %>
...
${util:escapeJS(Desc)}
Passing apostrophe in javascript function
why not just do this:
onclick=showURL("${result.url}");
function showURL (result_url) {
alert("<c:out value='"+ result_url + "' />");
}
then you don't have to worry about escaping at all.
-tjw
Related Topics
Read Data from SQLite Where Column Name Contains Spaces
Android JSON Parsing of Multiple JSONobjects Inside JSONobject
Issue: Passing Large Data to Second Activity
How Get Value from Linkedhashmap Based on Index Not on Key
What Is the Correct Way to Do Inserts/Updates/Deletes in Android SQLitedatabase Using a Query String
Android:Table Has No Column Named "Variable Name" MySQL Database Error
Gson Expected Begin_Array But Was Begin_Object
Android: Changing Background-Color of the Activity (Main View)
Android - How to Change Fragments in the Navigation Drawer
Spannable on Android for Textview
Resources.Openrawresource() Issue Android
Date Format Conversion Android
Android Maps Utils Clustering Show Infowindow
Gradle Sync Failed: Unable to Find Method
How to Persist Permission in Android API 19 (Kitkat)
Setting Property 'Source' to 'Org.Eclipse.Jst.Jee.Server:Jsftut' Did Not Find a Matching Property
What Would an Ast (Abstract Syntax Tree) for an Object-Oriented Programming Language Look Like