How do I escape a string inside JavaScript code inside an onClick handler?
In JavaScript you can encode single quotes as "\x27" and double quotes as "\x22". Therefore, with this method you can, once you're inside the (double or single) quotes of a JavaScript string literal, use the \x27 \x22 with impunity without fear of any embedded quotes "breaking out" of your string.
\xXX is for chars < 127, and \uXXXX for Unicode, so armed with this knowledge you can create a robust JSEncode function for all characters that are out of the usual whitelist.
For example,
<a href="#" onclick="SelectSurveyItem('<% JSEncode(itemid) %>', '<% JSEncode(itemname) %>'); return false;">Select</a>
How to escape quotes in a string that assigns a method to onclick with a parameter?
This looks like a job for stripslashes(). Note however, that you can not use the same double quote ("
) or single qoutes ('
) for both the attribute assignment AND the string definition for the parameter. Therefore you want your result to look something like: onclick="removeTag('naruto')"
.
If you have them as double quotes in your original string (i.e. $row['description']
), you can replace those, all put together like this:
echo 'blabla <a href="#" onclick="removeTag(' . str_replace('"', '\'', stripslashes($row['description'])) . ')">';
A tiny bit simpler approach might be to just trim double quotes and add your own single qoutes:
echo 'blabla <a href="#" onclick="removeTag(\'' . trim(stripslashes($row['description']), '"') . '\')">';
What needs to be escaped in an onclick event taking a string?
quotes ("
) should be replaced with "
. And backslash (\
) prepended to '
.
onclick="eventBox('This is the string \' // " "')"
escape parameters on onclick event doesnt work
Try this. As description seems to be a string
value you need to surround
it with qoutes
.
row.insertCell(0).innerHTML = '<input type="button" value = "ShowDescription" onclick="showDescription(\'' + description + '\');">';
Escaping double quotes in JavaScript onClick event handler
Did you try
"
or \x22
instead of
\"
?
escape character is not working when sending as argument to onclick function
In instances like this you can try changing your quotes around;
control += "<button class='gray-button' onclick='diagBtnClick("${yesStepIntent}", "${yesBtnLbl}")'>"${yesBtnLbl}"</button>";
But this will break if you use "
in your variable.
EDIT: Or you can try;
control += `<button class='gray-button' onclick='diagBtnClick("${yesStepIntent}", "${yesBtnLbl}")'>${yesBtnLbl}</button>`;
Pass a string parameter in an onclick function
It looks like you're building DOM elements from strings. You just need to add some quotes around result.name:
'<input type="button" onClick="gotoNode(\'' + result.name + '\')" />'
You should really be doing this with proper DOM methods though.
var inputElement = document.createElement('input');
inputElement.type = "button"
inputElement.addEventListener('click', function(){
gotoNode(result.name);
});
document.body.appendChild(inputElement);
Just be aware that if this is a loop or something, result
will change before the event fires and you'd need to create an additional scope bubble to shadow the changing variable.
Related Topics
How to Prevent Default Event Handling in an Onclick Method
What the Difference of This.State and This.Setstate in Reactjs
How to Check If Page Exists Using JavaScript
How to Remove One Specific Selected File from Input File Control
Why Array.Indexof Doesn't Find Identical Looking Objects
How to Loop Through All the Elements Returned from Getelementsbytagname
Console.Log Showing Only the Updated Version of the Object Printed
Should an Async API Ever Throw Synchronously
Differences Between JavaScript Regexp Literal and Constructor
Completely Removing Duplicate Items from an Array
Difference Between the 'Controller', 'Link' and 'Compile' Functions When Defining a Directive
How to Set a JavaScript Breakpoint from Code in Chrome
Http Get Request in Node.Js Express
How to Run Function in Angularjs Controller on Document Ready