htmlentities

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Codemasters

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

htmlentities, java+jsp+javascript

views

TSgiasens	Oct 27 2006, 02:18 PM, updated 20y ago Show posts by this member only \| Post #1
On my way Senior Member 625 posts Joined: Jan 2003	in my jsp page, i hav the following javascript code where it will set the form txtfield value function fnRandom(var1) { document.frm.txt1.value = var1; } in my java code, i retrieve record from db which contain htmlentities. then i suppose to printout to html like this out.print("<a href=\"javascript:fnRandom("DB_INPUT_STR");\">runJS</a>"); ----- my problem is when my DB_INPUT_STR contain single quote/double quote or other htmlentities, it will break my javascript. anyidea?
Card PM	Report Top Like Quote Reply

rukawa	Oct 27 2006, 03:46 PM Show posts by this member only \| Post #2
::+::KukuKawa::+:: Senior Member 1,903 posts Joined: Jan 2003 From: Wg Maju	From the java code itself, I think you have to either filter it out if those entities doesn't affect anything
Card PM	Report Top Like Quote Reply

TSgiasens	Oct 27 2006, 03:54 PM Show posts by this member only \| Post #3
On my way Senior Member 625 posts Joined: Jan 2003	yeah filter out. but hav to get it back when the value goes into the textfield. else it looks weird. look my code, the error occur when i insert the double quote. and if double quote not exist, it runs fine. i manage to escape the single code but not double quote. CODE <html> <head> </head> <body> <form name="frm"> <input name="txt1" type="text" value=""><br /> <input type="button" value="print" onclick="javascript:fnFn('\(\@#$^\)!&df"\'\<;:?\>')" <------ this line /> </form> <script> function fnFn(inputVal) { document.frm.txt1.value=inputVal; } </script> </body> </html> This post has been edited by giasens*: Oct 27 2006, 03:57 PM
Card PM	Report Top Like Quote Reply

rukawa	Oct 27 2006, 04:12 PM Show posts by this member only \| Post #4
::+::KukuKawa::+:: Senior Member 1,903 posts Joined: Jan 2003 From: Wg Maju	This was the same question i posted up last time in here. My only way is to try to avoid any double quotes in that area.
Card PM	Report Top Like Quote Reply

TSgiasens	Oct 27 2006, 04:21 PM Show posts by this member only \| Post #5
On my way Senior Member 625 posts Joined: Jan 2003	uhm. that's user input. ok. i use escape & unescape, it works in my jsp page, but not in normal html such as this =.=; CODE <html> <head> </head> <body> <script> function fnFn(inputVal) { document.frm.txt1.value=unescape(inputVal); } var str = '\(\"\'\<;?\>'; //document.write(escape("\(\"\'\<;?\>")); </script> <a href="javascript:alert(str)">prompt</a> </body> <form name="frm"> <input name="txt1" type="text" value=""><br /> <input type="button" value="print" onclick="javascript:fnFn(escape('\(\'\<;?\>'));" /> </form> </body> </html> This post has been edited by giasens: Oct 27 2006, 05:18 PM
Card PM	Report Top Like Quote Reply

« Next Oldest · Codemasters · Next Newest »

Add Reply Options

Change to:

0.0161sec

0.38

5 queries

GZIP Disabled
Time is now: 4th December 2025 - 09:43 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.