Escaping HTML for use in Inline JavaScript

Posted: Mon Apr 11, 2011 8:15 pm

Looking for a function to escape HTML for use in Inline JavaScript, and having trouble believing I would have to create a function to do so...

json_encode works exactly how I want, with a couple of deal breakers... json_encode only works with UTF-8 encoded data, and it also requires php5.2+. Might work great for a future version of RN, but for now??
http://us.php.net/manual/en/function.json-encode.php

I suppose if I wrap the script in CDATA I only really need to escape double-quotes, but there has to be a better way, right? Any thoughts?

NOTE: json_encode works in the current version of RN, provided the string does not include UTF characters; in which case it returns null.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Can you please detail and give an example of what you are trying to do? I'm confused with escaping and encoding/decoding (the mixing of the terms). So I need to understand the context.

Posted: Mon Apr 11, 2011 10:44 pm

Well here's a little more background, I was working on some improvements to the broadcast message function, using a similar notification bar to that used on http://stackoverflow.com/

Found a nice script that will work from the JS body array so it only needs to load when there is a message to display. But ideally I need to take this:

Code:

<div id="public-message"><div id="public-message-head">Public Message from <a href="modules.php?name=Your_Account&amp;op=userinfo&amp;username=ErwinJohannes">ErwinJohannes</a></div><div id="public-message-foot"><a href="modules.php?name=Your_Account&amp;op=edithome">Turn Off Public Messages</a></div><div id="public-message-body">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor </div></div>

and escape it like so

Code:

<div id=\"public-message\"><div id=\"public-message-head\">Public Message from <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=ErwinJohannes\">ErwinJohannes<\/a><\/div><div id=\"public-message-foot\"><a href=\"modules.php?name=Your_Account&amp;op=edithome\">Turn Off Public Messages<\/a><\/div><div id=\"public-message-body\">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor <\/div><\/div>

Posted: Mon Apr 11, 2011 11:25 pm

Try this - Forget escaping with \ - use Only registered users can see links on this board! Get registered or login! syntax. Note:

Quote:

Heredoc text behaves just like a double-quoted string, without the double quotes. This means that quotes in a heredoc do not need to be escaped, but the escape codes listed above can still be used. Variables are expanded, but the same care must be taken when expressing complex variables inside a heredoc as with strings.

Code:

echo <<< _SPASTIC_


<div id="public-message"><div id="public-message-head">Public Message from <a href="modules.php?name=Your_Account&amp;op=userinfo&amp;username=ErwinJohannes">ErwinJohannes</a></div><div id="public-message-foot"><a href="modules.php?name=Your_Account&amp;op=edithome">Turn Off Public Messages</a></div><div id="public-message-body">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor </div></div>


_SPASTIC_

Posted: Mon Apr 11, 2011 11:44 pm

Not real familiar with Heredoc, looks like I have some reading to do Smile

Although I'm not sure if it will help me here. I probably wasn't 100% clear, I need the html output escaped for html validation purposes, since this is an inline javascript.

Code:

<script type="text/javascript">


$(function(){


      $("body").bar({


         color           : "#111111",


         background_color : "#FFFFFF",


         removebutton     : true,


         message          : "<div id=\"public-message\"><div id=\"public-message-head\">Public Message from <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=ErwinJohannes\">ErwinJohannes<\/a><\/div><div id=\"public-message-foot\"><a href=\"modules.php?name=Your_Account&amp;op=edithome\">Turn Off Public Messages<\/a><\/div><div id=\"public-message-body\">Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor <\/div><\/div>",


         time          : 20000


      }); 


   }


);


</script>

This could be done by str_replace I just thought I would throw it out there after recently finding json_encode, and wondering if there was a better method that didn't require UTF-8 and/or php 5.2+

Posted: Tue Apr 12, 2011 9:41 am

Use single quotes in place of \"