Details
-
Improvement
-
Resolution: Won't Fix
-
Major
-
None
-
1.8.2
-
None
-
Unknown
-
Description
If you want to insert a text string inside a js call in a tag or in a function you need some encoding.
For example
#set($text = $util.getJSEncoded($mytext))
<input type="button" name="a" value="" onclick="alert('$text'); callfunction('$text');" />
I propose the following code:
public String getJSEncoded(String origtext)
{ String text = origtext.replaceAll("\\\\", "\\\\"); text = text.replaceAll("'", "\\\\'"); text = text.replaceAll("\"", "\\\\x22"); return text; }See sample on http://incubator.myxwiki.org/xwiki/bin/edit/Test/TestJSEncoding
1 JS Encoding <% def getJSEncoded(String origtext) { String text = origtext.replaceAll("\\\\", "\\\\"); text = text.replaceAll("'", "\\\\'"); text = text.replaceAll("\"", "\\\\x22"); return text; } text = getJSEncoded("c'est l'été \"test\"") %> {pre} <input type="button" name="a" value="click" onclick="alert('$text');" /> {/pre}