4

Possible Duplicate:
JavaScript/jQuery HTML Encoding

I am passing info down to the client as Json and I am generating some HTML from my javascript code. I have a field called name which I pass into the title of an image like this:

  html.push("<img  title='" + person.Name + "' src . . .

the issue is if the person.Name is "Joe O'Mally' as it only shows up as "Joe O" when i hover over the image (because of the ' in the name)

I don't want to strip the ' on the serverside as there are other places where I want to show the exact string on the page.

Is there an Equivalent of HttpUtility.HtmlEncode in javascript that will show the full name in the image title, when I hover of the image?

Community
  • 1
  • 1
leora
  • 188,729
  • 360
  • 878
  • 1,366
  • 2
    Take a look at this earlier post: http://stackoverflow.com/questions/1219860/javascript-jquery-html-encoding – immutabl Jul 19 '12 at 13:12
  • Or http://stackoverflow.com/questions/3905310/is-there-a-javascript-equivelent-of-htmlencode-htmldecode-from-asp-net (and probably many more) – Lucero Jul 19 '12 at 13:24

2 Answers2

15

No but you can write one pretty easily.

function htmlEnc(s) {
  return s.replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/'/g, '&#39;')
    .replace(/"/g, '&#34;');
}

I've played with ways of making that faster (basically to do things with one "replace" call) but this performs well enough for most purposes, especially in modern browsers.

Pointy
  • 405,095
  • 59
  • 585
  • 614
  • Why `"` instead of `"`? Just because it's one character less? – Lucero Jul 19 '12 at 13:25
  • @Lucero force of habit :-) You can use """ if you prefer it. – Pointy Jul 19 '12 at 13:26
  • I prefer it because it helps my weak brain to remember which is which: the `apos` is the one that doesn't have a HTML 4 entity defined, so it has to be escaped like this, but other than that I prefer the named entity for clarity. – Lucero Jul 19 '12 at 13:28
  • @Lucero yes I think that's fine; I'm old enough to have parts of my brain devoted to remembering random ASCII codes so those numbers are mnemonic enough for me :-) – Pointy Jul 19 '12 at 13:32
  • There are a LOT more characters that could potentially need to be HTML encoded. This will work a good amount of the time, but it's certainly not equivalent to a library HTMLEncode method. – Servy Jul 19 '12 at 13:51
  • @Servy what characters in particular are you thinking of? The "library" HTML encoding routines I'm familiar with often don't even include quotes. – Pointy Jul 19 '12 at 13:57
  • @Pointy Well, converting spaces to ` ` comes to mind off hand, and newlines to `
    `. For a more exhaustive list (mostly for handling characters in non-english languages, unusual punctuation, etc.) see [this link](http://www.w3.org/TR/html4/sgml/entities.html). Note the section at the end on "markup significant characters". As I said, this will work in most common (English) cases, but it's not suitable for the general case of handling anything.     – Servy Jul 19 '12 at 14:05
  • 2
    Converting spaces to ` ` would be a very wrong thing to do, as well as converting newlines to `
    ` (particularly in an HTML5 document, where self-closing tags don't really make sense). The point is to prevent running text from being interpreted as metacharacters, but to otherwise not change the semantics. Introducing non-breaking spaces where there were previously just plain spaces, for example, would leave the text rendered quite incorrectly.     – Pointy Jul 19 '12 at 14:09
  • 2
    @Servy, what you're writing is about converting plain text to HTML. The question however is about escaping characters that would be illegal to use (or change the meaning of the text being looked at as HTML). I know no library that does significantly more, neither the .NET HtmlEncode nor the functions provided by jQuery or other JS toolsets do anything else. It's arguable whether some special characters (such as ` `) should be encoded as well in order to ensure integrity across text-based transports, but really this isn't the responsibility of the HtmlEncode method either. – Lucero Jul 19 '12 at 14:24
  • 1
    Also note, that order matters. I had this partially done, and added a couple replace methods from above. I added the one for & at the end, this is a bad idea since all the encoding that happens before it get encoded using an & so they get RE encoded and unless you decode for it... Put & at the beginning of the encoding and the end of the decoding. – yougotiger May 12 '20 at 19:43
-3

Here is a good post that explains the use of javascript escape() and unescape() functions, these may help you out in what you are trying to do.

mreyeros
  • 4,359
  • 20
  • 24
  • 2
    No, they won't. Those functions are about escaping characters for URL syntax, not HTML syntax. – Pointy Jul 19 '12 at 13:15