15

I need to make this into a string in java:

 <script type="text/javascript">document.write("<img src=\"UpArrow.png\" /> \"); </script>

Can someone help? I keep trying and it ends up like this...

return "<script type=\"text/javascript\">document.write(\"<img src=\"UpArrow.png\" /> \"); </script>";

Which doesn't work because I need to double escape the quotes before and after UpArrow.png. since it needs to be escaped in javascript and not in java.

.

.

2019 Update: If you are looking at this, god help your soul. This is awful code and if you're trying to do things this way you're doing it wrong (As others suggested to me).

The correct way to do this would be jquery or one of the zillion DOM-modifying frameworks that exist now and popping stuff into / out of the scope of the DOM.

If you are doing this, you should not look at the code above or the solutions below, but should instead go learn more, as this is a path to make spaghetti code.

A_Elric
  • 3,508
  • 13
  • 52
  • 85
  • You must escape the ``\`` (It will become ``\\\"``) – Alexandre Khoury Aug 29 '12 at 16:10
  • that doesn't look like a particualry good idea. I would not like to maintain code that embeds a javascript function, in a html page, via java – NimChimpsky Aug 29 '12 at 16:11
  • Unfortunately it's not my project to dictate that. I fought a good fight to use php / ajax and got stuck using JSP / Javascript / Xhtml. – A_Elric Aug 29 '12 at 16:12
  • 1
    nothing wrong with java/jsp, its just bad design, imho – NimChimpsky Aug 29 '12 at 16:13
  • Well, needing to include images based on database results at runtime was not my idea either. There aren't too many other ways I could handle this with a deadline tomorrow. – A_Elric Aug 29 '12 at 16:19
  • Static text like this belongs in the JSP - that's what it's designed for. – Alex Aug 29 '12 at 16:44
  • Possible duplicate of [How to escape apostrophe or quotes on a JSP (used by JavaScript)](http://stackoverflow.com/questions/1470768/how-to-escape-apostrophe-or-quotes-on-a-jsp-used-by-javascript) – Klas Lindbäck Apr 18 '17 at 11:27

3 Answers3

24

Apache commons have a methods just for this in StringEscapeUtils : the escapeJavaScript method.

Matt
  • 74,352
  • 26
  • 153
  • 180
Denys Séguret
  • 372,613
  • 87
  • 782
  • 758
  • 1
    That's great for escaping parts of a dynamically built Javascript string, but I'm not sure this is quite what OP is looking for. Seems like the intent is to take a static piece of HTML/Javascript text and escape it as a Java string literal. – Alex Aug 29 '12 at 16:49
  • If you want a javascript (of document.write here) argument to be executed , you must also escape the simple quotes. That's done by this method and you can call it from a static literal initialization which will be (a little) cleaner than escaping it yourself. I agree with you that this kind of java+html+javascript code should be avoided whenever possible. – Denys Séguret Aug 29 '12 at 16:56
  • 2
    org.apache.commons.lang3.StringEscapeUtils doesn't have this function... any ideas? – wutzebaer Oct 02 '13 at 15:12
  • Works for most things, but be warned that StringEscapeUtils doesn't correctly support certain legacy JavaScript engines that only support ISO 8859-1 (Latin-1) encoding, but do not support the `\uXXXX` unicode escape syntax. – Ian Gilham Dec 17 '15 at 12:35
8

Looks like it was moved in Apache Commons Lang 3 to ESCAPE_ECMASCRIPT in StringEscapeUtils.

https://commons.apache.org/proper/commons-lang/javadocs/api-3.4/src-html/org/apache/commons/lang3/StringEscapeUtils.html#line.74

Kirk Rasmussen
  • 231
  • 4
  • 9
7

It seems it moved yet again, now it is part of "commons-text" and is named:

StringEscapeUtils.escapeEcmaScript

But good it still exists.

Tinus Tate
  • 2,237
  • 2
  • 12
  • 33