9

For a web app I'm making, I'm going to be getting text strings coming in, occasionally which contain quotation marks. Because I am then going to be document.writing the string, they need to be changed either into apostrophes or escaped. How would I do that, because when I try it doesn't seem to work, specifically I think because the string's quotation marks stop the rest of the script working.

Hope that makes some sense, I'm quite new to this so that's why it might not make sense. I'll try and clarify if need be. Thank you!

James Wanchai
  • 2,861
  • 4
  • 21
  • 16

4 Answers4

19

Escaping them for HTML:

var escapedString = string.replace(/'/g, "'").replace(/"/g, """);

Escaping them for JS code:

var escapedString = string.replace(/(['"])/g, "\\$1");
Eli Grey
  • 35,104
  • 14
  • 75
  • 93
11

If you are generating Javascript strings on the server, you will need to escape quotes and certain other characters.

\'      Single quotation mark  
\"      Double quotation mark  
\\      Backslash  
\b      Backspace  
\f      Form feed  
\n      New line  
\r      Carriage return  
\t      Horizontal tab  
\ddd    Octal sequence (3 digits: ddd)  
\xdd    Hexadecimal sequence (2 digits: dd)  
\udddd  Unicode sequence (4 hex digits: dddd)
Lachlan Roche
  • 25,678
  • 5
  • 79
  • 77
  • 1
    So, if the string has just been generated and I can't change what is generated, how can I then escape all the quotes in that string I guess is my question? Thanks! – James Wanchai Feb 28 '10 at 15:57
2

Try the following code in some HTML:

string.replace(/"/g, '');

If it's just JS you can use:

string.replace(/"/g, '');

This remove de undesired quotes on submited values from user.

Moisés Roth
  • 21
  • 5
1

You need to escape them like so:

var foo = '\'foo\'';

So, if the source string has single quotes, replace each single quote with a slash and a single quote.

Thomas
  • 63,911
  • 12
  • 95
  • 141