Function for escaping quotes in javascript?

Question

Is there a function in JavaScript that does the same as htmlentities($string, ENT_QUOTES) in PHP? I searched a lot but couldnt find it, everyone recommending regex.

Just wanted to make sure there was no other easier way before I try that

http://webdesignfan.com/htmlspecialchars-in-javascript/ – Dimag Kharab Nov 13 '14 at 10:30 — Dimag Kharab, Nov 13 '14 at 10:30

score 0 · Answer 1 · answered Nov 13 '14 at 10:29

0

see this tutorial

it's a 'port' of PHP's htmlentities function:

function htmlEntities(str) {
    return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
}

answered Nov 13 '14 at 10:29

Nitsan Baleli

5,393
3
30
52

score 0 · Answer 2 · answered Nov 13 '14 at 10:30

Well, there's PHP.js's implementation of that: http://phpjs.org/functions/htmlentities/

function htmlentities(string, quote_style, charset, double_encode) {
  //  discuss at: http://phpjs.org/functions/htmlentities/
  // original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
  //  revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
  //  revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
  // improved by: nobbler
  // improved by: Jack
  // improved by: Rafał Kukawski (http://blog.kukawski.pl)
  // improved by: Dj (http://phpjs.org/functions/htmlentities:425#comment_134018)
  // bugfixed by: Onno Marsman
  // bugfixed by: Brett Zamir (http://brett-zamir.me)
  //    input by: Ratheous
  //  depends on: get_html_translation_table
  //   example 1: htmlentities('Kevin & van Zonneveld');
  //   returns 1: 'Kevin &amp; van Zonneveld'
  //   example 2: htmlentities("foo'bar","ENT_QUOTES");
  //   returns 2: 'foo&#039;bar'

  var hash_map = this.get_html_translation_table('HTML_ENTITIES', quote_style),
    symbol = '';
  string = string == null ? '' : string + '';

  if (!hash_map) {
    return false;
  }

  if (quote_style && quote_style === 'ENT_QUOTES') {
    hash_map["'"] = '&#039;';
  }

  if ( !! double_encode || double_encode == null) {
    for (symbol in hash_map) {
      if (hash_map.hasOwnProperty(symbol)) {
        string = string.split(symbol)
          .join(hash_map[symbol]);
      }
    }
  } else {
    string = string.replace(/([\s\S]*?)(&(?:#\d+|#x[\da-f]+|[a-zA-Z][\da-z]*);|$)/g, function(ignore, text, entity) {
      for (symbol in hash_map) {
        if (hash_map.hasOwnProperty(symbol)) {
          text = text.split(symbol)
            .join(hash_map[symbol]);
        }
      }

      return text + entity;
    });
  }

  return string;
}

score 0 · Answer 3 · answered Nov 13 '14 at 10:30

JavaScript doesn't have any convenient functions for generating escaped HTML.

Escaping data for HTML in JavaScript is usually done using DOM methods and avoiding mashing together strings of HTML altogether.

element.setAttribute("data-foo", 'Example value with a " in it');

In most cases where converting text to a string of HTML is required (i.e. putting it in the current document is not the end goal), the work around is to create a div element, then use DOM methods on it, then read the innerHTML property of the div.

score 0 · Answer 4 · edited May 23 '17 at 12:05

0

You might be looking for this

var encodedStr = rawStr.replace(/[\u00A0-\u9999<>\&]/gim, function(i) {
   return '&#'+i.charCodeAt(0)+';';
});

Note, that

This code will replace all characters in the given range (unicode 00A0 - 9999, as well as ampersand, greater & less than) with their html entity equivalents, which is simply &#nnn; where nnn is the unicode value we get from charCodeAt. ^ref

edited May 23 '17 at 12:05

Community

1
1

answered Nov 13 '14 at 10:30

Gottlieb Notschnabel

9,408
18
74
116

Function for escaping quotes in javascript?

4 Answers4