0

How can I properly escape special characters in a JavaScript document code when using the mail-function in PHP?

For the following $script, I need to ensure that special characters such as double quotes ("), single quotes ('), backslashes (\), and double forward slashes (//) are properly escaped.

$script =   '<script>some javascript stuff...</script>';

Edit: Solution

The function I was looking for is json_encode($script)

Gykonik
  • 638
  • 1
  • 7
  • 24
  • Y not script write in separate php file and include in this file?? Atleast u save time on single and double quotes???? Suggestion – devpro Jan 26 '16 at 19:55
  • `$script = '';`? – Marc B Jan 26 '16 at 19:58
  • @MarcB, can I do this with CSS-File too, like `(SECRETPATH/codesnippet/lib/highlight/styles/monokai_sublime.css)`? – Gykonik Jan 26 '16 at 20:26
  • Are you going to create a HTML mail body with the javascript and css embedded? – hherger Jan 26 '16 at 20:28

1 Answers1

1

Code in one language which emits code in another language is a notoriously difficult thing when it comes to escaping "special" characters. When that code gets upward of tens of thousands of characters then it makes a lot more sense to store it in another file which would be appropriate for that language. In this case, a .js file.

That file can be maintained as that language and not as just a literal string in PHP. This gives you things like syntax checking, debugging, testing, etc.

If the end result (such as a web page or some other displayed HTML) can simply refer to that file separately, then host the file somewhere and just send a reference to it (such as a script tag in the case of HTML). The end user's system will download the file accordingly.

If the end result needs to have this content directly embedded, then in PHP you'd read the file's contents into a string and emit that. Something like file_get_contents('yourScript.js').

Treat code as code, not as string literals.

David
  • 208,112
  • 36
  • 198
  • 279
  • Can I do this with a CSS-Document, too? – Gykonik Jan 26 '16 at 20:39
  • @Gykonik: Can and should. As far as any language is concerned, any other language is nothing more than a string. Your choice is simply to treat it as a string literal, or as a string read from a file. – David Jan 26 '16 at 20:42
  • And with the PHP-Mail function, can I just say `$cssStyle = '';`?? – Gykonik Jan 26 '16 at 20:44
  • @Gykonik: That *should* produce a string just like a string literal would. Test it and see. – David Jan 26 '16 at 20:45
  • This works, now I have one more question (has nothing to do with the thread...) In the mail-function I have to execute a Javascript-Function and in the Mail-Service the Javascript-Function doesn't work... How can I solve it? :s – Gykonik Jan 26 '16 at 20:52
  • @Gykonik: People's email clients generally don't execute JavaScript for obvious security reasons. Whatever you're trying to accomplish, you may need to take a different approach. – David Jan 26 '16 at 20:53
  • 1
    can I chat with you in any way? I don't want to spam this thread... + I only have 18 Reputation... :c – Gykonik Jan 26 '16 at 21:30