Add Blackslah JSP in Javascript code

Question

i want to add backslash after apostrof character (')

before thi's is string

after thi\'s is string (I want like this)

okey, this is my code,

       function showdata(mydata)
    {
        alert (mydata)
    }

//if this click, show alert showdata
<%
    String mydata= "Hello Worl'd";
%>
<a onclick="showdata('<% out.print(mydata.replace("'","\\\'")); %>'); return false;">Click Data</a>

i already click, this alert not show

Help me, Thank's

do you get any errors in console? I just noticed that you have declared the function `showdata(..)` but the `onclick` event is invoking `edit_tipe(...)` - could that be it? — blurfus, Apr 08 '16 at 06:46

score 1 · Accepted Answer · answered Apr 08 '16 at 07:29

You will not be able to pass hello wor'ld as arument as it contains ' character .do this way

 <script>
         function showdata(mydata)
    {

        alert (mydata);
    }</script>
if this click, show alert showdata
<%
    String mydata= "Hello World";
    mydata=mydata.replace("\'", "\\\'");

%>
<a onclick="showdata('<%=mydata%>');">Click Data</a>

Olaf Kock · Answer 2 · 2016-04-09T07:51:09.577

A single quote is just the character that you see in this place. Instead of using String.replace for a single character, you should do proper escaping of all of the data that you're using on the JSP. Check this OWASP cheat sheet, particularly Rule#3 (but don't stop there).

Find a proper library that works for you and use that library's escape method(s).

But the direct answer to your question is this: Don't escape by using \', rather go for '. Do yourself a favor and don't stop there.

Add Blackslah JSP in Javascript code

2 Answers2