-3

i have tried another code by store whole url in variable.It's give me error like "Uncaught SyntaxError: Unexpected end of input"

<?php
$url=$item['item_url'];
$title=$item["item_title"];
$str_url='http://www.facebook.com/sharer.php?u='.$url.'&amp;t='.$title;
?>
<script>
    var str_url = "'<?php echo $str_url; ?>'";
    var title = "'<?php echo $title; ?>'";
    var social_icon ="<div class='display-social-button'><a class='uk-icon-button uk-icon-facebook' onclick='popupCenter('"+ str_url + "','" + title + "','450','450');' href='javascript:void(0);'></a></div>"; 


</script>
piyush
  • 293
  • 7
  • 21
  • 2
    I think its not about this line. can provide the whole function? – MJN May 30 '18 at 04:04
  • `popupCenter(http://www.facebook.com`... the URL should be in a quote or double quote. However, you should post the whole function. – Vuong May 30 '18 at 04:08
  • be careful this code is vulnerable to xss. What is xss: https://stackoverflow.com/questions/15755323/what-is-cross-site-scripting How to prevent it in PHP: https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php – Mathias May 30 '18 at 04:37

1 Answers1

-2

You need to add quotes around the variable in the onclick

var social_icon ="<div class='display-social-button'><a class='uk-icon-button uk-icon-facebook' onclick='popupCenter(\"http://www.facebook.com/sharer.php?u="+ str_url + "&amp;t="+ title + ","+title+"\",450,450);' href='javascript:void(0);'></a></div>";

That said, it isn't recommend to use onclick events at all for anchors. I'd recommend using the href and target tags of an anchor.

patstuart
  • 1,931
  • 1
  • 19
  • 29
  • There's no issue with the line in the question. There's some issue in the lines before this. – Rahul Bharadwaj May 30 '18 at 04:07
  • @RahulBharadwaj Wrong. When he clicks the anchor, it will trigger the invalid Javascript and throw a syntax error. – patstuart May 30 '18 at 04:09
  • @Rahul, the line in the question has a problem missing quotes for the URL. If you check it in js, it doesn't occur. But when it be rendered to HTML, it will occur when clicking on the button. – Vuong May 30 '18 at 04:14
  • Ohh yes, thank you for pointing that out, I'm sorry for the stupid downvote.I guess I can retract it once the answer is edited. – Rahul Bharadwaj May 30 '18 at 04:15