struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: HTML Input field event with ' (quote) in name of var being set breaking javascript var assignment
Date Fri, 01 Dec 2006 20:51:46 GMT
Hash: SHA1


Mississippi John Hurt wrote:
> I notice if the quote is escaped as...  \'
> then it works fine, the problem is it will display wrong looking exactly
> like above, so I have to escape it 2 different ways...

Yeah, that's pretty much the deal. You want to do "javascript escaping",
not "HTML escaping". That's often inconvenient.

However, you know that the content will be going into the "onclick"
attribute, which will always be javascript. You ought to be able to
javascript-escape it first, then HTML escape it (to catch any of those
pesky non-HTML characters you might want to display).

> Using &#039; the default in most cases, but using the \' just for this
> javascript workaround.
> Is this correct, there's got to be a better way. I dont want to have 2
> versions of the same name (coming from the db).

No, you're right: separate storage is a kludge and a mistake. On-the-fly
escaping is the way to do it. You might have to write your own method in
your JSP, or your own tool that lives in the application scope, or your
own tag that does this kind of thing.

Have you searched to see if there are appropriate tags that already
exist? For instance, the Struts tags for dealing with validation might
be a good place to start (which is what I was recommending at first).

- -chris

Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message