开发者

Need to escape the quotes of a variable in MVC View to pass as a parameter to JavaScript

I have a MVC view in which I have to pass a string variable to JavaScript, but that string variable has single quotes in it ('). I am trying to do something like this

<a onclick="JavaScript:AddressHandler.ProcessAddress('<%= homeAddress %>');" 
                            class="button-link">change</a>

homeAddress has single quotes which I have to workaround someh开发者_如何转开发ow so that I can pass the complete value of it to the JavaScript.


You can use Ajax helper: Ajax.JavaScriptStringEncode(string strToEncode)


To escape a string to be a Javascript string literal, you replace backslash with double backslashes, and the string delimiter with a backslash and the delimiter:

<a onclick="AddressHandler.ProcessAddress('<%= homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") %>');" class="button-link">change</a>

Note: The javascript: protocol is used when you put script in an URL, not as an event handler.

Edit:
If the script also contains characters that need HTML encoding, that should be done after escaping the Javascript string:

<a onclick="<%= Html.Encode("AddressHandler.ProcessAddress('" + homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") +"');") %>" class="button-link">change</a>

So, if you don't know what the string contains, to be safe you need to first escape the string literal, then HTML encode the code so that it can be put in the attribute of the HTML tag.


You can write a method that escapes all single quotes (and other characters if needed) with a backslash so it is not misunderstood by javascript.


You'll want to encode homeAddress as a URL. MVC has a built in helper to do this: UrlHelper.Encode(string url) - it should replace a single quote with %27


I don't have time to test it, but look at HtmlHelper.Encode(string s). It might handle the escaping for you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜