homepage Welcome to WebmasterWorld Guest from 107.20.131.154
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
do I need to escapeURI with onclick="document.location=.
abersoch windsurfer




msg:4265730
 5:08 pm on Feb 11, 2011 (gmt 0)

Im confused again.

Do I do this:

<input type="button" onClick="document.location.href='http://www.google.com?foo=1&bar=2'" />


or this:


<input type="button" onClick="document.location.href='http://www.google.com?foo=1&amp;bar=2'" />

 

Fotiman




msg:4265744
 5:21 pm on Feb 11, 2011 (gmt 0)

If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp;. Easy way to test is simply to try validating [validator.w3.org] the page.

A better solution would be to avoid using inline event handlers. Keep a clean separation of content and behavior by putting all JavaScript in external .js file(s). And then attach any event handlers/listeners from within the JavaScript file. For example, you could change the input to:

<input type="button" id="googleButton" />

Then in your JavaScript code:

var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&bar=2';
};


You would NOT need to escape the & character in this case.

abersoch windsurfer




msg:4266377
 12:11 pm on Feb 13, 2011 (gmt 0)

If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp


So as inline javascript appears 'within' a HTML document you need to escape the & in that too?

e.g. your function if declared inline would need to be changed to:

<script type="text/javascript">
var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&amp;bar=2';
};
</script>

daveVk




msg:4267193
 6:29 am on Feb 15, 2011 (gmt 0)

So as inline javascript appears 'within' a HTML document you need to escape the & in that too?


No, for the same reason you dont escape > in
if( a > b ) ...

Note that if you using XHTML then the rules change and your inline script should read


<script type="text/javascript">
<![CDATA[
... unescaped script content ...
]]>
</script>

[webmasterworld.com...]

abersoch windsurfer




msg:4269102
 5:09 pm on Feb 18, 2011 (gmt 0)

Thanks for the help!

The last thing I'm confused about is if you use document.write do you have to &amp; the &

i.e.
document.write("<a href='http://www.blah.com?foo=a&amp;boo=b'

or

document.write("<a href='http://www.blah.com?foo=a&boo=b'


Looking round at websites I see that lots dont use &amp; in any of their links! Which browsers don't work around & in href/src urls - old versions? - the browsers I use don't treat & as an entity indicator in link urls but every now again I get a complaint from someone who is experiencing a problem.

daveVk




msg:4269259
 10:03 pm on Feb 18, 2011 (gmt 0)

As document.write is I assume in script, do not escape the & or the < for that matter. In HTML (not xHTML ) what goes between the script tags if not markup (ie cdata).

If on the other hand you wanted to talk about document.write on your web page (not in script) it would be coded

document.write("&lt;a href='http://www.blah.com?foo=a&amp;boo=b'

Validate your page and any doubt will go away.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved