homepage Welcome to WebmasterWorld Guest from 54.237.38.30
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
do I need to escapeURI with onclick="document.location=.
abersoch windsurfer

5+ Year Member



 
Msg#: 4265728 posted 5:08 pm on Feb 11, 2011 (gmt 0)

Im confused again.

Do I do this:

<input type="button" onClick="document.location.href='http://www.google.com?foo=1&bar=2'" />


or this:


<input type="button" onClick="document.location.href='http://www.google.com?foo=1&amp;bar=2'" />

 

Fotiman

WebmasterWorld Senior Member fotiman us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4265728 posted 5:21 pm on Feb 11, 2011 (gmt 0)

If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp;. Easy way to test is simply to try validating [validator.w3.org] the page.

A better solution would be to avoid using inline event handlers. Keep a clean separation of content and behavior by putting all JavaScript in external .js file(s). And then attach any event handlers/listeners from within the JavaScript file. For example, you could change the input to:

<input type="button" id="googleButton" />

Then in your JavaScript code:

var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&bar=2';
};


You would NOT need to escape the & character in this case.

abersoch windsurfer

5+ Year Member



 
Msg#: 4265728 posted 12:11 pm on Feb 13, 2011 (gmt 0)

If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp


So as inline javascript appears 'within' a HTML document you need to escape the & in that too?

e.g. your function if declared inline would need to be changed to:

<script type="text/javascript">
var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&amp;bar=2';
};
</script>

daveVk

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4265728 posted 6:29 am on Feb 15, 2011 (gmt 0)

So as inline javascript appears 'within' a HTML document you need to escape the & in that too?


No, for the same reason you dont escape > in
if( a > b ) ...

Note that if you using XHTML then the rules change and your inline script should read


<script type="text/javascript">
<![CDATA[
... unescaped script content ...
]]>
</script>

[webmasterworld.com...]

abersoch windsurfer

5+ Year Member



 
Msg#: 4265728 posted 5:09 pm on Feb 18, 2011 (gmt 0)

Thanks for the help!

The last thing I'm confused about is if you use document.write do you have to &amp; the &

i.e.
document.write("<a href='http://www.blah.com?foo=a&amp;boo=b'

or

document.write("<a href='http://www.blah.com?foo=a&boo=b'


Looking round at websites I see that lots dont use &amp; in any of their links! Which browsers don't work around & in href/src urls - old versions? - the browsers I use don't treat & as an entity indicator in link urls but every now again I get a complaint from someone who is experiencing a problem.

daveVk

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4265728 posted 10:03 pm on Feb 18, 2011 (gmt 0)

As document.write is I assume in script, do not escape the & or the < for that matter. In HTML (not xHTML ) what goes between the script tags if not markup (ie cdata).

If on the other hand you wanted to talk about document.write on your web page (not in script) it would be coded

document.write("&lt;a href='http://www.blah.com?foo=a&amp;boo=b'

Validate your page and any doubt will go away.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved