Welcome to WebmasterWorld Guest from 54.196.214.35

Forum Moderators: open

Message Too Old, No Replies

escaping ampersands in javascript

simple for anyone that knows javascript :-)

     
12:51 pm on Apr 9, 2003 (gmt 0)

New User

10+ Year Member

joined:Mar 8, 2003
posts:9
votes: 0


Hi, I have a small script in a sidebar I have developed for Mozilla. I am trying to get it to validate as xhtml 1 transitional

the script is


function member(){
var m;m=prompt('Member name:');
if(m!=null){_content.location.href="member.php?action=getinfo&username="+m;}
};

and the validator does not like the unescaped ampersand... how do i go about escaping it.

a quick googling has not brought up anything i understand, so thanks for your help, Donald

12:59 pm on Apr 9, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 22, 2002
posts:1749
votes: 0


Try &

Good luck!

1:04 pm on Apr 9, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 27, 2002
posts:125
votes: 0


getinfo%26username

?

1:18 pm on Apr 9, 2003 (gmt 0)

New User

10+ Year Member

joined:Mar 8, 2003
posts:9
votes: 0


unfortunately niether of those work, as the & has to be as an & in the url, not & or %26, as it is submitting to a php page.

i think the solution might be to use JS to insert the character code into the string, but that is what i am not sure how to do.

thanks anyway, donald

1:20 pm on Apr 9, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 22, 2003
posts:1022
votes: 0


Hi,

Have you tried replacing the double quotes for single ones?

i.e. content.location.href='member.php?action=getinfo&username='+m;}

[added]
I thought this might be of interest [w3.org]
*OR*
Markup Languages Coding Guidelines for Mozilla.org [mozilla.org]
[/added]

-gs

3:47 pm on Apr 9, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 22, 2002
posts:1749
votes: 0


drnoble, & works fine with my IE6 and Opera7 and is the thing to do according to all the documentation I've seen. One should not feed it to the browsers address bar, though.

Anyway, I've never understood why (x)html validators try to interpret the code inside <script>-tags. None of their business, imho.

4:34 pm on Apr 9, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Maybe I'm missing something, but why not define the function in an external .js file? The validator won't see it at all.
6:33 pm on Apr 9, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


You should always use &amp; for this. The browser should unescape the ampersand and send just an & to the server in the request, and the browser should display just an & on screen. However, in the source code you should be using the full &amp; notation.

As noted above, using external javascript is even better. You link to the .js file with this:
<script type="text/javascript" language="javascript" src="/path/file.js"></script>

4:44 pm on Apr 11, 2003 (gmt 0)

New User

10+ Year Member

joined:Mar 8, 2003
posts:9
votes: 0


I could put it in an external file, but for a one line script on a sidebar it does not seem worth it.

the solution is either to use html comments (invalid) or to mark it as CDATA

<script type="text/javascript"><![CDATA[
// script here
]]></script>

the answer: [webmasterworld.com...]
which links to: [w3.org...]

6:31 pm on Apr 11, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 22, 2002
posts:334
votes: 0


RonPK :
XML-parsers are *required* to look at everything unless specifically told not to.

DrNoble :
the correct form is -
<script type="text/javascript">
// <![CDATA[
script here
// ]]>
</script>

[devedge.netscape.com...]

DrNoble :
I've solved the escape-the-ampersand-problem by going over to ';' instead.
In php you have to change two settings -
arg_separator.output = ";"
arg_separator.input = ";"