Welcome to WebmasterWorld Guest from 174.129.96.175

Forum Moderators: open

do I need to escapeURI with onclick="document.location=.

   
5:08 pm on Feb 11, 2011 (gmt 0)

5+ Year Member



Im confused again.

Do I do this:

<input type="button" onClick="document.location.href='http://www.google.com?foo=1&bar=2'" />


or this:


<input type="button" onClick="document.location.href='http://www.google.com?foo=1&amp;bar=2'" />
5:21 pm on Feb 11, 2011 (gmt 0)

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp;. Easy way to test is simply to try validating [validator.w3.org] the page.

A better solution would be to avoid using inline event handlers. Keep a clean separation of content and behavior by putting all JavaScript in external .js file(s). And then attach any event handlers/listeners from within the JavaScript file. For example, you could change the input to:

<input type="button" id="googleButton" />

Then in your JavaScript code:

var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&bar=2';
};


You would NOT need to escape the & character in this case.
12:11 pm on Feb 13, 2011 (gmt 0)

5+ Year Member



If the value is going to appear within an HTML document (as is the case above), the & needs to be escaped as &amp


So as inline javascript appears 'within' a HTML document you need to escape the & in that too?

e.g. your function if declared inline would need to be changed to:

<script type="text/javascript">
var googleButton = document.getElementById('googleButton');
googleButton.onclick = function () {
document.location.href = 'http://www.google.com?foo=1&amp;bar=2';
};
</script>
6:29 am on Feb 15, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



So as inline javascript appears 'within' a HTML document you need to escape the & in that too?


No, for the same reason you dont escape > in
if( a > b ) ...

Note that if you using XHTML then the rules change and your inline script should read


<script type="text/javascript">
<![CDATA[
... unescaped script content ...
]]>
</script>

[webmasterworld.com...]
5:09 pm on Feb 18, 2011 (gmt 0)

5+ Year Member



Thanks for the help!

The last thing I'm confused about is if you use document.write do you have to &amp; the &

i.e.
document.write("<a href='http://www.blah.com?foo=a&amp;boo=b'

or

document.write("<a href='http://www.blah.com?foo=a&boo=b'


Looking round at websites I see that lots dont use &amp; in any of their links! Which browsers don't work around & in href/src urls - old versions? - the browsers I use don't treat & as an entity indicator in link urls but every now again I get a complaint from someone who is experiencing a problem.
10:03 pm on Feb 18, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



As document.write is I assume in script, do not escape the & or the < for that matter. In HTML (not xHTML ) what goes between the script tags if not markup (ie cdata).

If on the other hand you wanted to talk about document.write on your web page (not in script) it would be coded

document.write("&lt;a href='http://www.blah.com?foo=a&amp;boo=b'

Validate your page and any doubt will go away.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month