4

Possible Duplicate:
JavaScript/jQuery HTML Encoding

I am passing info down to the client as Json and I am generating some HTML from my javascript code. I have a field called name which I pass into the title of an image like this:

  html.push("<img  title='" + person.Name + "' src . . .

the issue is if the person.Name is "Joe O'Mally' as it only shows up as "Joe O" when i hover over the image (because of the ' in the name)

I don't want to strip the ' on the serverside as there are other places where I want to show the exact string on the page.

Is there an Equivalent of HttpUtility.HtmlEncode in javascript that will show the full name in the image title, when I hover of the image?

Improve this question
2

2 Answers 2

Reset to default
17

No but you can write one pretty easily.

function htmlEnc(s) {
  return s.replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/'/g, '&#39;')
    .replace(/"/g, '&#34;');
}

I've played with ways of making that faster (basically to do things with one "replace" call) but this performs well enough for most purposes, especially in modern browsers.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Why &#34; instead of &quot;? Just because it's one character less?
@Lucero force of habit :-) You can use "&quot;" if you prefer it.
Converting spaces to &nbsp; would be a very wrong thing to do, as well as converting newlines to <br/> (particularly in an HTML5 document, where self-closing tags don't really make sense). The point is to prevent running text from being interpreted as metacharacters, but to otherwise not change the semantics. Introducing non-breaking spaces where there were previously just plain spaces, for example, would leave the text rendered quite incorrectly.
@Servy, what you're writing is about converting plain text to HTML. The question however is about escaping characters that would be illegal to use (or change the meaning of the text being looked at as HTML). I know no library that does significantly more, neither the .NET HtmlEncode nor the functions provided by jQuery or other JS toolsets do anything else. It's arguable whether some special characters (such as &#160;) should be encoded as well in order to ensure integrity across text-based transports, but really this isn't the responsibility of the HtmlEncode method either.
Also note, that order matters. I had this partially done, and added a couple replace methods from above. I added the one for & at the end, this is a bad idea since all the encoding that happens before it get encoded using an & so they get RE encoded and unless you decode for it... Put & at the beginning of the encoding and the end of the decoding.
|
-3

Here is a good post that explains the use of javascript escape() and unescape() functions, these may help you out in what you are trying to do.

Improve this answer

1 Comment

No, they won't. Those functions are about escaping characters for URL syntax, not HTML syntax.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.