Escape JavaScript in Expression Language

by

You can use Apache Commons Lang 3.x StringEscapeUtils#escapeEcmaScript() method for this in EL.

First create a /WEB-INF/functions.taglib.xml which look like this:

<?xml version="1.0" encoding="UTF-8"?>
<facelet-taglib 
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facelettaglibrary_2_0.xsd"
    version="2.0">
    <namespace>http://example.com/functions</namespace>

    <function>
        <name>escapeJS</name>
        <function-class>org.apache.commons.lang3.StringEscapeUtils</function-class>
        <function-signature>java.lang.String escapeEcmaScript(java.lang.String)</function-signature>
    </function>
</taglib>

Then register it in /WEB-INF/web.xml as follows:

<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/functions.taglib.xml</param-value>
</context-param>

Then you can use it as follows:

<html ... xmlns:func="http://example.com/functions">
...
<script>var foo = '#{func:escapeJS(bean.foo)}';</script>
...
<h:xxx ... onclick="foo('#{func:escapeJS(bean.foo)}')" />

Alternatively, if you happen to already use the JSF utility library OmniFaces, then you can also just use its builtin of:escapeJS() function:

<html ... xmlns:of="http://omnifaces.org/functions">
...
<script>var foo = '#{of:escapeJS(bean.foo)}';</script>
...
<h:xxx ... onclick="foo('#{of:escapeJS(bean.foo)}')" />

More Related Contents:

  1. Mixing JSF EL in a JavaScript file
  2. How to invoke animation when redirection in jsf?
  3. Unescape HTML entities in JavaScript?
  4. Insert HTML into view from AngularJS controller
  5. Escaping HTML strings with jQuery
  6. Access Java / Servlet / JSP / JSTL / EL variables in JavaScript
  7. How can I know the id of a JSF component so I can use in Javascript
  8. What is the HtmlSpecialChars equivalent in JavaScript?
  9. Escape quotes in JavaScript
  10. Pass parameter to p:remoteCommand from JavaScript
  11. How to convert characters to HTML entities using plain JavaScript
  12. Escaping Strings in JavaScript
  13. Calling a JavaScript function from managed bean
  14. How do I escape a single quote ( ‘ ) in JavaScript? [duplicate]
  15. Sanitizing user input before adding it to the DOM in Javascript
  16. How to pass JavaScript variables as parameters to JSF action method?
  17. How to use jQuery and jQuery plugins with PrimeFaces
  18. How can I insert new line/carriage returns into an element.textContent?
  19. List of all characters that should be escaped before put in to RegEx?
  20. Integrate JavaScript in JSF composite component, the clean way
  21. JavaScript Regex, where to use escape characters?
  22. How to escape a JSON string to have it in a URL?
  23. How do I give JavaScript variables data from ASP.NET variables?
  24. How to pass an EL variable to javascript
  25. Getting backing bean value with Javascript
  26. How do I escape a string for a shell command in node?
  27. decodeURIComponent vs unescape, what is wrong with unescape?
  28. Execute JavaScript after every JSF ajax postback
  29. Escaping HTML entities in JavaScript string literals within the block
  30. How to re-execute javascript function after form reRender?

Leave a Comment