Escaping HTML entities in JavaScript string literals within the block

by

The following characters could interfere with an HTML or Javascript parser and should be escaped in string literals: <, >, ", ', \, and &.

In a script block using the escape character, as you found out, works. The concatenation method (</scr' + 'ipt>') can be hard to read. 

var s="Hello <\/script>";

For inline Javascript in HTML, you can use entities:

<div onClick="alert('Hello &quot;>')">click me</div>

Demo: http://jsfiddle.net/ThinkingStiff/67RZH/

The method that works in both <script> blocks and inline Javascript is \uxxxx, where xxxx is the hexadecimal character code.

  • <\u003c
  • >\u003e
  • "\u0022
  • '\u0027
  • \\u005c
  • &\u0026

Demo: http://jsfiddle.net/ThinkingStiff/Vz8n7/

HTML:

<div onClick="alert('Hello \u0022>')">click me</div>

<script>
    var s="Hello \u003c/script\u003e";
alert( s );
</script>

More Related Contents:

  1. HTML-encoding lost when attribute read from input field
  2. Unescape HTML entities in JavaScript?
  3. What is the HtmlSpecialChars equivalent in JavaScript?
  4. How to convert characters to HTML entities using plain JavaScript
  5. Unescape HTML entities in JavaScript?
  6. How do I escape a single quote ( ‘ ) in JavaScript? [duplicate]
  7. How do I escape a string inside JavaScript code inside an onClick handler?
  8. Wave effect around circle when clicked using CSS and HTML
  9. How can I make my header smaller if i will scroll down the webpage [closed]
  10. Calling an event when you press the enter button
  11. Height equal to dynamic width (CSS fluid layout) [duplicate]
  12. Get div height with plain JavaScript
  13. Populate one dropdown based on selection in another
  14. How to get the name of the current Windows user in JavaScript
  15. Javascript onclick function is called immediately (not when clicked)?
  16. How can I open a link in new tab (and not new window)? [duplicate]
  17. Making a javascript string sql friendly
  18. Dashed border animation in css3 animation
  19. jQuery – Redirect with post data
  20. IE8 alternative to window.scrollY?
  21. CSS: Change parent on focus of child
  22. Click on option event
  23. Attach event listener through javascript to radio button
  24. swfobject.embedSWF not working?
  25. How to filter input type=”file” dialog by specific file type?
  26. Javascript click event handler – how do I get the reference to the clicked item?
  27. html5/Javascript – How to get the Selected folder name?
  28. Do duplicate ID values screw up jQuery selectors?
  29. Split text into pages and present separately (HTML5)
  30. Can you have multiple lines in an element?

Leave a Comment