Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I escape an ampersand in a javascript string so that the page will validate strict?

I am trying to pass a dataString to to an ajax call using JQuery. In the call, I construct the get parameters and then send them to the php page on the receiving end. The trouble is that the data string has ampersands in them and the HTML strict validator is chocking on it.

Here is the code:

$(document).ready(function(){     $("input#email").focus();     $('#login_submit').submit(function(){         var username = $('input#email').val();         var password = $('input#password').val();         var remember = $('input#remember').attr("checked");         var dataString = "email="+username+"&password="+password+"&remember="+remember;         $.post('login.php', dataString, function(data) {             if (data == 'Login Succeeded.') {                 location.reload(true);             } else {                 $("input#email").focus();                 $("#login_msg").html(data).effect("pulsate", {times: 2}, 1000);              }         });                  return false;     }); }); 

and here is an example of the validator message: cannot generate system identifier for general entity "password".

var dataString = "email="+username+"&password="+password+"&remember="+rememb… 

(in the validator the "p" after the first ampersand is marked red indicating the point of the failure).

like image 843
Mike Farmer Avatar asked Dec 10 '08 04:12

Mike Farmer


People also ask

How do you escape the symbol in JavaScript?

Javascript uses '\' (backslash) in front as an escape character. To print quotes, using escape characters we have two options: For single quotes: \' (backslash followed by single quote) For double quotes: \” (backslash followed by double quotes)

How do you escape a string in JavaScript?

Using the Escape Character ( \ ) We can use the backslash ( \ ) escape character to prevent JavaScript from interpreting a quote as the end of the string. The syntax of \' will always be a single quote, and the syntax of \" will always be a double quote, without any fear of breaking the string.

What is escape () in JS?

Definition and Usage The escape() function was deprecated in JavaScript version 1.5. Use encodeURI() or encodeURIComponent() instead. The escape() function encodes a string. This function makes a string portable, so it can be transmitted across any network to any computer that supports ASCII characters.

How do you put an ampersand in a query string?

For example, to encode a URL with an ampersand character, use %24. However, in HTML, use either & or &, both of which would write out the ampersand in the HTML page.


1 Answers

Try putting your javascript inside a CDATA block like this:

<script type="text/javascript"> <![CDATA[ // content of your Javascript goes here ]]> </script>  

which should make it pass validation. To be extra safe you can add Javascript comments around the CDATA tags to hide them from older browsers who don't understand the CDATA tag:

<script type="text/javascript"> /* <![CDATA[ */ // content of your Javascript goes here /* ]]> */ </script>  
like image 136
Marc Novakowski Avatar answered Sep 28 '22 01:09

Marc Novakowski