Need to escape the quotes of a variable in MVC View to pass as a parameter to JavaScript

Question

I have a MVC view in which I have to pass a string variable to JavaScript, but that string variable has single quotes in it ('). I am trying to do something like this

<a onclick="JavaScript:AddressHandler.ProcessAddress('<%= homeAddress %>');" 
                            class="button-link">change</a>

homeAddress has single quotes which I have to workaround somehow so that I can pass the complete value of it to the JavaScript.

Answer 1

You can use Ajax helper: Ajax.JavaScriptStringEncode(string strToEncode)

Answer 2

To escape a string to be a Javascript string literal, you replace backslash with double backslashes, and the string delimiter with a backslash and the delimiter:

<a onclick="AddressHandler.ProcessAddress('<%= homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") %>');" class="button-link">change</a>

Note: The javascript: protocol is used when you put script in an URL, not as an event handler.

Edit:
If the script also contains characters that need HTML encoding, that should be done after escaping the Javascript string:

<a onclick="<%= Html.Encode("AddressHandler.ProcessAddress('" + homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") +"');") %>" class="button-link">change</a>

So, if you don't know what the string contains, to be safe you need to first escape the string literal, then HTML encode the code so that it can be put in the attribute of the HTML tag.