Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unescape apostrophe (') in JavaScript?

Tags:

javascript

escaping

I'm trying to unescape a HTML-escaped apostrophe ("'") in JavaScript, but the following doesn't seem to work on a devtools console line: 

unescape(''');

The output is simply: 

"'"

It doesn't work in Underscore's unescape either: 

_.unescape(''')

What am I doing wrong?

like image 764
Richard Avatar asked Aug 07 '13 14:08

Richard

People also ask

Can I use Unescape?

unescape() Deprecated: This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes.

What is &# 39 in JavaScript?

Unescape apostrophe (') in JavaScript?

What is unescape () and escape () functions?

The escape() function is used to encode a string, making it safe for use in a URL. The unescape() function is used to decode an encoded string.

What does Unescape mean in JavaScript?

The escape() and unescape() functions is to Encode and decode a string in JavaScript. The escape() function in JavaScript to make a string portable to transmit it over a network and we can use unscape() function to get back the original string.

2 Answers

unescape has nothing to do with HTML character entities. It's an old, deprecated function for decoding text encoded with escape, which is an old, deprecated function for encoding text in a way that is unlikely to be useful in the modern world. :-)

If you need to turn that HTML into plain text, the easiest way is via an element:

var div = document.createElement('div');
div.innerHTML = "'";
alert(div.firstChild.nodeValue);

Live Example | Live Source

Note that the above relies on the fact that there are no elements defined in your HTML text, so it knows there is exactly one child node of div, which is a text node.

For more complicated use cases, you might use div.innerText (if it has one) or div.textContent:

var div = document.createElement('div');
div.innerHTML = "'";
alert(div.innerText || div.textContent || "");

Live Example | Live Source

like image 98
T.J. Crowder Avatar answered Nov 07 '22 00:11

T.J. Crowder

By using createElement like in T.J.'s answer, you open yourself up to XSS attacks.

DOMParser is a much safer way to correctly unescape HTML entities (including ')

function unescape(string) {
  return new DOMParser().parseFromString(string,'text/html').querySelector('html').textContent;
}

console.log(unescape('''));

You can use the function above with a string from any source, and the string won't be able to modify your page or steal data by including JavaScript.

like image 30
Ethan Avatar answered Nov 06 '22 22:11

Ethan
Sign in to Comment

Related questions

Object.create method in javascript
line break in alert popup
How can I animate a vector path being drawn with Raphael JS?
Referencing "this" from within a javascript callback
(jQuery) Save checkbox state on click in cookie
Detecting whether two divs overlap [duplicate]
How to avoid automatic page reload after XMLHttpRequest call?
Polar plots using D3.js
Click event on dynamically generated list items using jquery
Object returning NaN when sum values
Javascript -- Compare two arrays, return differences, BUT
Interactive circle in google map which changes on changing radius
Concat JS not working
Error in jQuery UI Tabs: Mismatching fragment identifier.
How to get clicked submit button when submitting a form via JQuery
To check if a string is alphanumeric in javascript
Javascript regex to match fully qualified domain name, without protocol, optional subdomain
how to embed a code editor in a page?
EXT 4.2 ComboBox grouping of results with XTemplate
split(/\s+/).pop() - what does it do?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!