Safely pass string to javascript

Question

I am trying to pass a string from my java code to javascript like so:

myData.data = "${data.myString}";

This breaks if myString contains a "

I tried storing a javascript safe string instead, just replacing " with \" but then when I use myString in my jsp I get an ugly output with \" showing instead of "

What is the best way to safely pass a string and not mess up the rest of my output.

not a robust solution, but can you use single quotes instead? — Zach Lysobey
– Zach Lysobey, Commented Feb 18, 2013 at 20:58
did you try to use ' (single quote) instead of " (double quote). you maybe also need to escape this. — mr.VVoo
– mr.VVoo, Commented Feb 18, 2013 at 20:58
single quotes causes the same problem, these are user submitted comments that can legitimately contain ' and " — Lumpy
– Lumpy, Commented Feb 18, 2013 at 20:58

Community · Accepted Answer · 2017-05-23 10:24:51Z

1

Encode it into the html in the JSP:

<input id="test_hide" type="hidden" value="${URIUtil.encodeAll("http://www.google.com?q=a b","UTF-8")}">

Then in the JavaScript:

 myData.data = decodeURIComponent(document.getElementById('test_hide').getAttribute('value'));

Java - Convert String to valid URI object

edited May 23, 2017 at 10:24

CommunityBot

11 silver badge

answered Feb 18, 2013 at 21:08

Justin Thomas

5,8473 gold badges44 silver badges63 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Justin Thomas Over a year ago

Yeah I had that originally. My use of URLEncoder is fuzzy :) Thanks

Zach Lysobey · Accepted Answer · 2013-02-18 21:25:46Z

0

Replacing the double quotes with " should work

edited Feb 18, 2013 at 21:25

Zach Lysobey

15.9k21 gold badges101 silver badges152 bronze badges

answered Feb 18, 2013 at 21:15

orangegoat

2,7231 gold badge17 silver badges17 bronze badges

Comments

user2138983 · Accepted Answer · 2013-03-06 10:17:38Z

0

A bad solution :

Check if your string has double quotes, if yes then use

myData.data = '${data.myString}';

if it contains single quotes use

myData.data = "${data.myString}";

This will explode if you have both single and double quotes.

A good solution :

Just use

&quot;

answered Mar 6, 2013 at 10:17

user2138983

1,33310 silver badges15 bronze badges

Collectives™ on Stack Overflow

Safely pass string to javascript

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related