Question

I have a MVC view in which I have to pass a string variable to JavaScript, but that string variable has single quotes in it ('). I am trying to do something like this

<a onclick="JavaScript:AddressHandler.ProcessAddress('<%= homeAddress %>');" 
                            class="button-link">change</a>

homeAddress has single quotes which I have to workaround somehow so that I can pass the complete value of it to the JavaScript.

Was it helpful?

Solution

To escape a string to be a Javascript string literal, you replace backslash with double backslashes, and the string delimiter with a backslash and the delimiter:

<a onclick="AddressHandler.ProcessAddress('<%= homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") %>');" class="button-link">change</a>

Note: The javascript: protocol is used when you put script in an URL, not as an event handler.

Edit:
If the script also contains characters that need HTML encoding, that should be done after escaping the Javascript string:

<a onclick="<%= Html.Encode("AddressHandler.ProcessAddress('" + homeAddress.Replace(@"\", @"\\").Replace("'", @"\'") +"');") %>" class="button-link">change</a>

So, if you don't know what the string contains, to be safe you need to first escape the string literal, then HTML encode the code so that it can be put in the attribute of the HTML tag.

OTHER TIPS

You can use Ajax helper: Ajax.JavaScriptStringEncode(string strToEncode)

You can write a method that escapes all single quotes (and other characters if needed) with a backslash so it is not misunderstood by javascript.

You'll want to encode homeAddress as a URL. MVC has a built in helper to do this: UrlHelper.Encode(string url) - it should replace a single quote with %27

I don't have time to test it, but look at HtmlHelper.Encode(string s). It might handle the escaping for you.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top