Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / August 2007

Tip: Looking for answers? Try searching our database.

Best ways to translate characters/entities for javascript use and for e-mail

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
kenfine@nospam.nospam - 17 Aug 2007 15:24 GMT
Overview: I want to know the best/easiest way to make arbitrary text data
safe for programmatic insertion into javascript.

Detail: I'm plotting database data onto maps by looping through my records,
building up a javascript statement using stringbuilder, and injecting that
into my page:
***
     StringBuilder sb = new StringBuilder();
...[ORM stuff deleted] ..
       foreach (Locations loc in locoll)
       {
           currlocstring = ("AddPin(" + loc.Latitude + "," + loc.Longitude
+ ",null,'" + loc.Name + "','" + loc.Name.Replace("''", "") + "');");
       sb.Append(currlocstring);
}
string myScript = "<script type='text/javascript'> ... sb.ToString() + "
</script>";

Page.ClientScript.RegisterStartupScript(this.GetType(), "myscript",
myScript);
***

loc.Name is arbitrary data entered via a form. If the user enters script
characters like apostrophes, it breaks the rendered javascript. I am
wondering if there is an "all in one" sanitizer script inside or outside the
.NET framework that will handle all problematic characters.

Any help out there in netland?

Thank you,

-KF
Reply to this Message
bruce barker - 17 Aug 2007 15:59 GMT
you can write a javascript quoting function, or the easiest is to use a
hidden field that both can access, then .net will handling the quoting.

 public static string JscriptQuote(string s)
 {
   s = s.Replace("'", "\\'");
   s = s.Replace("\n", "\\n");
   s = s.Replace("\r", "");
   return "'" + s + "'";
 }

-- bruce (sqlwork.com)

> Overview: I want to know the best/easiest way to make arbitrary text data
> safe for programmatic insertion into javascript.
[quoted text clipped - 28 lines]
>
> -KF
Reply to this Message
kenfine@nospam.nospam - 17 Aug 2007 16:46 GMT
Thank you Bruce. Can you discuss this tactic involving the hidden field a
little more? I've never heard of it. Are you saying you would
programmatically load the text data into a hidden field, and then drag it
out again, and that process would sanitize the data?

How exactly would you do this in code?

-KF

> you can write a javascript quoting function, or the easiest is to use a
> hidden field that both can access, then .net will handling the quoting.
[quoted text clipped - 42 lines]
>>
>> -KF
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.