|
|
|
start date: Fri, 17 Aug 2007 07:24:23 -0700,
posted on: microsoft.public.dotnet.framework.aspnet
back
| Thread Index |
|
1
am
|
|
2
bruce barker
|
|
3
am
|
Best ways to translate characters/entities for javascript use and for e-mail
Overview: I want to know the best/easiest way to make arbitrary text data
safe for programmatic insertion into javascript.
Detail: I'm plotting database data onto maps by looping through my records,
building up a javascript statement using stringbuilder, and injecting that
into my page:
***
StringBuilder sb = new StringBuilder();
....[ORM stuff deleted] ..
foreach (Locations loc in locoll)
{
currlocstring = ("AddPin(" + loc.Latitude + "," + loc.Longitude
+ ",null,'" + loc.Name + "','" + loc.Name.Replace("''", "") + "');");
sb.Append(currlocstring);
}
string myScript = "<script type='text/javascript'> ... sb.ToString() + "
</script>";
Page.ClientScript.RegisterStartupScript(this.GetType(), "myscript",
myScript);
***
loc.Name is arbitrary data entered via a form. If the user enters script
characters like apostrophes, it breaks the rendered javascript. I am
wondering if there is an "all in one" sanitizer script inside or outside the
..NET framework that will handle all problematic characters.
Any help out there in netland?
Thank you,
-KF
Date:Fri, 17 Aug 2007 07:24:23 -0700
Author:
|
Re: Best ways to translate characters/entities for javascript use
and for e-mail
you can write a javascript quoting function, or the easiest is to use a
hidden field that both can access, then .net will handling the quoting.
public static string JscriptQuote(string s)
{
s = s.Replace("'", "\\'");
s = s.Replace("\n", "\\n");
s = s.Replace("\r", "");
return "'" + s + "'";
}
-- bruce (sqlwork.com)
kenfine@nospam.nospam wrote:
> Overview: I want to know the best/easiest way to make arbitrary text data
> safe for programmatic insertion into javascript.
>
> Detail: I'm plotting database data onto maps by looping through my records,
> building up a javascript statement using stringbuilder, and injecting that
> into my page:
> ***
> StringBuilder sb = new StringBuilder();
> ...[ORM stuff deleted] ..
> foreach (Locations loc in locoll)
> {
> currlocstring = ("AddPin(" + loc.Latitude + "," + loc.Longitude
> + ",null,'" + loc.Name + "','" + loc.Name.Replace("''", "") + "');");
> sb.Append(currlocstring);
> }
> string myScript = "<script type='text/javascript'> ... sb.ToString() + "
> </script>";
>
> Page.ClientScript.RegisterStartupScript(this.GetType(), "myscript",
> myScript);
> ***
>
> loc.Name is arbitrary data entered via a form. If the user enters script
> characters like apostrophes, it breaks the rendered javascript. I am
> wondering if there is an "all in one" sanitizer script inside or outside the
> .NET framework that will handle all problematic characters.
>
> Any help out there in netland?
>
> Thank you,
>
> -KF
>
>
Date:Fri, 17 Aug 2007 07:59:06 -0700
Author:
|
Re: Best ways to translate characters/entities for javascript use and for e-mail
Thank you Bruce. Can you discuss this tactic involving the hidden field a
little more? I've never heard of it. Are you saying you would
programmatically load the text data into a hidden field, and then drag it
out again, and that process would sanitize the data?
How exactly would you do this in code?
-KF
"bruce barker" wrote in message
news:e%23c7t8N4HHA.5316@TK2MSFTNGP04.phx.gbl...
> you can write a javascript quoting function, or the easiest is to use a
> hidden field that both can access, then .net will handling the quoting.
>
> public static string JscriptQuote(string s)
> {
> s = s.Replace("'", "\\'");
> s = s.Replace("\n", "\\n");
> s = s.Replace("\r", "");
> return "'" + s + "'";
> }
>
> -- bruce (sqlwork.com)
>
>
> kenfine@nospam.nospam wrote:
>> Overview: I want to know the best/easiest way to make arbitrary text data
>> safe for programmatic insertion into javascript.
>>
>> Detail: I'm plotting database data onto maps by looping through my
>> records, building up a javascript statement using stringbuilder, and
>> injecting that into my page:
>> ***
>> StringBuilder sb = new StringBuilder();
>> ...[ORM stuff deleted] ..
>> foreach (Locations loc in locoll)
>> {
>> currlocstring = ("AddPin(" + loc.Latitude + "," +
>> loc.Longitude + ",null,'" + loc.Name + "','" + loc.Name.Replace("''", "")
>> + "');");
>> sb.Append(currlocstring);
>> }
>> string myScript = "<script type='text/javascript'> ... sb.ToString() + "
>> </script>";
>>
>> Page.ClientScript.RegisterStartupScript(this.GetType(), "myscript",
>> myScript);
>> ***
>>
>> loc.Name is arbitrary data entered via a form. If the user enters script
>> characters like apostrophes, it breaks the rendered javascript. I am
>> wondering if there is an "all in one" sanitizer script inside or outside
>> the .NET framework that will handle all problematic characters.
>>
>> Any help out there in netland?
>>
>> Thank you,
>>
>> -KF
Date:Fri, 17 Aug 2007 08:46:48 -0700
Author:
|
|
|
