在javascript字符串中用escape替换字符

Question

i know there must be thousands of threads like this, but the internet and stack overflow is flooded with results from other programming languages and simply replacing the characters with a whitespace and so on...

so... my problem is as follows...

i have a form with: <input type='text' id='my_input'>

then i parse all my fields in javascript (with jquery) to create my ajax call, like this

var my_value = $('#my_input').val();

then i do a replace to get the line breaks my_value = my_value.replace('\\n', '<br>');

after that i post my variables with ajax like this:

data_to_post = 'my_field1=' + my_value1 + 'my_field2' + my_value2;

$.ajax({  
type: 'POST',  
url: '/write_to_db.php',  
data: data_to_post
});  

now many people on my site talk about programming and that content started screwing up my site, because their post content gets parsed as php or as html formatting - i'm planning to replace all the problematic characters that could screw up the code of my site.

the most problematic expressions are html tags and &= because it interferes with the way i put my post variable together.

now, because those characters are necessary for the content, i can't simply replace them all with with a single character.

is there any way i could escape them (at best in a one line command)?

thanks!

UPDATE: my temporary solution is this:

this_string = this_string.replace(/</g, '&#60;');
this_string = this_string.replace(/>/g, '&#62;');
this_string = this_string.replace(/\n/g, '<br>');
this_string = escape(this_string);

Answer 1

I would use $.serializeJSON() on the form element itself to gather up all the values for the entire form. Then I would send that to the server-side script via an AJAX call. A task like parsing a complex comment or text field that allows for code as well as plain text is better left to a server-side language.

Answer 2

try the javascript function escape(): http://www.w3schools.com/jsref/jsref_escape.asp

data_to_post = 'my_field1=' + escape(my_value1) + 'my_field2' + escape(my_value2);

Edit:

to deal with the HTML characters the people are not allowed to post, you could php this:

$outputstring = "hi<br />bye!";
echo htmlspecialchars($outputstring);

info on how this works: http://php.net/manual/en/function.htmlspecialchars.php

Answer 3

How about:

my_value = my_value.replace(/\n|\.|\~/g, '<br>');

Put your characters to replace around the | (OR) separator and have the /g flag at the end

Answer 4

Although your intent is not entirely clear to me, you could preserve the programmers' content and still display the carriage return/linefeed by wrapping the expression in a tag.

Another possibility is to use CSS to style the appearance. Take a look at the answer to this post: How can I replace certain carriage return line feed followed by a dash with a <br/>?

Answer 5

It sounds like you are simply wanting to encode the HTML characters to preserve the HTML characters, so if this is the case the following will encode the text correctly:

var textVal = $('#my_input').val();
var encoded = $('<div/>').text(textVal).html();  

This creates an in-memory div to help with encoding. To decode you can simply change the div call to:

  var unencoded = $('<div/>').html(textVal).text()

Answer 6

您是否考虑过在以下示例中为您处理PHP？

nl2br(htmlspecialchars($str,ENT_QUOTES,'UTF-8'));

Answer 7

$.ajax({  
type: 'POST',  
url: '/write_to_db.php',  
data: {
   'my_field1': my_value1,
   'my_field2': my_value2
}
}); 

Pass an object in the data instead of a string, jquery do that for you.