stackoom
  简体   繁体   中英

How do you define a string in JavaScript that could contain any character?

 原文  2013-05-17 13:54:37       javascript/ string/ passwords/ salesforce/ visualforce

Question

Even though I'm using a Salesforce variable in my JavaScript, it is not necessary to know Salesforce to answer my question. There's a password field I want to access. I can do this by using the Salesforce variable, {!Account.Password__c} , inside my JavaScript like so: 

var p = '{!Account.Password__c}';

I've been using this for a long time, but there are some instances where it doesn't work. The only problem is that the password could contain any character (as a good password should). So if it contains a single quote, then this JavaScript will not run. I could write it with double quotes: 

var p = "{!Account.Password__c}";

But it could contain a double quote also. It could also contain forward slashes and/or back slashes.

The password string needs to be able to take any of these:
Idon'tknow
pass"word"
/-\\_|)_/-\\_/\\/\\
"'!@#
+*co/rn

This is my code: 

var u = '{!Account.Email_Address__c}';
var p = escape(encodeURIComponent('{!Account.Password__c}'));
window.open('http://mywebsite.com/?&u=' + u + '&p=' + p,'_blank');

2 answers

solution1
 2 ACCPTED  2013-05-17 16:26:28

What you're looking for is the JSENCODE function. It will escape quotes, backslashes, and anything else that might mess up your Javascript string. 

var p = '{!JSENCODE(Account.Password__c)}';

If your Javascript is inside an HTML tag (eg: in an 'onclick' attribute) then use the JSINHTMLENCODE function, which will html-encode the characters <&> .

These are documented in the Visualforce Functions reference.

solution2
 0  2013-05-17 14:03:11

Your problem is that of escaping. You can backslash any character in a string - so if you have, say, owowow"'!thisishard as a password, to assign it straight up to a JS var, you would do this: 

var p = "owowow\"\'!thisishard";

Which deals with the escaping. You do not need to do this if you have acquired the variable from another source (say, a text element through element.value ).

This does not reove a couple of issues:

  1. Passing passwords through GET params is pretty high up on the OWASP guidelines of things not to do. The reason being that they will show up on server logs in addition to being sniffable through conventional means.
  2. Why on earth are you doing this?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do you define a type which could be any subtree of an object recursively? How do you split a string at certain character numbers in javascript? How do you define an OOP class in JavaScript? How do you select all id tags that contain a certain string in javascript? How to validate this string not to contain any special characters in Javascript? How to check if string starts with number and does not contain any substring with it in javascript? How do I create a regex for a string made up of a variable name followed by any character in Javascript? How to do you insert new line character ie “↵” as a character (ASCII VALUE 10) in a javascript string without breaking it into a new line? Javascript match for string that doesn't contain a character How to define a character is not there at starting of string?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM