stackoom
  简体   繁体   中英

Escaping Javascript in PHP

 原文  2012-06-21 15:20:41       php/ javascript

Question

I'm looking for the best way to escape some Javascript text in PHP, and json_encode is the wrong tool for the job.

The problem comes from this line: 


echo " onclick=\"SwitchDiv('" . $option . "')\"";
If there's an apostrophe in $option , this is a juicy ball of client-side fail. But doing a straight json_encode (which works perfectly well in other contexts) doesn't help: 
 echo " onclick=\\"SwitchDiv(" . json_encode($option) . ")\\"";
That creates an output string of onclick="SwitchDiv("athlete's foot")" , resulting in premature termination of the onclick value. (Which also happens if I enclose the onclick value in single quotes.)

Is there an elegant way around this? Should I just funnel the json_encode output through a regex that will escape the single quotes?

1 answers

solution1
 3 ACCPTED  2012-06-21 15:27:25

json_encode is the right tool for the job. Your problem arises from the fact that you are also including that Javascript in an HTML attribute , thus it also needs to be htmlspecialchars -encoded. 

echo " onclick=\"SwitchDiv(" . htmlspecialchars(json_encode($option)) . ")\"";

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP in JavaScript and escaping Escaping this javascript code in php Escaping quote in JavaScript and PHP Escaping characters in php, javascript Escaping <?php ?> in the JavaScript of a php file Heredoc escaping PHP variables in JavaScript HTML Escaping/Encoding in Javascript/PHP PHP: Escaping single quotes in javascript echoed by php? Escaping quotation marks in PHP for JavaScript function argument Correctly escaping a string in php before passing it to javascript
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM