Forum OpenACS Q&A: javascript, ns_urlencode, and IE

Collapse
Posted by Jonathan Ellis on
I want to display an href that calls a function based on a username:

<a href="javascript:fn('[ns_urlencode $name]')">call</a>

the urlencode is to take care of any quotes in $name that could
confuse things.

This works as expected for NN, but IE transparently unencodes it
before making the call and errors out when $name has quotes in it.

Any ideas?

Collapse
Posted by Hanjo Pepoulis on
Hi Jonathan,

maybe you do may try this:

1. regsub -all -- {'} $name {\'} name

2. ns_quotehtml $name

The regsub helps to not break the js single quotes, the quotehtml is for the outer html tags and quotes.

Collapse
2: By the way... (response to 1)
Posted by Hanjo Pepoulis on
Is it possible that this board breaks if I quote (with a backslash) a single quote?

Try it out...

(unpatched Driver used?)

------------------------------------------------

We're going to try the insert now...

Ouch!!
Here was the bad news from the database:

Database operation "dml" failed 0005Ac

Don't quit your browser. You might be able to resubmit your posting five or ten minutes from now.

Collapse
Posted by Jonathan Ellis on
if I do that then I have to worry about escaping backslashes and other characters too. this is what I used to do but it's very fragile. urlencode takes care of all these quite simply so I'd really prefer to use that.

What I ended up doing is using a JS hash to hold the urlencoded strings. Apparently IE only tries to be helpful in hrefs so this sidesteps it:

set m_name_js "names = new Object;"
foreach m_id $l {
   append m_name_js "names.m$m_id = '[ns_urlencode $name]';"
}
then I pass the (numeric) id to my function and it looks up the appropriate name.
Collapse
Posted by Hanjo Pepoulis on
if I do that then I have to worry about escaping backslashes and other characters too. this is what I used to do but it's very fragile. urlencode takes care of all these quite simply so I'd really prefer to use that.

I don't think it's so fragile. Maybe it's just a backslash, single quote and quote to escape, but I guess that's all?

A browser will urlencode it like in hidden fields and correctly (1 time) urldecode it later. I assume this will be interpreted by more browsers than encoding it manually. But I can't tell exactly.