right - thanks! I was on the phone with someone discussing the
problem (which is why it took me a minute to reply) and the basic
message he gave me was to play around with \\\' (or as many
backslashes as it takes to properly get the string formatted for a
couple levels of rendering)
but I believe your suggestion about not using innerHTML and instead
using Event.observe is much better. I will look into that. I think
that's a much more solid way of approaching these situations
(regardless of this problem.)
thanks again!
s
On Oct 9, 6:13 pm, "T.J. Crowder" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm off to bed, but since you still haven't posted the JSON data your
> server is returning, I'll tell you what I'm pretty sure is wrong.
> Apologies for any lack of clarity, I'm rushing. I suspect your JSON
> looks like this:
>
> Example #1:
> * * * *
> {
> "message": "This is a \'message\' with \"quotes\" in it."}
>
> * * * *
>
> That JSON snippet defines a property, "message", with a string value
> that DOES NOT CONTAIN ANY BACKSLASHES. The string contains quotes.
> The *value* of the string is:
>
> This is a 'message' with "quotes" in it.
>
> Now, that's entirely correct and as it should be. Where I think
> you're going wrong is where you're using it. Say we have the JSON
> data from Example 1 above decoded and stored in a variable called
> 'json'. If I wanted to show an alert with that text, I could use the
> *value* of json.message to do that:
>
> alert(json.message);
>
> That's fine. But setting innerHTML is different. You're setting a
> string with the textual representation of the HTML and JavaScript you
> want to put in the element. That string will be decoded and
> interpreted by the browser. It needs to be the textual representation
> of what you want. So if I wanted to create a click handler to show
> that alert, this would be wrong:
>
> element.innerHTML = "<div onclick=\"alert('" + json.message + "');
> \" />"; // <= WRONG
>
> Let's deconstruct why. First, let's substitute in the value of
> json.message:
>
> element.innerHTML = "<div onclick=\"alert('This is a \'message\'
> with \"quotes\" in it.');\" />";
>
> Remember that the right-hand side of that is a string. Let's look at
> the value of that string:
>
> <div onclick="alert('This is a 'message' with "quotes" in it.');" /
>
>
>
> ...which is, of course, wrong.
>
> So what do you do? Well, what *I* would do is not use an onclick
> handler in the first place. Use c instead:
>
> element.innerHTML = "<div id='myDiv' />";
> Event.observe.defer('myDiv', 'click', function() {
> alert(json.message);
> });
>
> Creating handlers via innerHTML is (as you've discovered!) complicated
> and unpleasant. But if you *really* want to do that, you'll have to
> escape the string. I haven't had to do that in JavaScript for so long
> I don't recall whether it has a built-in for it (it's not "escape()",
> sadly) or whether Prototype has a method for it (not seeing on one
> first glance). It's probably not a complicated regex, basically put a
> backslash in front of all chars in the '\x00' to '\x1f' range
> (inclusive) and in front of single quote ('), double quote ("), and
> backslash (/).
>
> HTH,
> --
> T.J. Crowder
> tj / crowder software / com
>
> On Oct 9, 10:07 pm, "suki rosen" <[EMAIL PROTECTED]> wrote:
>
> > "Why are you printing the variable contents instead of using the variables
> > directly?"
>
> > if the variable has been printed to the browser, then I'm not aware of the
> > difference (between a variable and the value of the variable). I mean, once
> > I swap something out using innerHTML, it doesn't matter if it's a variable
> > or not as the value of the variable is what gets printed. In case I was not
> > clear, the errors are thrown when the user clicks on the element with an
> > onclick - as opposed to when the page is getting built.
>
> > also - I am using Ajax.Request to get new user messages. These messages are
> > represented by a user thumbnail (for example) and there's an onclick on the
> > thumbnail that loads the message.
>
> > so in reference to "Are you using javascript to print out the onmouseover
> > text, or a server-side language?" - yes, I am using javascript to print the
> > mouseover text because it's coming from the server via an ajax interaction
> > and not on a page load.
>
> > I can certainly post code, but maybe I was more clear about the situation
> > here.
>
> > On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen <[EMAIL PROTECTED]> wrote:
> > > Why are you printing the variable contents instead of using the variables
> > > directly? Are you using javascript to print out the onmouseover text, or a
> > > server-side language? Can you post some sample code? Thanks
> > > -Hector
>
> > > On Thu, Oct 9, 2008 at 1:52 PM, suki rosen <[EMAIL PROTECTED]> wrote:
>
> > >> for example, here's a user description: 'I'll take you down to china
> > >> town'
>
> > >> I want to print onclick="function('I'll take you down to china town')"
>
> > >> or for rollovers
>
> > >> onmouseover="tool_tip('I'll take you down to china town', 100);"
>
> > >> both of those throw errors. obviously I need it to work for double quotes
> > >> or single quotes.
>
> > >> On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen <[EMAIL PROTECTED]> wrote:
>
> > >>> Maybe I'm not understanding your implementation, but why do the quotes
> > >>> have to be escaped? If you are passing the data to a function, and is
> > >>> already in the form of a variable, then you do not need to escape it.
> > >>> Can
> > >>> you give me an example of a JSON response?
> > >>> -Hector
>
> > >>> On Thu, Oct 9, 2008 at 1:21 PM, suki rosen <[EMAIL PROTECTED]> wrote:
>
> > >>>> personally, I would consider this a serious drawback to using json - as
> > >>>> opposed to xml, which does not display this behavior. I'm really
> > >>>> hoping
> > >>>> there's a workaround here, but I feel like I may drop prototype in
> > >>>> favor of
> > >>>> a library that has better xml support.
>
> > >>>>> On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen <[EMAIL
> > >>>>> PROTECTED]>wrote:
>
> > >>>>>> Is there a reason you need the data to remain escaped while being
> > >>>>>> used
> > >>>>>> by javascript? Unless your javascript is interacting directly with
> > >>>>>> the
> > >>>>>> database, you should not need to keep your data escaped. Once
> > >>>>>> javascript is
> > >>>>>> done with the data, and sends it back to the server, the server
> > >>>>>> should then
> > >>>>>> re-escape the unescaped data before inserting into the database.
> > >>>>>> -Hector
>
> > >>>>>> On Thu, Oct 9, 2008 at 11:22 AM, pancakes <[EMAIL PROTECTED]>wrote:
>
> > >>>>>>> Hi.
> > >>>>>>> I'm using prototype for my ajax routines. I'm returning a json
> > >>>>>>> object
> > >>>>>>> from the server containing user information. Some of the
> > >>>>>>> information
> > >>>>>>> contains user descriptions with quotes and other weird characters
> > >>>>>>> that
> > >>>>>>> need to be escaped.
>
> > >>>>>>> for example
> > >>>>>>> 'I'm going to the store, don't 'cha know?'
> > >>>>>>> is stored in my db as
> > >>>>>>> 'I\'m going to the store, don\'t \'cha know?'
>
> > >>>>>>> but when I get my json object back from the server, I need to eval()
> > >>>>>>> it. This strips the slashes. I tried prototype's built in json
> > >>>>>>> parser
> > >>>>>>> next (evalJSON();) with the same results.
>
> > >>>>>>> Is there any way to preserve my escape characters and use json for
> > >>>>>>> data structuring??
>
> > >>>>>>> I am aware that javascript has find/replace functions, but trusting
> > >>>>>>> the escaping of problem characters to the browser doesn't appeal to
> > >>>>>>> me. I want to escape the data on the server. also, this needs to
> > >>>>>>> work for single or double quotes, as these are user input and I want
> > >>>>>>> it to work regardless of the data.
>
> > >>>>>>> thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---
