right - thanks! I was on the phone with someone discussing the problem (which is why it took me a minute to reply) and the basic message he gave me was to play around with \\\' (or as many backslashes as it takes to properly get the string formatted for a couple levels of rendering)
but I believe your suggestion about not using innerHTML and instead using Event.observe is much better. I will look into that. I think that's a much more solid way of approaching these situations (regardless of this problem.) thanks again! s On Oct 9, 6:13 pm, "T.J. Crowder" <[EMAIL PROTECTED]> wrote: > Hi, > > I'm off to bed, but since you still haven't posted the JSON data your > server is returning, I'll tell you what I'm pretty sure is wrong. > Apologies for any lack of clarity, I'm rushing. I suspect your JSON > looks like this: > > Example #1: > * * * * > { > "message": "This is a \'message\' with \"quotes\" in it."} > > * * * * > > That JSON snippet defines a property, "message", with a string value > that DOES NOT CONTAIN ANY BACKSLASHES. The string contains quotes. > The *value* of the string is: > > This is a 'message' with "quotes" in it. > > Now, that's entirely correct and as it should be. Where I think > you're going wrong is where you're using it. Say we have the JSON > data from Example 1 above decoded and stored in a variable called > 'json'. If I wanted to show an alert with that text, I could use the > *value* of json.message to do that: > > alert(json.message); > > That's fine. But setting innerHTML is different. You're setting a > string with the textual representation of the HTML and JavaScript you > want to put in the element. That string will be decoded and > interpreted by the browser. It needs to be the textual representation > of what you want. So if I wanted to create a click handler to show > that alert, this would be wrong: > > element.innerHTML = "<div onclick=\"alert('" + json.message + "'); > \" />"; // <= WRONG > > Let's deconstruct why. First, let's substitute in the value of > json.message: > > element.innerHTML = "<div onclick=\"alert('This is a \'message\' > with \"quotes\" in it.');\" />"; > > Remember that the right-hand side of that is a string. Let's look at > the value of that string: > > <div onclick="alert('This is a 'message' with "quotes" in it.');" / > > > > ...which is, of course, wrong. > > So what do you do? Well, what *I* would do is not use an onclick > handler in the first place. Use c instead: > > element.innerHTML = "<div id='myDiv' />"; > Event.observe.defer('myDiv', 'click', function() { > alert(json.message); > }); > > Creating handlers via innerHTML is (as you've discovered!) complicated > and unpleasant. But if you *really* want to do that, you'll have to > escape the string. I haven't had to do that in JavaScript for so long > I don't recall whether it has a built-in for it (it's not "escape()", > sadly) or whether Prototype has a method for it (not seeing on one > first glance). It's probably not a complicated regex, basically put a > backslash in front of all chars in the '\x00' to '\x1f' range > (inclusive) and in front of single quote ('), double quote ("), and > backslash (/). > > HTH, > -- > T.J. Crowder > tj / crowder software / com > > On Oct 9, 10:07 pm, "suki rosen" <[EMAIL PROTECTED]> wrote: > > > "Why are you printing the variable contents instead of using the variables > > directly?" > > > if the variable has been printed to the browser, then I'm not aware of the > > difference (between a variable and the value of the variable). I mean, once > > I swap something out using innerHTML, it doesn't matter if it's a variable > > or not as the value of the variable is what gets printed. In case I was not > > clear, the errors are thrown when the user clicks on the element with an > > onclick - as opposed to when the page is getting built. > > > also - I am using Ajax.Request to get new user messages. These messages are > > represented by a user thumbnail (for example) and there's an onclick on the > > thumbnail that loads the message. > > > so in reference to "Are you using javascript to print out the onmouseover > > text, or a server-side language?" - yes, I am using javascript to print the > > mouseover text because it's coming from the server via an ajax interaction > > and not on a page load. > > > I can certainly post code, but maybe I was more clear about the situation > > here. > > > On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen <[EMAIL PROTECTED]> wrote: > > > Why are you printing the variable contents instead of using the variables > > > directly? Are you using javascript to print out the onmouseover text, or a > > > server-side language? Can you post some sample code? Thanks > > > -Hector > > > > On Thu, Oct 9, 2008 at 1:52 PM, suki rosen <[EMAIL PROTECTED]> wrote: > > > >> for example, here's a user description: 'I'll take you down to china > > >> town' > > > >> I want to print onclick="function('I'll take you down to china town')" > > > >> or for rollovers > > > >> onmouseover="tool_tip('I'll take you down to china town', 100);" > > > >> both of those throw errors. obviously I need it to work for double quotes > > >> or single quotes. > > > >> On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen <[EMAIL PROTECTED]> wrote: > > > >>> Maybe I'm not understanding your implementation, but why do the quotes > > >>> have to be escaped? If you are passing the data to a function, and is > > >>> already in the form of a variable, then you do not need to escape it. > > >>> Can > > >>> you give me an example of a JSON response? > > >>> -Hector > > > >>> On Thu, Oct 9, 2008 at 1:21 PM, suki rosen <[EMAIL PROTECTED]> wrote: > > > >>>> personally, I would consider this a serious drawback to using json - as > > >>>> opposed to xml, which does not display this behavior. I'm really > > >>>> hoping > > >>>> there's a workaround here, but I feel like I may drop prototype in > > >>>> favor of > > >>>> a library that has better xml support. > > > >>>>> On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen <[EMAIL > > >>>>> PROTECTED]>wrote: > > > >>>>>> Is there a reason you need the data to remain escaped while being > > >>>>>> used > > >>>>>> by javascript? Unless your javascript is interacting directly with > > >>>>>> the > > >>>>>> database, you should not need to keep your data escaped. Once > > >>>>>> javascript is > > >>>>>> done with the data, and sends it back to the server, the server > > >>>>>> should then > > >>>>>> re-escape the unescaped data before inserting into the database. > > >>>>>> -Hector > > > >>>>>> On Thu, Oct 9, 2008 at 11:22 AM, pancakes <[EMAIL PROTECTED]>wrote: > > > >>>>>>> Hi. > > >>>>>>> I'm using prototype for my ajax routines. I'm returning a json > > >>>>>>> object > > >>>>>>> from the server containing user information. Some of the > > >>>>>>> information > > >>>>>>> contains user descriptions with quotes and other weird characters > > >>>>>>> that > > >>>>>>> need to be escaped. > > > >>>>>>> for example > > >>>>>>> 'I'm going to the store, don't 'cha know?' > > >>>>>>> is stored in my db as > > >>>>>>> 'I\'m going to the store, don\'t \'cha know?' > > > >>>>>>> but when I get my json object back from the server, I need to eval() > > >>>>>>> it. This strips the slashes. I tried prototype's built in json > > >>>>>>> parser > > >>>>>>> next (evalJSON();) with the same results. > > > >>>>>>> Is there any way to preserve my escape characters and use json for > > >>>>>>> data structuring?? > > > >>>>>>> I am aware that javascript has find/replace functions, but trusting > > >>>>>>> the escaping of problem characters to the browser doesn't appeal to > > >>>>>>> me. I want to escape the data on the server. also, this needs to > > >>>>>>> work for single or double quotes, as these are user input and I want > > >>>>>>> it to work regardless of the data. > > > >>>>>>> thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~----------~----~----~----~------~----~------~--~---