"It appears that the transport, in your case, is the javascript source code,
which needs escaping. But I'm curious as to how you're "printing" an onclick
attribute from javascript to javascript (or rather, why)."
I'm dynamically printing javascript functions to the page using ajax - in
order to allow users to interact with the printed content.
On Thu, Oct 9, 2008 at 5:49 PM, Hector Virgen <[EMAIL PROTECTED]> wrote:
> I'm still not sure if I'm following you.
> If the variable has been printed to the browser, then it should be printed
> in a format that the browser understands (dom element). Dom elements do not
> need escaping.
>
> If the variable is still in variable form, then it does not need escaping.
>
> The only time escaping is absolutely necessary is before transport, and it
> should escaped in a format suitable for the transport. Once it has been
> received, it should be unescaped, as there is no need for the escaping
> anymore.
>
> It appears that the transport, in your case, is the javascript source code,
> which needs escaping. But I'm curious as to how you're "printing" an onclick
> attribute from javascript to javascript (or rather, why).
>
> If you are parson json, you should be able to keep the values in their
> variable format throughout the javascript without the need to escape or
> evaluate it. For example:
>
> var json = '{ "message": "This has \"quotes\"" }'.evalJSON();
> alert(json.message); // alerts: This has "quotes"
>
> You should be able to use json.message throughout your javascript
> application without any escaping. Am I missing something?
>
> -Hector
>
>
> On Thu, Oct 9, 2008 at 2:07 PM, suki rosen <[EMAIL PROTECTED]> wrote:
>
>> "Why are you printing the variable contents instead of using the variables
>> directly?"
>>
>> if the variable has been printed to the browser, then I'm not aware of the
>> difference (between a variable and the value of the variable). I mean, once
>> I swap something out using innerHTML, it doesn't matter if it's a variable
>> or not as the value of the variable is what gets printed. In case I was not
>> clear, the errors are thrown when the user clicks on the element with an
>> onclick - as opposed to when the page is getting built.
>>
>> also - I am using Ajax.Request to get new user messages. These messages
>> are represented by a user thumbnail (for example) and there's an onclick on
>> the thumbnail that loads the message.
>>
>> so in reference to "Are you using javascript to print out the onmouseover
>> text, or a server-side language?" - yes, I am using javascript to print the
>> mouseover text because it's coming from the server via an ajax interaction
>> and not on a page load.
>>
>> I can certainly post code, but maybe I was more clear about the situation
>> here.
>>
>>
>> On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen <[EMAIL PROTECTED]> wrote:
>>
>>> Why are you printing the variable contents instead of using the variables
>>> directly? Are you using javascript to print out the onmouseover text, or a
>>> server-side language? Can you post some sample code? Thanks
>>> -Hector
>>>
>>>
>>> On Thu, Oct 9, 2008 at 1:52 PM, suki rosen <[EMAIL PROTECTED]> wrote:
>>>
>>>> for example, here's a user description: 'I'll take you down to china
>>>> town'
>>>>
>>>> I want to print onclick="function('I'll take you down to china town')"
>>>>
>>>> or for rollovers
>>>>
>>>> onmouseover="tool_tip('I'll take you down to china town', 100);"
>>>>
>>>> both of those throw errors. obviously I need it to work for double
>>>> quotes or single quotes.
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen <[EMAIL PROTECTED]>wrote:
>>>>
>>>>> Maybe I'm not understanding your implementation, but why do the quotes
>>>>> have to be escaped? If you are passing the data to a function, and is
>>>>> already in the form of a variable, then you do not need to escape it. Can
>>>>> you give me an example of a JSON response?
>>>>> -Hector
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Oct 9, 2008 at 1:21 PM, suki rosen <[EMAIL PROTECTED]>wrote:
>>>>>
>>>>>> personally, I would consider this a serious drawback to using json -
>>>>>> as opposed to xml, which does not display this behavior. I'm really
>>>>>> hoping
>>>>>> there's a workaround here, but I feel like I may drop prototype in favor
>>>>>> of
>>>>>> a library that has better xml support.
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen <[EMAIL PROTECTED]>wrote:
>>>>>>>
>>>>>>>> Is there a reason you need the data to remain escaped while being
>>>>>>>> used by javascript? Unless your javascript is interacting directly
>>>>>>>> with the
>>>>>>>> database, you should not need to keep your data escaped. Once
>>>>>>>> javascript is
>>>>>>>> done with the data, and sends it back to the server, the server should
>>>>>>>> then
>>>>>>>> re-escape the unescaped data before inserting into the database.
>>>>>>>> -Hector
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Oct 9, 2008 at 11:22 AM, pancakes <[EMAIL PROTECTED]>wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi.
>>>>>>>>> I'm using prototype for my ajax routines. I'm returning a json
>>>>>>>>> object
>>>>>>>>> from the server containing user information. Some of the
>>>>>>>>> information
>>>>>>>>> contains user descriptions with quotes and other weird characters
>>>>>>>>> that
>>>>>>>>> need to be escaped.
>>>>>>>>>
>>>>>>>>> for example
>>>>>>>>> 'I'm going to the store, don't 'cha know?'
>>>>>>>>> is stored in my db as
>>>>>>>>> 'I\'m going to the store, don\'t \'cha know?'
>>>>>>>>>
>>>>>>>>> but when I get my json object back from the server, I need to
>>>>>>>>> eval()
>>>>>>>>> it. This strips the slashes. I tried prototype's built in json
>>>>>>>>> parser
>>>>>>>>> next (evalJSON();) with the same results.
>>>>>>>>>
>>>>>>>>> Is there any way to preserve my escape characters and use json for
>>>>>>>>> data structuring??
>>>>>>>>>
>>>>>>>>> I am aware that javascript has find/replace functions, but trusting
>>>>>>>>> the escaping of problem characters to the browser doesn't appeal to
>>>>>>>>> me. I want to escape the data on the server. also, this needs to
>>>>>>>>> work for single or double quotes, as these are user input and I
>>>>>>>>> want
>>>>>>>>> it to work regardless of the data.
>>>>>>>>>
>>>>>>>>> thanks!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---
