[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
I am passing the data as arguments to javascript functions (like onclick=hopefully_escaped_data_from_server) I also have rollover functions that take these descriptions as arguments. Am I missing something??? thanks s On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
Maybe I'm not understanding your implementation, but why do the quotes have to be escaped? If you are passing the data to a function, and is already in the form of a variable, then you do not need to escape it. Can you give me an example of a JSON response? -Hector On Thu, Oct 9, 2008 at 1:21 PM, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
Why are you printing the variable contents instead of using the variables directly? Are you using javascript to print out the onmouseover text, or a server-side language? Can you post some sample code? Thanks -Hector On Thu, Oct 9, 2008 at 1:52 PM, suki rosen [EMAIL PROTECTED] wrote: for example, here's a user description: 'I'll take you down to china town ' I want to print onclick=function('I'll take you down to china town') or for rollovers onmouseover=tool_tip('I'll take you down to china town', 100); both of those throw errors. obviously I need it to work for double quotes or single quotes. On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen [EMAIL PROTECTED] wrote: Maybe I'm not understanding your implementation, but why do the quotes have to be escaped? If you are passing the data to a function, and is already in the form of a variable, then you do not need to escape it. Can you give me an example of a JSON response? -Hector On Thu, Oct 9, 2008 at 1:21 PM, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED]wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. It's not a JSON thing, it's something specific to what you're doing. Can you give us an example of the actual JSON data you're returning from the server? -- T.J. Crowder tj / crowder software / com On Oct 9, 9:21 pm, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
I listed an actual example above. user description as stored in mysql - 'I\'ll take you down to china town' when I parse the json object the slash is removed, so I print - onclick=function('I'll take you down to china town') which throws an error. On Oct 9, 5:04 pm, T.J. Crowder [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. It's not a JSON thing, it's something specific to what you're doing. Can you give us an example of the actual JSON data you're returning from the server? -- T.J. Crowder tj / crowder software / com On Oct 9, 9:21 pm, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
Not an example of the string where you're using it, the _actual_ JSON data being returned by your server. You can probably get this by typing the URL of the server-side page into the browser directly, that kind of thing. -- T.J. On Oct 9, 10:11 pm, pancakes [EMAIL PROTECTED] wrote: I listed an actual example above. user description as stored in mysql - 'I\'ll take you down to china town' when I parse the json object the slash is removed, so I print - onclick=function('I'll take you down to china town') which throws an error. On Oct 9, 5:04 pm, T.J. Crowder [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. It's not a JSON thing, it's something specific to what you're doing. Can you give us an example of the actual JSON data you're returning from the server? -- T.J. Crowder tj / crowder software / com On Oct 9, 9:21 pm, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED] wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED] wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
Why are you printing the variable contents instead of using the variables directly? if the variable has been printed to the browser, then I'm not aware of the difference (between a variable and the value of the variable). I mean, once I swap something out using innerHTML, it doesn't matter if it's a variable or not as the value of the variable is what gets printed. In case I was not clear, the errors are thrown when the user clicks on the element with an onclick - as opposed to when the page is getting built. also - I am using Ajax.Request to get new user messages. These messages are represented by a user thumbnail (for example) and there's an onclick on the thumbnail that loads the message. so in reference to Are you using javascript to print out the onmouseover text, or a server-side language? - yes, I am using javascript to print the mouseover text because it's coming from the server via an ajax interaction and not on a page load. I can certainly post code, but maybe I was more clear about the situation here. On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen [EMAIL PROTECTED] wrote: Why are you printing the variable contents instead of using the variables directly? Are you using javascript to print out the onmouseover text, or a server-side language? Can you post some sample code? Thanks -Hector On Thu, Oct 9, 2008 at 1:52 PM, suki rosen [EMAIL PROTECTED] wrote: for example, here's a user description: 'I'll take you down to china town' I want to print onclick=function('I'll take you down to china town') or for rollovers onmouseover=tool_tip('I'll take you down to china town', 100); both of those throw errors. obviously I need it to work for double quotes or single quotes. On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen [EMAIL PROTECTED] wrote: Maybe I'm not understanding your implementation, but why do the quotes have to be escaped? If you are passing the data to a function, and is already in the form of a variable, then you do not need to escape it. Can you give me an example of a JSON response? -Hector On Thu, Oct 9, 2008 at 1:21 PM, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED]wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED]wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server. also, this needs to work for single or double quotes, as these are user input and I want it to work regardless of the data. thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
I'm still not sure if I'm following you. If the variable has been printed to the browser, then it should be printed in a format that the browser understands (dom element). Dom elements do not need escaping. If the variable is still in variable form, then it does not need escaping. The only time escaping is absolutely necessary is before transport, and it should escaped in a format suitable for the transport. Once it has been received, it should be unescaped, as there is no need for the escaping anymore. It appears that the transport, in your case, is the javascript source code, which needs escaping. But I'm curious as to how you're printing an onclick attribute from javascript to javascript (or rather, why). If you are parson json, you should be able to keep the values in their variable format throughout the javascript without the need to escape or evaluate it. For example: var json = '{ message: This has \quotes\ }'.evalJSON(); alert(json.message); // alerts: This has quotes You should be able to use json.message throughout your javascript application without any escaping. Am I missing something? -Hector On Thu, Oct 9, 2008 at 2:07 PM, suki rosen [EMAIL PROTECTED] wrote: Why are you printing the variable contents instead of using the variables directly? if the variable has been printed to the browser, then I'm not aware of the difference (between a variable and the value of the variable). I mean, once I swap something out using innerHTML, it doesn't matter if it's a variable or not as the value of the variable is what gets printed. In case I was not clear, the errors are thrown when the user clicks on the element with an onclick - as opposed to when the page is getting built. also - I am using Ajax.Request to get new user messages. These messages are represented by a user thumbnail (for example) and there's an onclick on the thumbnail that loads the message. so in reference to Are you using javascript to print out the onmouseover text, or a server-side language? - yes, I am using javascript to print the mouseover text because it's coming from the server via an ajax interaction and not on a page load. I can certainly post code, but maybe I was more clear about the situation here. On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen [EMAIL PROTECTED] wrote: Why are you printing the variable contents instead of using the variables directly? Are you using javascript to print out the onmouseover text, or a server-side language? Can you post some sample code? Thanks -Hector On Thu, Oct 9, 2008 at 1:52 PM, suki rosen [EMAIL PROTECTED] wrote: for example, here's a user description: 'I'll take you down to china town' I want to print onclick=function('I'll take you down to china town') or for rollovers onmouseover=tool_tip('I'll take you down to china town', 100); both of those throw errors. obviously I need it to work for double quotes or single quotes. On Thu, Oct 9, 2008 at 4:38 PM, Hector Virgen [EMAIL PROTECTED]wrote: Maybe I'm not understanding your implementation, but why do the quotes have to be escaped? If you are passing the data to a function, and is already in the form of a variable, then you do not need to escape it. Can you give me an example of a JSON response? -Hector On Thu, Oct 9, 2008 at 1:21 PM, suki rosen [EMAIL PROTECTED] wrote: personally, I would consider this a serious drawback to using json - as opposed to xml, which does not display this behavior. I'm really hoping there's a workaround here, but I feel like I may drop prototype in favor of a library that has better xml support. On Thu, Oct 9, 2008 at 3:53 PM, Hector Virgen [EMAIL PROTECTED]wrote: Is there a reason you need the data to remain escaped while being used by javascript? Unless your javascript is interacting directly with the database, you should not need to keep your data escaped. Once javascript is done with the data, and sends it back to the server, the server should then re-escape the unescaped data before inserting into the database. -Hector On Thu, Oct 9, 2008 at 11:22 AM, pancakes [EMAIL PROTECTED]wrote: Hi. I'm using prototype for my ajax routines. I'm returning a json object from the server containing user information. Some of the information contains user descriptions with quotes and other weird characters that need to be escaped. for example 'I'm going to the store, don't 'cha know?' is stored in my db as 'I\'m going to the store, don\'t \'cha know?' but when I get my json object back from the server, I need to eval() it. This strips the slashes. I tried prototype's built in json parser next (evalJSON();) with the same results. Is there any way to preserve my escape characters and use json for data structuring?? I am aware that javascript has find/replace functions, but trusting the escaping of problem characters to the browser doesn't appeal to me. I want to escape the data on the server.
[Proto-Scripty] Re: parsing json strips slashes before quotes - can I avoid this?
right - thanks! I was on the phone with someone discussing the problem (which is why it took me a minute to reply) and the basic message he gave me was to play around with \\\' (or as many backslashes as it takes to properly get the string formatted for a couple levels of rendering) but I believe your suggestion about not using innerHTML and instead using Event.observe is much better. I will look into that. I think that's a much more solid way of approaching these situations (regardless of this problem.) thanks again! s On Oct 9, 6:13 pm, T.J. Crowder [EMAIL PROTECTED] wrote: Hi, I'm off to bed, but since you still haven't posted the JSON data your server is returning, I'll tell you what I'm pretty sure is wrong. Apologies for any lack of clarity, I'm rushing. I suspect your JSON looks like this: Example #1: * * * * { message: This is a \'message\' with \quotes\ in it.} * * * * That JSON snippet defines a property, message, with a string value that DOES NOT CONTAIN ANY BACKSLASHES. The string contains quotes. The *value* of the string is: This is a 'message' with quotes in it. Now, that's entirely correct and as it should be. Where I think you're going wrong is where you're using it. Say we have the JSON data from Example 1 above decoded and stored in a variable called 'json'. If I wanted to show an alert with that text, I could use the *value* of json.message to do that: alert(json.message); That's fine. But setting innerHTML is different. You're setting a string with the textual representation of the HTML and JavaScript you want to put in the element. That string will be decoded and interpreted by the browser. It needs to be the textual representation of what you want. So if I wanted to create a click handler to show that alert, this would be wrong: element.innerHTML = div onclick=\alert(' + json.message + '); \ /; // = WRONG Let's deconstruct why. First, let's substitute in the value of json.message: element.innerHTML = div onclick=\alert('This is a \'message\' with \quotes\ in it.');\ /; Remember that the right-hand side of that is a string. Let's look at the value of that string: div onclick=alert('This is a 'message' with quotes in it.'); / ...which is, of course, wrong. So what do you do? Well, what *I* would do is not use an onclick handler in the first place. Use c instead: element.innerHTML = div id='myDiv' /; Event.observe.defer('myDiv', 'click', function() { alert(json.message); }); Creating handlers via innerHTML is (as you've discovered!) complicated and unpleasant. But if you *really* want to do that, you'll have to escape the string. I haven't had to do that in JavaScript for so long I don't recall whether it has a built-in for it (it's not escape(), sadly) or whether Prototype has a method for it (not seeing on one first glance). It's probably not a complicated regex, basically put a backslash in front of all chars in the '\x00' to '\x1f' range (inclusive) and in front of single quote ('), double quote (), and backslash (/). HTH, -- T.J. Crowder tj / crowder software / com On Oct 9, 10:07 pm, suki rosen [EMAIL PROTECTED] wrote: Why are you printing the variable contents instead of using the variables directly? if the variable has been printed to the browser, then I'm not aware of the difference (between a variable and the value of the variable). I mean, once I swap something out using innerHTML, it doesn't matter if it's a variable or not as the value of the variable is what gets printed. In case I was not clear, the errors are thrown when the user clicks on the element with an onclick - as opposed to when the page is getting built. also - I am using Ajax.Request to get new user messages. These messages are represented by a user thumbnail (for example) and there's an onclick on the thumbnail that loads the message. so in reference to Are you using javascript to print out the onmouseover text, or a server-side language? - yes, I am using javascript to print the mouseover text because it's coming from the server via an ajax interaction and not on a page load. I can certainly post code, but maybe I was more clear about the situation here. On Thu, Oct 9, 2008 at 4:58 PM, Hector Virgen [EMAIL PROTECTED] wrote: Why are you printing the variable contents instead of using the variables directly? Are you using javascript to print out the onmouseover text, or a server-side language? Can you post some sample code? Thanks -Hector On Thu, Oct 9, 2008 at 1:52 PM, suki rosen [EMAIL PROTECTED] wrote: for example, here's a user description: 'I'll take you down to china town' I want to print onclick=function('I'll take you down to china town') or for rollovers onmouseover=tool_tip('I'll take you down to china town', 100); both of those throw errors. obviously I need it to work