Quotes issue...

EdUarDo wrote:

I think it's a common problem, but I haven't found answers for it.
I have a sentence (mixture of HTML, Javascript and JSTL) like this:

<a href='javascript:selectItem('${item.code}', '${item.alias}');
${item.alias}
</a>

${item.alias} is a JSTL way to get a String from a parameter
that may contains single or double quotes.

If the string contains single quotes I get an error because the
sentence is not well formed. But if I use double quotes and the
string have double quotes I'll get the same error.

What is the way to solve this issue? Is there any?

As a guess (I can't test it right now), replace any double
quotes in "item.alias" with "%22" and single quotes with "%27".

The in your javascript, unescape the strings before you use
them. The following shows the principle (the encoding will
occur on your server I guess?):

<form action="">
<input type="text" value="'" name="txt"><br>
<input type="button" value="encode" onclick="
this.form.code.value = escape(this.form.txt.value);
"><br>
<input type="text" name="code"><br>
<input type="button" value="decode" onclick="
alert(unescape(this.form.code.value));
">
<input type="reset">
</form>

--
Rob

As a guess (I can't test it right now), replace any double
quotes in "item.alias" with "%22" and single quotes with "%27".

The in your javascript, unescape the strings before you use
them. The following shows the principle (the encoding will
occur on your server I guess?):

This doesn't work for me.
At server I've replaced all single and double quotes with %27 and %22
respectively.

And my client page have this code:

<tr>
<td align="left">
<a href="javascript:
selectItem('${item.code}', '${item.alias}', '${item.descriptions[SPANISH]}', '${item.descriptions[ENGLISH]}');">
${item.alias}
</a>
</td>
<td align="center">${item.code}</td>
<td align="center">${item.descriptions[SPANISH]}</td>
<td align="center">${item.descriptions[ENGLISH]}</td>
<td align="left">${item.tableName}</td>
</tr>

Once it's processed, the resulting code is:

<tr>
<td align="left">
<a href="javascript:selectItem('1440000002', '03', 'elemento%27uno', 'elemento%27uno');">
03
</a>
</td>
<td align="center">1440000002</td>
<td align="center">elemento%27uno</td>
<td align="center">elemento%27uno</td>
<td align="left">tabla1</td>
</tr>

When I click on the link (a href) I get this error

Error: missing ) after argument list
Source File: javascript:selectItem('1440000002', '03', 'elemento%27uno', 'elemento%27uno');
Line: 1, Column: 50
Source Code:
selectItem('1440000002', '03', 'elemento'uno', 'elemento'uno');
------------------------------------------^

Also I have tried to unescape the descriptions but with the same results.

EdUarDo wrote:

As a guess (I can't test it right now), replace any double
quotes in "item.alias" with "%22" and single quotes with "%27".

The in your javascript, unescape the strings before you use
them. The following shows the principle (the encoding will
occur on your server I guess?):

This doesn't work for me.
At server I've replaced all single and double
quotes with %27 and %22 respectively.

<snip>

It wouldn't, that is URL encoding. For javascript you want to use
javascript escape sequences within strings. Escape sequences begin with
a backslash followed with an 'x' then a two digit hexadecimal number
(the character code in hex) or with a 'u' followed by the four digit
hexadecimal Unicode character code. I don't have time to look up the
values for quote characters but they should be easy to work out form the
ECMA Script language specification (or any decent javascript reference)
(but I would guess (hex) - \x27 - and - \x22 -, or (Unicode) - \u0027 -
and \u2200 - if the URL encoding is correct).

Richard.