The Mighty Blog

HOW TO: Escape Single Quotes for JavaScript Strings

Jun26

Written by:Will
6/26/2007  RssIcon

While I was writing a class to allow me to quickly grab preformatted JavaScript functions (i.e., confirm, alert, etc.), I came across the need to ensure that a string passed into those methods would not throw a JavaScript error upon rendering. This could possibly happen if the message contained singles quotes for contractions, quotes, etc.

While I was writing a class to allow me to quickly grab preformatted JavaScript functions (i.e., confirm, alert, etc.), I came across the need to ensure that a string passed into those methods would not throw a JavaScript error upon rendering.  This could possibly happen if the message contained singles quotes for contractions, quotes, etc.

So, I quickly set upon adding another method to a growing RegularExpress library class that I am working with.  Here is the method:

 

''' <summary>
''' EscapeSingleQuotes - this method allows you to pass a string into it to 
''' update your string with all single quotes escaped to prevent JavaScript errors
''' </summary>
''' <param name="TextToEscape">String - the text that you want to parse</param>
''' <remarks>
''' Use this method to make a string safe for JavaScript routines
''' </remarks>
Public Shared Function EscapeSingleQuotes(ByVal TextToEscape As String) As String
    ' create a new regex object
    Dim re As New Regex("(\w'|\s'|!'|@'|#'|\$'|%'|\^'|&'|\*'|\('|\)'|\-'|\+'|='|:'|;'|""'|,'|<'|\.'|>'|/'|\?'|\['|\]'|\{'|\}'|'')[^\']")


    ' get a collection of the instances of singles to escape
    Dim reMatches As System.Text.RegularExpressions.MatchCollection = re.Matches(TextToEscape)


    ' loop through the matches and escape the single quotes
    For i As Integer = 0 To reMatches.Count - 1
        ' update the single quote with a preceding backslash
        TextToEscape = TextToEscape.Replace(reMatches.Item(i).Value, reMatches.Item(i).Value.Replace("'", "\'"))
    Next


    Return TextToEscape
End Function

 

It is just that easy.  Now all I have to do is to write something like this to take advantage of it:

Dim strString As String = _
    "This is a 'sample' this one \' is escaped, and this one " & _
    "$' !' -' has different puncuation preceding it, and " & _
    "don't forget double single '' quotes"
strString = EscapeSingleQuotes(strString)

Which would return a string like this:

This is a \'sample\' this one \' is escaped, and this one 
$\' !\' -\' has different puncuation preceding it, and 
don\'t forget double single \'\' quotes

Notice that it escaped all of the single quotes EXCEPT the single quote that was already escaped.  Have fun!

TrackbackPrint
Tags:
Categories:ASP.Net
Location: BlogsParent SeparatorThe Mighty Blog

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel 
Add to Technorati Favorites
Tweet about my blog
Will Strohl - The Mighty Blog - RSS Feed

Categories

Tag Cloud

Sort by:Tag | SizeRSS
camp   community   dnn   dotnetnuke   dotnetnuke®   event   example   free   get   group   integer   jquery   meeting   module   new   odug   orlando   search   session   think  
The opinions expressed here are the personal opinions of Will Strohl and do not necessarily represent the views and opinions of the DotNetNuke Corporation.
© Copyright 2004-2010 by Will Strohl. All rights reserved.Website Skinned By: Ralph Williams  Website Hosted By: Applied Innovations