Reputation: 13
VBScript ASP Input-Type-Hidden, value with quotes
<input type="text" class="originalValues" id="orig_<%=ColumnName%>" value="<%=FldValue%>">
Sorry, this would be the first time I couldn't find what I was looking for and actually had to ask a question.
I have a hidden input but if the value contains a quote ("), vbscript lops off the rest of the hidden inputs value.
How can I escape or replace the quotes? These original values are compared to textareas to see if a change has been made and to add to the audit log.
Upvotes: 1
Views: 1609
Answers (1)
Reputation: 8459
In HTML, the proper way to escape the double quote is by using the " character entity. If you always use double quotes to surround HTML attribute values, then you can use the built-in ASP method Server.HTMLEncode to safely encode quotes and other characters that need to be converted.
Response.Write Server.HTMLEncode(Chr(34) & "surrounded by quotes" & Chr(34))
output
"surrounded by quotes"
In reality, a safer method would be to also replace single quotes (apostrophes), since they could also be used to delimit attribute values. This could be done by writing a simple wrapper around Server.HTMLEncode and including it in your function library.
Function HTMLEncode(s)
HTMLEncode = Replace(Server.HTMLEncode(s), "'", "'")
End Function
Upvotes: 2
Related Questions
- Remove single quote from input
- Javascript pass variable from vbscript
- How do I input double quotes?
- ASP - Removing Double quotes from a string
- How do I get the single quotes to remain in the variable?
- ASP - how to remove single quote from user input text
- VB Script ignore special character
- Classic ASP/VBScript creating a hidden input field
- Classic ASP get textbox value - using VBScript
- How to prevent injections in ASP/VBScript?