CODEWITHSUNDEEP
javascript
Firas Dib
Firas Dib

Reputation: 2621

Escaping quotes and/or backslashes in a given string

I am trying to escape one or several of the following characters in a given string: ', " and \

I have attempted to do this with regular expressions, which works fine, but not in javascript seeing as how the engine is very limited feature-wise.

The problem is basically it needs to handle pre-escaped sequences. See examples below:

foo"bar  --->  foo\"bar
foo\"bar --->  foo\"bar
foo\\"bar -->  foo\\\"bar
foo\\\"bar ->  foo\\\"bar

Etc. Same logic applies for the single quotes and backslashes too.

Can anybody point me in the right direction of how to acheive this in javascript?

Thanks in advance.

Upvotes: 1

Views: 107

Answers (2)

Mike Samuel
Mike Samuel

Reputation: 120506

var arr = ["foo\"bar", "foo\\\"bar", "foo\\\\bar", "foo\\\\\"bar",
           "foo\\bar", "foo\\\\\\bar"];
for (var i = 0; i < arr.length; ++i) {
  console.log(arr[i] + " -> " + arr[i].replace(/\\?([\\'"])/g, "\\$1"));
}

yields

foo"bar -> foo\"bar
foo\"bar -> foo\"bar
foo\\bar -> foo\\bar
foo\\"bar -> foo\\\"bar
foo\bar -> foo\\bar
foo\\\bar -> foo\\\\bar

/\\?([\\'"])/g matches one of the characters you listed optionally preceded by a backslash and "\\$1" replaces it with a mandatory backslash followed by the character to escape.

Upvotes: 2

Paul S.
Paul S.

Reputation: 66324

If you can't figure out how to do it with a RegExp, why not write a function?

function esc(s) {
    var out = '', i, escaped = 0, c;
    for (i = 0; i < s.length; ++i) { // loop over string
        c = s.charAt(i);
        if (c === '\\') escaped = 1 - escaped; // get escaped state
        else {
            if (c === "'" || c === '"') { // if quote
                if (escaped === 0) out += '\\'; // escape if not escaped
                else escaped = 0; // else reset escaped state
            } else if (escaped) out += '\\', escaped = 0; // else close escape
        }
        out += c;
        // console.log(s, i, c, escaped, out);
    }
    return out;
}

Now 

esc('foo"bar');       // foo"bar    -> foo\"bar
esc('foo\\"bar');     // foo\"bar   -> foo\"bar
esc('foo\\\\"bar');   // foo\\"bar  -> foo\\\"bar
esc('foo\\\\\\"bar'); // foo\\\"bar -> foo\\\"bar

JavaScript does offer two (standard) native functions which can achieve a sanitised result (though different to the above). These are encodeURI encodeURIComponent, with the reverse being decodeURI and decodeURIComponent, respectively. Depending on what you want to do with your strings, these functions may be preferable.

I'll also add that if you want to sanitise a string to protect your server, do the sanitisation server-side, as you can't trust any data coming from a client's machine to be safe, even if you have client-side sanitisation.

Upvotes: 1

Related Questions