CODEWITHSUNDEEP
javascriptjqueryescaping
shrekdood
shrekdood

Reputation: 1

Javascript/jQuery is escaping my escape

I am dynamically generating a form in a large application. I've extracted a very small section of the code here: https://jsfiddle.net/zys3zthp/ (uses jquery)

var valuelists={};
var calcs={};
var valuelists = {"regType":{"":"","Attendee":"Attendee","Exhibitor":"Exhibitor"},"yesno":{"":"","Yes":"Yes","No":"No"},"state":{"":"","AL":"AL","AK":"AK","AZ":"AZ","AR":"AR","CA":"CA","CO":"CO","CT":"CT","DE":"DE","DC":"DC","FL":"FL","GA":"GA","HI":"HI","ID":"ID","IL":"IL","IN":"IN","IA":"IA","KS":"KS","KY":"KY","LA":"LA","ME":"ME","MD":"MD","MA":"MA","MI":"MI","MN":"MN","MS":"MS","MO":"MO","MT":"MT","NE":"NE","NV":"NV","NH":"NH","NJ":"NJ","NM":"NM","NY":"NY","NC":"NC","ND":"ND","OH":"OH","OK":"OK","OR":"OR","PA":"PA","RI":"RI","SC":"SC","SD":"SD","TN":"TN","TX":"TX","UT":"UT","VT":"VT","VA":"VA","WA":"WA","WV":"WV","WI":"WI","WY":"WY","AB":"AB","BC":"BC","MB":"MB","NB":"NB","NL":"NL","NT":"NT","NS":"NS","NU":"NU","ON":"ON","PE":"PE","QC":"QC","SK":"SK","YT":"YT"}};

function addslashes(string) {
    //return string;
    return string.replace(/\\/g, '\\\\').
        replace(/\u0008/g, '\\b').
        replace(/\t/g, '\\t').
        replace(/\n/g, '\\n').
        replace(/\f/g, '\\f').
        replace(/\r/g, '\\r').
        replace(/'/g, '\\\'').
        replace(/"/g, '\\"');
}

function printInput(field, value)
    {
        var output="";
        if (valuelists[field])
        {
            output= '<select data-field="' + field + '" style="width:50%" name="' + field + '"><option value=""></option>';
            for(var name in valuelists[field])
            {
                var label = valuelists[field][name];
                if (name!='')
                {
                    var selected="";
                    if (name==value)
                    {
                        selected=" selected='selected' ";
                    }
                    output+='<option value="' + addslashes(name) +  '" ' + selected + '>' + label + '</option>';
                }
            }
            output+= '</select>';   
        }
        else
        {
            var readonly="";
            if (calcs[field])
            {
                readonly = " readonly='readonly' ";
            }
            output = "<input data-field='" + field + "' style='width:50%' type='text' name='" + field + "' value=\"" + addslashes(value) + "\" " + readonly + ">";
        }
        return output;
    }
var output ="";
output+=printInput("state", "CA");
output+=printInput("field2", "hello \" world");

$('body').html(output);

Whats happening is I want the textbox value to be: hello " world I want to do this because it's user data and it can be anything. So yes it can have single quotes or double quotes.

printInput("field2", "hello \" world");

My guess: I think my addslashes is working but I think somewhere my escape character is getting escaped and thats how i'm ending up with the regular slash...

Upvotes: 0

Views: 49

Answers (2)

shrekdood
shrekdood

Reputation: 1

My coworker helped me out.

Here's the fix. This add addslashes replaces with the HTML entities which gets converted in the textbox (wouldn't have guessed that):

function addslashes(string) {
    //return string;
    return string.replace(/\\/g, '\\\\').
        replace(/\u0008/g, '\\b').
        replace(/\t/g, '\\t').
        replace(/\n/g, '\\n').
        replace(/\f/g, '\\f').
        replace(/\r/g, '\\r').
        replace(/'/g, '&#39;').
        replace(/"/g, '&quot;');
}

Upvotes: -1

gapvision
gapvision

Reputation: 1029

I think the easiest solution for this would be to check for double quotes and replace them by single quotes.

Upvotes: 0

Related Questions