CODEWITHSUNDEEP
javascripthtml
rajesh
rajesh

Reputation: 1433

Whether it will alert?

is this correct

<a href="#" style="color:#FFF;"onclick="add('alert("Google !")');" id="cricket" tabindex="1" name="cricket">cricket</a>

Upvotes: 0

Views: 106

Answers (2)

Quentin
Quentin

Reputation: 944297

No. 

onclick="add('alert("

You don't have a complete JavaScript statement inside your attribute value.

Some authors use the character entity reference "&quot;" to encode instances of the double quote mark (") since that character may be used to delimit attribute values.

http://www.w3.org/TR/html4/charset.html#h-5.3

(And as an aside:

  • Don't use href="#", build on stuff that works
  • Don't use the style attribute, separate presentation and content
  • Don't forget to put spaces between your attributes
  • Don't use intrinsic event attributes (such as onclick), use unobtrusive JS (which would also solve the problem of the nested quotes)
  • Where possible, avoid tabindex in favour of a sensible natural tab order )

Upvotes: 1

deceze
deceze

Reputation: 522510

onclick="add('alert("Google !")');" is being parsed as:

onclick        # attribute name
=
"add('alert("  # string
Google !       # random garbage
")');"         # another string

You'll have to escape the inner quotes, otherwise they terminate the string:

onclick="add('alert(&quot;Google !&quot;)');"

Beyond that, it depends on what add() does.

Upvotes: 1

Related Questions