GFL
Reputation: 1424
Escaping user inputs to prevent issues with code
I have some user provided variable that gets inserted into a script. Normally this works well, but fails when certain characters such as quotes are used. Is there a way to escape this?
document.getElementById("test").innerHTML = "<div oncontextmenu='javascript:alert(" + var1 + ");return false;'>" + var2 + "</div>";
Upvotes: 0
Views: 78
Answers (2)
AyushKatiyar
Reputation: 1030
Try using:
document.getElementById("test").innerHTML = `<div oncontextmenu='javascript:alert(${var1});return false;'>${var2}</div>`;
Upvotes: 1
as-if-i-code
Reputation: 2360
Convert your string to Template literal with use of backticks( ` symbol)
document.getElementById("test").innerHTML = `<div oncontextmenu='javascript:alert(` + var1 + `);return false;'>` + var2 + `</div>`;
Upvotes: 0
Related Questions
- Alternatives to escape(string) in JavaScript
- escape characters with javascript
- Escape Javascript String
- escaping user given text with javascript. Some things 'unescape' when inserted in the page
- Escaping JavaScript String
- javascript escape string
- Escaping Problem
- escape exactly what in javascript
- Do I need to escape these in javascript?
- Escaping characters in javascript strings