Reputation: 35
Which characters to escape in string consisting of HTML tags and attributes?
I have a document.write statement that I'm using to write some HTML. My question is, do I need to escape anything more than the / and "" ?
document.write('<div style=\"display:none;\"><\/div>');
Upvotes: 1
Views: 82
Answers (2)
Reputation: 943537
You need to escape:
'because that character is used to delimit the string\because that is an escape character- new lines (as
\n) since you cannot have a literal new line in the middle of a string in JavaScript
You do not need to escape " since they are not used to delimit this string.
You do not need to escape / except when it immediately follows a <, and even then only when you have HTML inside a <script> element instead of in an external file (but it does no harm to do so the rest of the time).
Upvotes: 2
Reputation: 101483
You don't even need to escape the double quotes in this string - that's only necessary if you enclose your string with double quotes.
You shouldn't need to escape your /es either; they don't break the string and document.write() (afaik) allows plain HTML to be inserted.
Upvotes: 3
Related Questions
- escaping inside html tag attribute value
- How to escape html tags in text
- How do I escape quotes in HTML attribute values?
- How do I properly escape quotes inside HTML attributes?
- Escape characters within an HTML tag
- How to escape HTML special characters in Javascript
- What characters must be escaped in HTML5 attributes?
- Which regular expression to use in order to determine which characters to escape for html attributes and javascript?
- HTML attributes escaping
- Escape My HTML Character