ColdFusion/Javascript Escape Single Quote

Question

I know this is going to be something simple that I'm just missing somehow, but here it goes:

I have a ColdFusion application where a user can enter text on multiple screens. I have a javascript function that checks the entered text against what is stored in the database and pops up a confirmation window asking them if they want to save/discard changes.

If the user-entered text contains quotes (single or double), the javascript dies completely. I need to escape the quotes while maintaining the ability to check if the content matches.

I've tried the escape() and replace() functions (singly and together), but nothing is working.

Example javascript:

function change_question(){
    var feedback = document.getElementById('feedback').value; //this is what the user has entered on the page
    var stored_feedback = "#trim(StoredFeedback)#"; //this is what is stored in the database; retrieved via ColdFusion

    if (feedback != stored_feedback) {
        if (confirm('You have unsaved data on the page. Do you wish to discard your changes?')) {
            //go to next page
        }
    }
    else {
            //go to next page
    }
}

Thanks.

Answer 1

If you are looking for a ColdFusion solution, you'll probably want to use this:

HTMLEditFormat(string)

HTML-escaped string string. Return characters are removed; line feed characters are preserved. Characters with special meanings in HTML are converted to HTML character entities such as >.

Answer 2

The built in jsStringFormat will escape for JavaScript

var stored_feedback = "#jsStringFormat(StoredFeedback)#";

Answer 3

I don't know ColdFusion but according to the docs:

var stored_feedback = #SerializeJSON( trim(StoredFeedback) )#; 

I think you shouldn't need to add quotes explicitly, as a string when serialized to JSON should end up with double quotes anyway. Again, I can't test this myself.