Home/ Questions/Q 862347
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T09:07:36+00:00

I need for someone to be able to put some text into a page

  • 0

I need for someone to be able to put some text into a page and then this gets sent to the server, saved in the database, and else where this text is put into a javascript variable.

Basically like this:

Write("var myVar=\""+MyData+"\";");

What is the best way of escaping this data? Is there anything out there already to deal with things like ' and " and new lines? Is base64 my only option?

My serverside framework/language is ASP.Net/C#

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should use WPL:

    Write("var myVar=" + Encoder.JavaScriptEncode(MyData, true) + ";");

    if you don’t want to reference the library, you can use the following function (adapted from the .Net source):

    public static void QuoteString(this string value, StringBuilder b) {
    if (String.IsNullOrEmpty(value))
        return "";

    var b = new StringBuilder();
    int startIndex = 0;
    int count = 0;
    for (int i = 0; i < value.Length; i++) {
        char c = value[i];

        // Append the unhandled characters (that do not require special treament)
        // to the string builder when special characters are detected.
        if (c == '\r' || c == '\t' || c == '\"' || c == '\'' || c == '<' || c == '>' ||
            c == '\\' || c == '\n' || c == '\b' || c == '\f' || c < ' ') {
            if (b == null) {
                b = new StringBuilder(value.Length + 5);
            }

            if (count > 0) {
                b.Append(value, startIndex, count);
            }

            startIndex = i + 1;
            count = 0;
        }

        switch (c) {
            case '\r':
                b.Append("\\r");
                break;
            case '\t':
                b.Append("\\t");
                break;
            case '\"':
                b.Append("\\\"");
                break;
            case '\\':
                b.Append("\\\\");
                break;
            case '\n':
                b.Append("\\n");
                break;
            case '\b':
                b.Append("\\b");
                break;
            case '\f':
                b.Append("\\f");
                break;
            case '\'':
            case '>':
            case '<':
                AppendCharAsUnicode(b, c);
                break;
            default:
                if (c < ' ') {
                    AppendCharAsUnicode(b, c);
                } else {
                    count++;
                }
                break;
        }
    }

    if (b == null) {
        b.Append(value);
    }

    if (count > 0) {
        b.Append(value, startIndex, count);
    }

    return b.ToString();
}
    • 0