|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
mstdmstd Smarty Rookie
Joined: 04 Jan 2013 Posts: 20
|
Posted: Fri May 10, 2013 10:08 am Post subject: Escaping problem |
|
|
Hi,
Escaping does not work as written[url] here: http://www.smarty.net/docsv2/en/language.modifier.escape.tpl[/url]
I wrote :
Code: | <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|escape:'htmlall'}' )" >Delete</a>
|
But if $HighlightsList[row].name has "'" symbol, then it is not escaped and I recieve JS error clicking this link.
How right? |
|
Back to top |
|
U.Tews Administrator
Joined: 22 Nov 2006 Posts: 5068 Location: Hamburg / Germany
|
Posted: Fri May 10, 2013 11:33 am Post subject: |
|
|
The escape modifer should be used only on output and not when passing parameter to javascript. It does escape "'" correctly to "'"
But you need "'" to become "\'" you have single quotes in a single qouted string you pass to javascript. Use PHP addslashes as modifier.
Try
Code: | <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|addslashes}' )" >Delete</a> |
|
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri May 10, 2013 3:50 pm Post subject: |
|
|
you might also try escape:javascript |
|
Back to top |
|
mstdmstd Smarty Rookie
Joined: 04 Jan 2013 Posts: 20
|
Posted: Sat May 11, 2013 10:46 am Post subject: |
|
|
U.Tews wrote: | The escape modifer should be used only on output and not when passing parameter to javascript. It does escape "'" correctly to "'"
But you need "'" to become "\'" you have single quotes in a single qouted string you pass to javascript. Use PHP addslashes as modifier.
Try
Code: | <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|addslashes}' )" >Delete</a> |
|
Thanks! |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|