Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.
  www.smarty.net   •  phpinsider.com  •  Forum Index  •  FAQ  •  Search  •  Memberlist  •  Profile  •  Log in to check your private messages  •  Register  •  Log in
Escaping problem

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General
View previous topic :: View next topic  
Author Message
mstdmstd
Smarty Rookie


Joined: 04 Jan 2013
Posts: 20
PostPosted: Fri May 10, 2013 10:08 am    Post subject: Escaping problem Reply with quote
Hi,
Escaping does not work as written[url] here: http://www.smarty.net/docsv2/en/language.modifier.escape.tpl[/url]
I wrote :
Code:
 <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|escape:'htmlall'}' )" >Delete</a>

But if $HighlightsList[row].name has "'" symbol, then it is not escaped and I recieve JS error clicking this link.
How right?
Back to top
View user's profile Send private message
U.Tews
Administrator


Joined: 22 Nov 2006
Posts: 5068
Location: Hamburg / Germany
PostPosted: Fri May 10, 2013 11:33 am    Post subject: Reply with quote
The escape modifer should be used only on output and not when passing parameter to javascript. It does escape "'" correctly to "'"

But you need "'" to become "\'" you have single quotes in a single qouted string you pass to javascript. Use PHP addslashes as modifier.

Try
Code:
 <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|addslashes}' )" >Delete</a>
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
PostPosted: Fri May 10, 2013 3:50 pm    Post subject: Reply with quote
you might also try escape:javascript
Back to top
View user's profile Send private message Visit poster's website
mstdmstd
Smarty Rookie


Joined: 04 Jan 2013
Posts: 20
PostPosted: Sat May 11, 2013 10:46 am    Post subject: Reply with quote
U.Tews wrote:
The escape modifer should be used only on output and not when passing parameter to javascript. It does escape "'" correctly to "'"

But you need "'" to become "\'" you have single quotes in a single qouted string you pass to javascript. Use PHP addslashes as modifier.

Try
Code:
 <a href="javascript:DeleteHighlight( '{$HighlightsList[row].id}{$PageParametersWithSort}', '{$HighlightsList[row].name|addslashes}' )" >Delete</a>

Thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP