开发者

dealing with nested quotes in html generated from c#

开发者 https://www.devze.com 2022-12-19 18:40 出处:网络
i am using a 3rd party library to show tooltips, like so: string tooltip = \"test\"; output.Write(\"onmouseover=\'Tip(\\\"\" + test + \"\\\");\'\");// work fine :)

i am using a 3rd party library to show tooltips, like so:

string tooltip = "test";
output.Write("onmouseover='Tip(\"" + test + "\");'");  // work fine :)

i'm having problem with situations lik开发者_JS百科e the following where i need quotes for formatting:

string tooltip = "<span style='color:red;'>test</span>";
output.Write("onmouseover='Tip(\"" + test + "\");'");  // no working :(

how can i escape the quotes needed for the html in the tooltip so it doesn't break the function call?


Replace any instance of " with &quot; as follows:

test.Replace( "\"", "&quot;" )


This is the perfect use for the Microsoft Anti-Xss Library

With it, you call the JavaScriptEncode function, which will build a string like this:

Microsoft.Security.Application.AntiXss.JavaScriptEncode("ab'c\"d")
// 'ab\x27c\x22d'

Notice that it includes the quotes.

You would take that, HTML encode it, and plop it directly into your parenthesis.

Something like this:

string tooltip = "<span style='color:red;'>test</span>";
output.Write("onmouseover=\"Tip(" + AntiXss.JavaScriptEncode(test) + ");\"");  // working :)
0

精彩评论

暂无评论...
验证码 换一张
取 消