I'm trying to pass the output of a SQL Server exception to the client using the RegisterStartUpScript method of the MS ScriptManager in .NET 3.5. This works fine for some errors but when the exception contains single quotes the alert fails.
I dont want to only escape single quotes though. Is there a standard function I can call to escape any special chars for use in JavaScript?
string scriptstring = "alert('" + ex.Message + "');";
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert", scriptstring , true);
EDIT:
Thanks @tpeczek, the code almost worked for me :) but with a slight amendment (the escaping of single quotes) it works a treat.
I've included my amended version here...
public class JSEncode
{
/// <summary>
/// Encodes a string to be represented as a string literal. The format
/// is essentially a JSON string.
///
/// The string returned includes outer quotes
/// Example Output: "Hello "Rick"!
Rock on"
/// </summary>
/// <param name="s"></param>
/// <returns></returns>
public static string EncodeJsString(string s)
{
StringBuilder sb = new StringBuilder();
sb.Append(""");
foreach (char c in s)
{
switch (c)
{
case ''':
sb.Append("\'");
break;
case '"':
sb.Append(""");
break;
case '\':
sb.Append("");
break;
case '':
sb.Append("\b");
break;
case 'f':
sb.Append("\f");
break;
case '
':
sb.Append("\n");
break;
case '
':
sb.Append("\r");
break;
case '':
sb.Append("\t");
break;
default:
int i = (int)c;
if (i < 32 || i > 127)
{
sb.AppendFormat("\u{0:X04}", i);
}
else
{
sb.Append(c);
}
break;
}
}
sb.Append(""");
return sb.ToString();
}
}
As mentioned below - original source: here
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
