This product version has reached end of life and is no longer supported. Click here for the latest documentation.
The EncodeJavascript function is a built-in function that returns a string with all reserved characters translated in order to be used in Javascript literals.
t : Text Type
Text Type
|
Usage |
Result |
|
EncodeJavascript( "another' test" ) |
another\x27 test |
|
EncodeJavascript( "<>" ) |
\x3c\x3e |
Using un-escaped expressions without encoding distrusted variables (e.g. user input) compromises the end-user security by allowing JavaScript injection as well as cross-scripting.
You should use this function when managing un-escaped expressions . For example, suppose you want to use the Alert Javascript function to pop-up the content of Msg . You have to create an expression, with an Escape Content property of No, with the following value:
"<script language =""javascript"">
Alert ( """ +EncodeJavascript(Msg) + """);
</script>"
See Also
Un-escaped Expressions | Available Text Functions | Available Built-in Functions