The EncodeJavascript function is a built-in function that returns a string with all reserved characters translated in order to be used in Javascript literals.

Input parameters

t: Text Type

Output parameters

Text Type




EncodeJavascript( "another' test" )

another\x27 test

EncodeJavascript( "<>" )



Using un-escaped expressions without encoding distrusted variables (e.g. user input) compromises the end-user security by allowing JavaScript injection as well as cross-scripting.

You should use this function when managing un-escaped expressions. For example, suppose you want to use the Alert Javascript function to pop-up the content of Msg. You have to create an expression, with an Escape Content property of No, with the following value:

"<script language =""javascript"">

Alert ( """ +EncodeJavascript(Msg) + """);


See Also

Un-escaped Expressions | Available Text Functions | Available Built-in Functions