The EncodeJavascript function is a built-in function that returns a string with all reserved characters translated in order to be used in Javascript literals.

Input parameters

t: Text Type

Output parameters

Text Type

Examples

Usage

Result

EncodeJavascript( "another' test" )

another\x27 test

EncodeJavascript( "<>" )

\x3c\x3e

Remarks

Using un-escaped expressions without encoding distrusted variables (e.g. user input) compromises the end-user security by allowing JavaScript injection as well as cross-scripting.

You should use this function when managing un-escaped expressions. For example, suppose you want to use the Alert Javascript function to pop-up the content of Msg. You have to create an expression, with an Escape Content property of No, with the following value:

"<script language =""javascript"">

Alert ( """ +EncodeJavascript(Msg) + """);

</script>"

See Also

Un-escaped Expressions | Available Text Functions | Available Built-in Functions