Java code to output escaped Javascript? - comp.lang.java.programmer

Hi, I'm using Java 6. I want to output code for a Javascript variable ... String jsValue = escapeForJS(value); String expression = "storedVars['myVar'] = \"" + jsValue + "\";"; Is there anything standard that will do this? I came up with my own function, but I don't want to worry about leaving anything out. /* creates a JS expression that can be used within quotes. */ private String escapeForJS(String value) { value = value.replace("\n", "\\n"); value = value.replace("\r", "\\r"); value = value.replace("\"", "\\\""); return value; } - Dave

> I'm using Java 6. I want to output code for a Javascript variable ... > > String jsValue = escapeForJS(value); > String expression = "storedVars['myVar'] = \"" + jsValue + "\";"; > > Is there anything standard that will do this? I came up with my own > function, but I don't want to worry about leaving anything out. > > /* creates a JS expression that can be used within quotes. */ > private String escapeForJS(String value) { > value = value.replace("\n", "\\n"); > value = value.replace("\r", "\\r"); > value = value.replace("\"", "\\\""); > return value; > } That's how I would do it, but if you want existing code, maybe you can adapt something from this library: http://www.json.org/java/ Specifically, this class: http://www.json.org/javadoc/org/json/JSONWriter.html

On 06/01/2011 09:11 AM, laredotornado wrote: > Hi, > > I'm using Java 6. I want to output code for a Javascript variable ... > > String jsValue = escapeForJS(value); > String expression = "storedVars['myVar'] = \"" + jsValue + "\";"; > > Is there anything standard that will do this? I came up with my own > function, but I don't want to worry about leaving anything out. Any Java->JSON library worth its salt should be able to do this. > /* creates a JS expression that can be used within quotes. */ > private String escapeForJS(String value) { > value = value.replace("\n", "\\n"); > value = value.replace("\r", "\\r"); > value = value.replace("\"", "\\\""); > return value; > } You also forgot `\' as well as every character in the range '\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about non-BMP characters, keep in mind that JS is like Java in that it has the same UCS-2/UTF-16 hairyness]. -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth

On Jun 1, 9:50=A0am, Joshua Cranmer <Pidgeo...@verizon.invalid> wrote: > On 06/01/2011 09:11 AM, laredotornado wrote: > > > Hi, > > > I'm using Java 6. =A0I want to output code for a Javascript variable ..= .. > > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0String jsValue =3D escapeForJS(v= alue); > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0String expression =3D "storedVar= s['myVar'] =3D \"" + jsValue + "\";"; > > > Is there anything standard that will do this? =A0I came up with my own > > function, but I don't want to worry about leaving anything out. > > Any Java->JSON library worth its salt should be able to do this. > > > =A0 =A0/* creates a JS expression that can be used within quotes. */ > > =A0 =A0private String escapeForJS(String value) { > > =A0 =A0 =A0 =A0 =A0 =A0value =3D value.replace("\n", "\\n"); > > =A0 =A0 =A0 =A0 =A0 =A0value =3D value.replace("\r", "\\r"); > > =A0 =A0 =A0 =A0 =A0 =A0value =3D value.replace("\"", "\\\""); > > =A0 =A0 =A0 =A0 =A0 =A0return value; > > =A0 =A0} > > You also forgot `\' as well as every character in the range > '\u0000'-'\u001f' and '\u007f-\uffff' [if you have to worry about > non-BMP characters, keep in mind that JS is like Java in that it has the > same UCS-2/UTF-16 hairyness]. > > -- > Beware of bugs in the above code; I have only proved it correct, not > tried it. -- Donald E. Knuth Yeah, you hit on exactly what I was talking -- a bunch of characters that it is not practical to hard-code for. I'm not outputting JSON objects, so is the Java -> JSON route you suggest still the way to go? - Dave

In message <is5jk2$l36$1@dont-email.me>, Joshua Cranmer wrote: > On 06/01/2011 09:11 AM, laredotornado wrote: > >> private String escapeForJS(String value) { >> value = value.replace("\n", "\\n"); >> value = value.replace("\r", "\\r"); >> value = value.replace("\"", "\\\""); >> return value; >> } > > You also forgot `\' as well as every character in the range > '\u0000'-'\u001f' and '\u007f-\uffff' ... Can’t they just occur literally?

On 06/01/2011 06:17 PM, Lawrence D'Oliveiro wrote: > In message<is5jk2$l36$1@dont-email.me>, Joshua Cranmer wrote: > >> On 06/01/2011 09:11 AM, laredotornado wrote: >> >>> private String escapeForJS(String value) { >>> value = value.replace("\n", "\\n"); >>> value = value.replace("\r", "\\r"); >>> value = value.replace("\"", "\\\""); >>> return value; >>> } >> >> You also forgot `\' as well as every character in the range >> '\u0000'-'\u001f' and '\u007f-\uffff' ... > > Can’t they just occur literally? According to the ECMAScript specification, Line terminators (i.e., \u000A, \u000D, \u2028, and \u2029), `\', and the string character (", in this case) are prohibited from appearing in strings outright. In practice, anything that isn't pure ASCII puts you on shaky grounds due to the potential for charset confusion (the specification assumes that the input source text is already normalized to Unicode canonical form, so how engines see what you input may be different). I would also hold the use of, in particular, NUL and form-feed characters as potentially problematic. In short: The following characters are always safe *not* to escape: * A-Z, a-z, 0-9 * ~!@#$%^&*()_+`-={}[]|\:;<>?,./ * spaces The following should be okay: * ' or ", depending on how you open the string * "simple" accented characters (i.e., \xa0-ff in your favorite 8-bit charset, mostly UTF-8 or Cp1252) Never valid: * \, \n, \r, \u2028, and \u2029 Anything else (particularly "\u0000") is potentially risky. -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth