RE: input boxes ande double quotes

Tue, 11 Nov 2003 03:18:12 -0800

JSStringFormat() doesn't fix this problem. It only works for escaping strings for _javascript_, NOT HTML. What you need is HTMLEditFormat(). Or you can just replace <,>," with &lt;,&gt;,&quot; using ReplaceList (or write a UDF to do it). HTMLEditFormat will cause trouble with CF5/UTF-8.


In some cases you wil actually need a combination of both functions:


<a href="" confirm('Do you want to delete #HTMLEditFormat(JSSTringFormat(item_name))#')">


Pascal

-----Oorspronkelijk bericht-----
Van: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]
Verzonden: ma 10/11/2003 22:30
Aan: CF-Talk
CC:
Onderwerp: RE: input boxes ande double quotes


Bryan:

I usually just replace the double-quotes with &quot; (the double-quote
entity) using the following code:

Replace(myValue, '"', "&quot;", "ALL")

However, a lot of people tend to just go with the JSStringFormat() function.

--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/

-----Original Message-----
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 4:08 PM
To: CF-Talk
Subject: input boxes ande double quotes

Hey All,

Old issue, but I'm checking the consensus....

Let's say we have this:
<input type="text" name="txtFName" value="#FORM.txtFName#">

and the form posts back to itself which kicks in some validation....an error
is found and the form is re-displayed along with an error message and
populated with exatly what the user typed (pretty standard stuff).

So all works fine unless you start throwing some double quotes into that
input box.  If you do that then the value can be truncated (let's say they
entered "Biff" as the name...with the double quotes).  That means the HTML
produced on re-display is like this:
<input type="text" name="txtFName" value=""Biff"">

So now the value is technically "" or blank because it got truncated (you
now have value="" and Biff"").

So what does everybody do about this?

TIA

Cheers

Bryan Stevenson B.Comm.
VP & Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]

---------------------------------------------------------
Macromedia Associate Partner
www.macromedia.com
---------------------------------------------------------
Vancouver Island ColdFusion Users Group
Founder & Director
www.cfug-vancouverisland.com


  _____  

[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to