How do I escape a string inside JavaScript code inside an onClick handler?

Question

Maybe I\'m just thinking about this too hard, but I\'m having a problem figuring out what escaping to use on a string in some JavaScript code inside a link\'s onClick handle

Answer 1

In JavaScript you can encode single quotes as "\x27" and double quotes as "\x22". Therefore, with this method you can, once you're inside the (double or single) quotes of a JavaScript string literal, use the \x27 \x22 with impunity without fear of any embedded quotes "breaking out" of your string.

\xXX is for chars < 127, and \uXXXX for Unicode, so armed with this knowledge you can create a robust JSEncode function for all characters that are out of the usual whitelist.

For example,

Select