Escape quotes in JavaScript

Question

I\'m outputting values from a database (it isn\'t really open to public entry, but it is open to entry by a user at the company -- meaning, I\'m not worried about XSS).

Answer 1

You need to escape the string you are writing out into DoEdit to scrub out the double-quote characters. They are causing the onclick HTML attribute to close prematurely.

Using the JavaScript escape character, \, isn't sufficient in the HTML context. You need to replace the double-quote with the proper XML entity representation, ".