tags:

views:

97

answers:

5
+1  Q: 

Know of a good way to clean a string in .net to be used in Javascript?

I am creating a javascript confirm message in my asp.net code:

deleteButton.Attributes.Add("onclick", "javascript:return confirm('Are you sure you want to delete client " + clientName + "')");

The problem here is that the client name can have apostrophes and other problematic characters.

Does anyone know a good, simple way to clean the variable "clientName" so that I can safely use it in the javascript?

Thanks!

+11  A: 

new JavaScriptSerializer().Serialize(clientName)

ifwdev  2009-10-05 17:51:18
Thanks ifwdev! I was expecting a cool regex (which I am sure is out there), but I had no idea this method existed in the framework. Very nice.
Mark Kadlec  2009-10-05 17:56:02
Ditto! Thanks for this answer!.
David Stratton  2009-10-05 17:58:10
I kenw about this for object serialization, to get JSON objects out of plain old CLR objects, but never thought of using it for this purpose...nice!
Jonas  2009-10-05 18:02:49
+1  A: 

I'm not sure how to do it in .net but rule number one with user input is not to clean, but to escape it.

Otherwhise users won't be able to have " in their usernames (might not be so common but in other situations, like this response to your question i had a very legitmate reason to include a ")

Erik  2009-10-05 17:53:25
Good point Erik, looks like Nicolas put the code below. Very relevant when not using names for sure! I learned two things from one post, today is a good day...
Mark Kadlec  2009-10-07 17:05:28
+1  A: 

I'm sure you've thought of this, but the .Replace()function is about as simple as it gets.

deleteButton.Attributes.Add("onclick", "javascript:return confirm('Are you sure you want to delete client " + clientName.Replace("'", "&_#39" + "')");
David Stratton  2009-10-05 17:53:31
I did David, but curiosity had the better of me and just wanted to see what other cool solutions were out there. Surprisingly there wasn't a good thread when I searched the Web but StackOverflow seemed like a good place to start one to get some ideas.
Mark Kadlec  2009-10-05 17:59:07
For my similiar situation (passing some data to an ammap from asp.net) this was the only answer that worked...
DaveEHS  2009-12-12 00:21:46
+1  A: 

To get a little fancier:

    public static string ToJavascriptString(this string str)
 {
  Dictionary<string, string> replace = new Dictionary<string, string>();
  replace.Add("'", @"\'");
  replace.Keys.ToList().ForEach(s => str = str.Replace(s, replace[s]));
  return str;
 }
Jonas  2009-10-05 17:54:38
+1  A:  
SecurityElement.Escape(string s)
Nicolas Dorier  2009-10-05 18:49:56

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps