I thought that escaping quote characters in javascript was done by either using the other style of quote
"xxx ' yyy"
or
'xxx " yyy'
or using a backslash to quote them
'xxx \' yyy\'
or
"xxx \" yyy"
but that doesn't seem to work in the problem I am currently working on.
The code I want to put in my generated HTML is:
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999, ['XXX', this.value, 'YYY']);">
The question is what escaping is needed for the string YYY?
I thought escaping single quote (') would be fine, but then I would also need to escape double quote (") as that is the outer wrapper for the onChange code.
Lets say the string I want for YYY is:
SQ' DQ" LT< GT> AMP&
so I tried outputting
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999,
['XXX', this.value, 'SQ\' DQ\" LT< GT> AMP&']);">
but FireFox saw the "<" as breaking the code
Eventually, to keep FireFox happy, I had to use
SQ\' DQ\x22 LT\x3C GT\x3E AMP\x26
i.e.
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999,
['XXX', this.value, 'SQ\' DQ\x22 LT\x3C GT\x3E AMP\x26']);">
this is a heck of a lot more escaping than I had expected. Is it really necessary, or have I missed something more straightforward?
Thanks.