JavaScript removes slash from JSP variable

Question

Have JSP variable ${remoteFolder}

It's value is \\file-srv\demo

Use jQuery embedded in this JSP.

jQuery resolves ${remoteFolder} variable as \file-srvdemo ,i.e. one slash is removed.

How to remain initial value of this var?

edited: when ${remoteFolder} is used inside form tag, that it resolved OK.

edited2:

JS part of JSP, slashes are stripped out..

  <script>
        var oScript = document.createElement("script");
        oScript.type = "text/javascript";
        oScript.text = "var $j = jQuery.noConflict();";
        oScript.text+= "$j(document).ready(function(){";
        ...
       oScript.text+= "'script':'<%= request.getContextPath()   %>/uploadFile?portletId=${portletId}&remoteFolder=${remoteFolder}',";
        ...
        oScript.text+= "});"; 
        document.body.appendChild(oScript);        
    </script>

edited3:

earlier usage of ${remoteFolder} var,that was all OK with slashes < form enctype="multipart/form-data" method="post" target="uploadFrame" action="<%= request.getContextPath() %>/uploadFile?portletId=${portletId}&remoteFolder=${remoteFolder}">

Answer 1

Try setting $remotefolder to \\\\file-srv\\demo since javascripts interprets \ as escape char, thereby needing \\ to print \.

Answer 2

That's JavaScript rather than jQuery. You'll need to escape any backslash you want to be preserved when creating JavaScript string literals using an extra backslash.

Answer 3

There are two problems here.

First, the \ is an escape character in JS strings. When you want to represent a \ in a JS string, you need to double-escape it: \\. Easiest way would be using JSTL fn:replace for this.

var jsVariable = "${fn:replace(javaVariable, '\\', '\\\\')}";

Second, you want send it as an URL parameter. The \ is an illegal character in URL parameter. You need to URL-encode it. Easiest way would be using Javascript's escape() function for this.

var urlParameter = escape(jsVariable);

Summarized, the

oScript.text+= "'script':'<%= request.getContextPath()   %>/uploadFile?portletId=${portletId}&remoteFolder=${remoteFolder}',";

needs to be replaced by

oScript.text += "'script':"
    + "'${pageContext.request.contextPath}/uploadFile"
    + "?portletId=${portletId}"
    + "&remoteFolder=" + escape("${fn:replace(remoteFolder, '\\', '\\\\')}")
    + "',";

Alternatively, you can just use / instead of \ as file path separator. This works perfectly in Windows as well. You don't need to escape them for use in strings, you however still need to URL-encode it.

oScript.text += "'script':"
    + "'${pageContext.request.contextPath}/uploadFile"
    + "?portletId=${portletId}"
    + "&remoteFolder=" + escape("${remoteFolder}")
    + "',";

Answer 4

I find that I cannot write a serious web application without having my own EL function library with some critical functions in it. Among those is a "jsQuote" (or "escapeJS", depending on what sort of mood I'm in) function, whose intent is to "protect" expanded strings so that they can be dropped into Javascript string constants. It's analogous to fn:escapeXml() but instead of targetting the HTML syntax it targets Javascript. Generally what it has to do is check for backslash, the quote characters, newline & the other common control characters, and then any characters outside the 7-bit printable range. With such a function, you can always safely do something like this:

<script>
  // ...
  var s = 'A string ${yourLib:escapeJS(some.java.bean.property)} constant';
  // ...
</script>

I really wish such a thing would become part of the JSTL standard, but I'm not hopeful. Luckily it's really easy to write.