ansaurus

Question

C# StringBuilder - how to escape this string:

Answer 1

A:

I think you are mixing up what is JavaScript and what is C#. Can you please tell us the string you are string you are trying to achieve...

for instance

window.location.protocol.indexOf('https:') is JavaScript

but presumably

gDomain and gDcsId

are variables from your C# method

maybe this:

"<SCRIPT TYPE='text/javascript' SRC='"+"http"+"(window.location.protocol.indexOf('https:')==0?'s':'')"+"://" + gDomain + "/"+ gDcsId+ "/wtid.js"+"'></SCRIPT>")

DrG 2008-12-04 10:22:53

Answer 2

A:

The string in the beginning is what I want exactly... (I'm not mixing up JavaScript with C# - I just need to add a string to at C# StringBuilder that by coincidance contains some JavaScript)

Its an external script that I have to put on a page, using a StringBuilder (for various reasons).

I have no way of knowing if any changes to the script will make it fail so I have to include it as is...

It's only 1 line of the total script, but most other lines I've managed to escape correctly and they are included as wanted...

noesgard 2008-12-04 10:28:13

apologies, i misunderstood the question :D

DrG 2008-12-04 10:56:53

Answer 3

+6 A:

Hello.

You should try something like this :

@"<document.write(""<SCR""+""IPT TYPE='text/javascript' SRC='""+""http""+(window.location.protocol.indexOf('https:')==0?'s':'')+""://""+gDomain+""/""+gDcsId+""/wtid.js""+""'><\/SCR""+""IPT>"");"

When prefixing a string literal with @, the only escaping needed is to double the " caracter.

Hope this help.

Stephane 2008-12-04 10:31:04

seems to work :o) Will test the other coulple of lines tooDid you add "@" and double all "'s?

noesgard 2008-12-04 10:35:33

Answer 4

+4 A:

string x = @"<document.write(""<SCR""+""IPT TYPE=""'text/javascript' SRC='""+""http""+(window.location.protocol.indexOf('https:')==0?'s':'')+""://""+gDomain+""/""+gDcsId+""/wtid.js""+""'><\/SCR""+""IPT>"");";

The @ prefix makes escaping simpler. You just have to turn each " into "".

You will find your program much easier to maintain if you store the JavaScript in an external file. I assume you're using StringBuilder so you can mix bits of constant script with a few dynamic values? You could write it in a file but put escapes like this for the dynamic values:

var fromCSharp = {0};

Then at runtime, load the JS file and give it to string.Format as the format string, along with values to replace each occurrence of {0}, {1}, etc. You only need to load the format string from the file once and keep it cached.

Also if the values you are inserting into the JavaScript are themselves string literals, you will need to escape them according to the syntax of JavaScript.

Daniel Earwicker 2008-12-04 10:32:35

Running the script from external files has not been working so far, it's specifically not recommended in the script itself... My initial idea was actually just to insert a little script tag linking to an external JS file but alas... not working

noesgard 2008-12-04 11:43:44

Where is it specifically not recommended and why? And how is it not working? I might be able to help with more detail.

Daniel Earwicker 2008-12-04 11:51:37

about the details: its a script delivered from a statistics vendor (WebTrends) The warning is this:The two script blocks below must remain inline. Moving them to an external JavaScript include file can cause serious problems with cross-domain tracking. - Dont think I use this, but it fails anyway

noesgard 2009-02-05 14:40:20

Sounds like they're talking about client-side JS includes. I'm talking about a file that your C# code reads in order to generate the page that gets sent back to the client. Fundamentally there is no way the browser can tell how you built the page as long as you send the same bytes to it.

Daniel Earwicker 2009-02-05 21:59:51

ansaurus

tags:

views:

answers:

C# StringBuilder - how to escape this string:

related questions