views:

211

answers:

2

Sorry I couldn't be more descriptive with the title, I will elaborate fully below:

I have a web application that I want to implement some AJAX functionality into. Currently, it is running ASP.NET 3.5 with VB.NET codebehind. My current "problem" is I want to dynamically be able to populate a DIV when a user clicks an item on a list. The list item currently contains a HttpUtility.UrlEncode() (ASP.NET) string of the content that should appear in the DIV.

Example:

    <li onclick="setFAQ('The+maximum+number+of+digits+a+patient+account+number+can+contain+is+ten+(10).');">
What is the maximum number of digits a patient account number can contain?</li>

I can decode the string partially with the JavaScript function unescape() but it does not fully decode the string. I would much rather pass the JavaScript function the faq ID then somehow pull the information from the database where it originates.

I am 99% sure it is impossible to call an ASP function from within a JavaScript function, so I am kind of stumped. I am kind of new to AJAX/ASP.NET so this is a learning experience for me.

A: 

I think just using HttpUtility.HtmlEncode may solve your problem. I'm not sure I follow completely though : \

Shawn Simon
+1  A: 

First of all, if you're pulling the questions from the db on page load you most likely have all the answers too, so just keep going with your current approach by jamming the answers into the page as your code sample is doing. Unless your FAQ list has thousands and thousands of questions, doing it the "AJAX way" by hitting the db on each click of the list item doesn't give you much here IMO. If it does have that many questions then a straight list is the wrong way to go anyway.

Secondly, two things to keep in mind re your approach:

  1. you're placing html inside an html attribute
  2. the attribute is specifying a javascript function to call

So you need to make sure your "answer" escapes both html and is valid js. By valid js I mean it can't have new lines and must escape quotes properly. For example, the following html - although valid html - won't fire the onclick and you'd just get a js syntax error:

<li onclick="setFAQ('This line's
multi line and has a single quote in it!')"

To account for these I would say HttpUtility.HtmlAttributeEncode in tandem with System.Web.Script.Serialization.JavaScriptSerializer is more appropriate to the markup you've shown.

JavaScriptSerializer json = new JavaScriptSerializer();
string answerString = "This line's\nmulti line and has a single quote in it!";
string onClickJS = String.Format("setFAQ({0})", json.Serialize(answerString));
string onClickAttr = HttpUtility.HtmlAttributeEncode(onClickJs);

Even better, use .NET's ListItem object and lose HtmlAttributeEncode altogether:

ListItem faqItem = new ListItem(questionString);
faqItem.Attributes.Add("onclick", String.Format("setFAQ({0})", json.Serialize(answerString)));

The html portion is escaped automatically for you, plus it's a lot cleaner.

As for your javascript, you don't have to decode anything in setFAQ(). Just take its argument and put it in into you "answer" div:

function setFAQ(answer) {
    document.getElementById('answer').innerHTML = answer
}
Crescent Fresh
+1 Great answer, I can't believe no one voted it up before today.
magnifico
@magnifico: thanks. What brought you to this old question anyway?
Crescent Fresh
Just browsing the unanswered questions list ;)
magnifico