13

I am having problem with escaping the single and double quotes inside the hrefs JavaScript function.

I have this JavaScript code inside href. It's like -

<a href = "javascript:myFunc("fileDir/fileName.doc", true)"> click this </a>

Now, since double quotes inside double quote is not valid, I need to escape the inner double quotes for it to be treated as part of the string - so, I need to do this -

<a href = "javascript:myFunc(\"fileDir/fileName.doc\" , true)"> click this </a>

The problem is, even the above code is not working. The JavaScript code is getting truncated at -- myFunc(

I tried with the single quote variation too - but even that doesn't seem to work (meaning that if I have a single quote inside my string literal then the code gets truncated).

This is what I did with a single quote:

<a href = 'javascript:myFunc("fileDir/fileName.doc" , true)'> click this </a>

This works, but if I have a single quote inside the string then the code gets truncated in the same way as that of double quotes one.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
naiveCoder
  • 1,009
  • 4
  • 16
  • 28

4 Answers4

34

Using backslashes to escape quotes is how it works in JavaScript, but you're not actually writing JavaScript code there: you're writing HTML. You can do it by using the HTML escaping method: character entities.

&quot;  // "
&#39;   // '

For example:

<a href="javascript: alert('John O&#39;Brien says &quot;Hi!&quot');">...</a>
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
nickf
  • 537,072
  • 198
  • 649
  • 721
  • 2
    I think you still need to escape ' since once the html is parsed the value of the entity will be expanded into a ' just like the other plain single quotes inside the attribute. It should be `alert('John O\'Brien says "');` – JeremyWeir Dec 01 '12 at 22:59
2

In case anyone needs to escape some thing like this:

<a href="www.google.com/search?q="how+to+escape+quotes+in+href""</a>

You can use ASCII code for double quotes %22:

<a href="www.google.com/search?q=%22how+to+escape+quotes+in+href%22"</a>

It is especially useful if you pass the link to JavaScript from PHP

Arthur Tarasov
  • 3,517
  • 9
  • 45
  • 57
1

As a general best practice, use double-quotes in HTML and single-quotes in JavaScript. That will solve most of your problems. If you need a single-quote in a JavaScript string, you can just escape it using \' - and you probably shouldn't be nesting literal strings any deeper than that.

As noted elsewhere, HTML entities are a possibility if the code is embedded in HTML. But you'll still have to deal with escaping quotes in strings in your JavaScript source files, so it's best to just have a consistent strategy for dealing with JavaScript.

If you are following this strategy and end up with a double-quote embedded in your JavaScript embedded in your HTML, just use the HTML entity &quot;.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Tamzin Blake
  • 2,594
  • 20
  • 36
-1

Normally, this kind of code is working without problems:

<a href="#" onclick="myFunc('...')">Click this</a>

With this code, do you have any problem?

Romain Linsolas
  • 79,475
  • 49
  • 202
  • 273