How do I escape an ampersand in a javascript string so that the page will validate strict?
Asked Answered
R

5

33

I am trying to pass a dataString to to an ajax call using JQuery. In the call, I construct the get parameters and then send them to the php page on the receiving end. The trouble is that the data string has ampersands in them and the HTML strict validator is chocking on it.

Here is the code:

$(document).ready(function(){
    $("input#email").focus();
    $('#login_submit').submit(function(){
        var username = $('input#email').val();
        var password = $('input#password').val();
        var remember = $('input#remember').attr("checked");
        var dataString = "email="+username+"&password="+password+"&remember="+remember;
        $.post('login.php', dataString, function(data) {
            if (data == 'Login Succeeded.') {
                location.reload(true);
            } else {
                $("input#email").focus();
                $("#login_msg").html(data).effect("pulsate", {times: 2}, 1000); 
            }
        });         
        return false;
    });
});

and here is an example of the validator message: cannot generate system identifier for general entity "password".

var dataString = "email="+username+"&password="+password+"&remember="+rememb…

(in the validator the "p" after the first ampersand is marked red indicating the point of the failure).

Rosalynrosalynd answered 10/12, 2008 at 4:1 Comment(0)
A
38

Try putting your javascript inside a CDATA block like this:

<script type="text/javascript">
<![CDATA[
// content of your Javascript goes here
]]>
</script> 

which should make it pass validation. To be extra safe you can add Javascript comments around the CDATA tags to hide them from older browsers who don't understand the CDATA tag:

<script type="text/javascript">
/* <![CDATA[ */
// content of your Javascript goes here
/* ]]> */
</script> 
Alkyl answered 10/12, 2008 at 4:4 Comment(1)
That was perfect. The first answer didn't work but the second one did. Thanks for the help!Rosalynrosalynd
D
25

"\u0026" works!

Dogmatics answered 6/5, 2009 at 19:33 Comment(0)
X
6

Note: before one goes blindly wrapping text in CDATA blocks, be aware that CDATA's purpose is NOT for making invalid characters valid.

See: http://www.flightlab.com/~joe/sgml/cdata.html

Xantha answered 10/12, 2008 at 23:0 Comment(0)
S
1

Sometimes \u0026, &#38, %26, &amp, or <![CDATA[ ... ]]> work for ampersands in script blocks in xhtml.
I would like to ask why we should want that kind of a restriction (blink loyalty to the errors in the design of SGML) which also prevents &nbsp, mathml, target, and nested xml from working.
Why can't we simply say that in a script block no tags or other SGML stuff gets recognized? Why can't xhtml let targets work?
I don't see an advantage to SGML that outweigh the disadvantages. Right now, even though html5 is somewhat available, xhtml is the validator that catches the most developer errors. Let's fix xml without historical regard to its origins.

Sombrous answered 29/1, 2012 at 22:57 Comment(0)
I
-1

i would try:

var dataString = "email="+username+"&amp;password="+password+"&amp;remember="+remember;
Ivetteivetts answered 10/12, 2008 at 4:7 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.