{javascript:text}

Description

Escapes a string so it is safe to drop inside a single-quoted JavaScript string literal. It does two things: every apostrophe (single quote) becomes a backslash followed by an apostrophe, and every line break (CR, LF or CRLF) becomes one single space. Nothing else is touched - double quotes, angle brackets and HTML entities are left exactly as they are, so this is not an HTML or XML escaper. The text is not trimmed, so leading and trailing spaces survive. Because AA splits expansion parameters on the colon, a literal colon in the text is read as a parameter break and everything after it is dropped; write such a colon as hash-colon so it reaches the output. To embed the result in an HTML attribute wrap the whole thing in safe; for full JSON-safe quoting use jsonstring instead.

Parameters

text optional default (empty string)

The string to escape. Apostrophes in it become backslash-apostrophe and any line breaks become single spaces; everything else is passed through unchanged. Defaults to an empty string, which yields an empty result. Remember that a literal colon in this text would otherwise be read as a parameter break - escape it as hash-colon.

Examples

test{javascript:I'm here}

ExpectedI\'m here

ActualI\'m here

The core job: each apostrophe becomes a backslash followed by an apostrophe, so the text is safe inside a single-quoted JS string.

test{javascript:alert('Saved')}

Expectedalert(\'Saved\')

Actualalert(\'Saved\')

A typical use - the apostrophes around a string argument are escaped so the surrounding single-quoted JS literal stays valid.

test{javascript:Hello world}

ExpectedHello world

ActualHello world

With no apostrophes and no line breaks the text is returned untouched.

test{javascript:say "hi"}

Expectedsay "hi"

Actualsay "hi"

Only single quotes are escaped. Double quotes, angle brackets and HTML entities pass through unchanged - this is not an HTML escaper.

test{javascript:it's o'clock}

Expectedit\'s o\'clock

Actualit\'s o\'clock

Every apostrophe is escaped, not just the first.

test{javascript:ratio is 3:1}

Expectedratio is 3

Actualratio is 3

AA splits expansion parameters on the colon, so an unescaped colon ends the text - everything after it is dropped before javascript ever runs.

test{javascript:ratio is 3#:1}

Expectedratio is 3:1

Actualratio is 3:1

Write a literal colon as hash-colon so the parameter parser keeps it; the colon then reaches the output intact.

testonclick='note({javascript:Owner is O'Brien})'

Expectedonclick='note(Owner is O\'Brien)'

Actualonclick='note(Owner is O\'Brien)'

The canonical pattern: drop dynamic text (here a name with an apostrophe) into a single-quoted JS call. javascript escapes the inner apostrophe so the handler stays well-formed. For an HTML attribute also wrap the result in safe; for a full JSON value use jsonstring.

virtual

{javascript:line one
line two}

Expected(line one line two - the newline becomes one space)

Actualline one line two

A line break in the input (CR, LF or CRLF) is replaced by a single space, so a multi-line value becomes one line - JS string literals cannot span raw newlines. Marked illustrative because a stored single-line example cannot carry a real newline; the input above spans two lines and yields: line one line two

← All expressions