Jsp Variable As Javascript Function Parameters
I'm having a trouble with using jsp variables as javascript parameters. The javascript function: function user(name, lastname, nick) { return name + ' ' + lastname + ' (' + nic
Solution 1:
I am not certain that this is the solution without knowing what the values for the eTestsToAdd
collection is, however this would certainly be one problem.
Given this code snipplet:
document.write(user(${et.author.name}, ${et.author.lastname}, ${et.author.nick}));
And the values for the author are joe
, shmoe
, js
respectively this would result in this output
document.write(user(joe, shmoe, js));
This is invalid javascript, the JS evaluator would look for variables named joe, schome and js. You need to wrap the output in quotes.
document.write(user("${et.author.name}", "${et.author.lastname}", "${et.author.nick}"));
Now if someone puts in the name lovemesome"XXS
for the first name you will also get a javascript error. You will need to sanitize your output variables, you can do that for this case by using the following:
${fn:replace(${et.author.name}, '\"', '\\\"'}
Post a Comment for "Jsp Variable As Javascript Function Parameters"