10.6 JS_LITERAL Function

The JS_LITERAL function escapes and optionally enquotes a javascript string. This function replaces non-immune characters with \xHH or \uHHHH equivalents. The result can be injected into javascript code, within <script> tags or inline ("javascript:xxx"). Immune characters include a through z, A through Z, 0 through 9, commas ",", periods "." and underscores "_" if the output should not be enclosed in quotes when the parameter p_quote is null. If p_quote has a value, printable ASCII 7 characters except for & < > " ' ` / \ % are not escaped.

Syntax

APEX_ESCAPE.JS_LITERAL (
    p_string IN VARCHAR2,
    p_quote  IN VARCHAR2 DEFAULT '''' )
    return VARCHAR2;

Parameters

Table 10-6 JS_LITERAL Function Parameters

Parameter Description

p_string

The text string that is escaped.

p_quote

If not null, this string is placed on the left and right of the result. The quotation character must be a single or a double quotation mark.

Example

It describes how to use JS_LITERAL to escape special characters in the l_string variable.

declare 
    l_string varchar2(4000) := 'O''Brien'; 
begin 
    sys.htp.p('<script>'|| 
        'alert('||apex_escape.js_literal(l_string)||');'||'</script>'); 
end;