This function returns the escaped text surrounded by double quotation marks. For example, this string could be returned "That\'s a test".
This function does not escape HTML tags. It only prevents HTML tags from breaking the JavaScript object attribute assignment. To prevent XSS (cross site scripting) attacks, you must also call SYS.HTF.ESCAPE_SC to prevent embedded JavaScript code from being executed when you inject the string into the HTML page.
Syntax
APEX_JAVASCRIPT.ADD_VALUE (
p_value IN VARCHAR2,
p_add_comma IN BOOLEAN :=TRUE)
RETURN VARCHAR2;
Parameters
Table 13-9 describes the parameters available in the ADD_VALUE signature 1 function.
Table 13-9 ADD_VALUE Signature 1 Parameters
| Parameter | Description |
|---|---|
|
|
Text to be escaped and wrapped by double quotation marks. |
|
|
If |
Example
This example adds some JavaScript code to the onload buffer. The value of p_item.attribute_01 is first escaped with htf.escape_sc to prevent XSS attacks and then assigned to the JavaScript variable lTest by calling apex_javascript.add_value. Add_value takes care of properly escaping the value and wrapping it with double quotation marks. Because commas are not wanted, p_add_comma is set to FALSE.
apex_javascript.add_onload_code (
'var lTest = '||apex_javascript.add_value(sys.htf.escape_sc(p_item.attribute_01), FALSE)||';'||chr(10)||
'showMessage(lTest);' );