The JS_LITERAL
function escapes and optionally enquotes a javascript string. This function replaces non-immune characters with \xHH
or \uHHHH
equivalents. The result can be injected into javascript code, within <script>
tags or inline ("javascript:xxx
"). Immune characters include a through z, A through Z, 0 through 9, commas ",", periods "." and underscores "_".
Syntax
APEX_ESCAPE.JS_LITERAL ( p_string IN VARCHAR2, p_quote IN VARCHAR2 DEFAULT "" ) return VARCHAR2;
Parameters
Table 9-6 describes the parameters available in the JS_LITERAL
function.
Table 9-6 JS_LITERAL Function Parameters
Parameter | Description |
---|---|
|
The text string that is escaped. |
|
If not null, this string is placed on the left and right of the result. The quotation character must be a single or a double quotation mark. |
Example
It describes how to use JS_LITERAL
to escape special characters in the l_string
variable.
declare l_string varchar2(4000) := 'O''Brien'; begin sys.htp.p('<script>'|| 'alert('||apex_escape.js_literal(l_string)||');'||'</script>'); end;