This function escapes text to be used in JavaScript. This function makes the following repla
cements:
Table 13-13 Table of Replacement Values
Replacement | After replacement |
---|---|
< |
\u003c |
> |
\u003e |
\ |
\\ |
/ |
\/ |
" |
\u0022 |
' |
\u0027 |
tab |
\t |
chr(10) |
\n |
This function prevents HTML tags from breaking the JavaScript object attribute assignment and also escapes the HTML tags '<' and '>'. It does not escape other HTML tags, therefore to be sure to prevent XSS (cross site scripting) attacks, you must also call SYS.HTF.ESCAPE_SC
to prevent embedded JavaScript code from being executed when you inject the string into the HTML page.
Syntax
APEX_JAVASCRIPT.ESCAPE ( p_text IN VARCHAR2) RETURN VARCHAR2;
Parameters
Table 13-14 describes the parameters available in the ESCAPE
function.
Example
Adds some JavaScript code to the onload buffer. The value of p_item.attribute_01 is first escaped with htf.escape_sc to prevent XSS attacks and then escaped with apex_javascript.escape to prevent that special characters like a quotation mark break the JavaScript code.
apex_javascript.add_onload_code ( 'var lTest = "'||apex_javascript.escape(sys.htf.escape_sc(p_item.attribute_01))||'";'||chr(10)|| 'showMessage(lTest);' );