28.2 ADD_ATTRIBUTE Function Signature 1
This function returns the attribute and the attribute's escaped text surrounded by double quotation marks.
Note:
This function does not escape HTML tags. It only prevents HTML tags from breaking the JavaScript object attribute assignment. To prevent XSS (cross site scripting) attacks, you must also call SYS.HTF.ESCAPE_SC to prevent embedded JavaScript code from being executed when you inject the string into the HTML page.
Syntax
APEX_JAVASCRIPT.ADD_ATTRIBUTE (
p_name IN VARCHAR2,
p_value IN VARCHAR2,
p_omit_null IN BOOLEAN:=TRUE,
p_add_comma IN BOOLEAN:=TRUE)
RETURN VARCHAR2;
Parameters
Table 28-2 ADD_ATTRIBUTE Signature 1 Parameters
| Parameter | Description |
|---|---|
|
|
Name of the JavaScript object attribute. |
|
|
Text to be assigned to the JavaScript object attribute. |
|
|
If set to TRUE and |
|
|
If set to TRUE, a trailing comma is added when a value is returned. |
Example
Adds a call to the addEmployee JavaScript function and passes in a JavaScript object with different attribute values. The output of this call looks like:
addEmployee(
{"FirstName":"John",
"LastName":"Doe",
"Salary":2531.29,
"Birthday":new Date(1970,1,15,0,0,0),
"isSalesman":true
});As the last attribute you should use the parameter combination FALSE (p_omit_null), FALSE (p_add_comma) so that the last attribute is always generated. This avoids that you have to check for the other parameters if a trailing comma should be added or not.
apex_javascript.add_onload_code (
'addEmployee('||
'{'||
apex_javascript.add_attribute('FirstName', sys.htf.escape_sc(l_first_name))||
apex_javascript.add_attribute('LastName', sys.htf.escape_sc(l_last_name))||
apex_javascript.add_attribute('Salary', l_salary)||
apex_javascript.add_attribute('Birthday', l_birthday)||
apex_javascript.add_attribute('isSalesman', l_is_salesman, false, false)||
'});' );Parent topic: APEX_JAVASCRIPT