JS_LITERAL Function

The JS_LITERAL function escapes and optionally enquotes a JavaScript string. This function replaces non-immune characters with \xHH or \uHHHH equivalents. The result can be injected into JavaScript code, within <script> tags or inline (javascript:nnn). Immune characters include:

a through z
A through Z
0 through 9
commas ,
periods .
underscores _

If the output should not be enclosed in quotes, then the parameter p_quote is NULL.

If p_quote has a value, printable ASCII 7 characters are not escaped except for & < > " ' ` / \ %

Syntax

APEX_ESCAPE.JS_LITERAL (
    p_string IN VARCHAR2,
    p_quote  IN VARCHAR2 DEFAULT '''' )
    return VARCHAR2;

Parameters

Table 21-16 JS_LITERAL Function Parameters

Parameter	Description
`p_string`	The text string that is escaped.
`p_quote`	If not NULL, this string is placed on the left and right of the result. The quotation character must be a single- or double-quotation mark.

Example

It describes how to use JS_LITERAL to escape special characters in the l_string variable.

DECLARE
    l_string varchar2(4000) := 'O''Brien';
BEGIN
    sys.htp.p('<script>'||
        'alert('||apex_escape.js_literal(l_string)||');'||'</script>');
END;