23.16 JS_LITERAL_CLOB Function
This function escapes and optionally enquotes a JavaScript string. This function replaces non-immune characters with \xHH or \uHHHH equivalents. The result can be injected into JavaScript code, within <script> tags or inline (javascript:nnn). Immune characters include:
athroughzAthroughZ0through9- commas
, - periods
. - underscores
_
If the output should not be enclosed in quotes, then the parameter p_quote is NULL.
If p_quote has a value, printable ASCII 7 characters are not escaped except for & < > " ' ` / \ %
Syntax
APEX_ESCAPE.JS_LITERAL_CLOB (
p_string IN CLOB )
RETURN CLOB;Parameters
Table 23-17 JS_LITERAL_CLOB Parameters
| Parameter | Description |
|---|---|
p_string |
The text string that is escaped. |
p_quote |
If not NULL, this string is placed on the left and right of the result. The quotation character must be a single- or double- quotation mark. |
Example
The following example describes how to use JS_LITERAL to escape special characters in the l_string variable.
DECLARE
l_string clob := 'O''Brien';
BEGIN
sys.htp.p(
to_clob('<script>')||
'alert(' || apex_escape.js_literal_clob(l_string) || ');' ||
'</script>' );
END;Parent topic: APEX_ESCAPE