24.15 JS_LITERAL Function

The JS_LITERAL function escapes and optionally enquotes a JavaScript string. This function replaces non-immune characters with \xHH or \uHHHH equivalents. The result can be injected into JavaScript code, within <script> tags or inline (javascript:nnn). Immune characters include:

  • a through z
  • A through Z
  • 0 through 9
  • commas ,
  • periods .
  • underscores _

If the output should not be enclosed in quotes, then the parameter p_quote is NULL.

If p_quote has a value, printable ASCII 7 characters are not escaped except for & < > " ' ` / \ %

Syntax

APEX_ESCAPE.JS_LITERAL (
    p_string IN VARCHAR2,
    p_quote  IN VARCHAR2 DEFAULT '''' )
    return VARCHAR2;

Parameters

Table 24-16 JS_LITERAL Function Parameters

Parameter Description
p_string The text string that is escaped.
p_quote If not NULL, this string is placed on the left and right of the result. The quotation character must be a single- or double-quotation mark.

Example

It describes how to use JS_LITERAL to escape special characters in the l_string variable.

DECLARE
    l_string varchar2(4000) := 'O''Brien';
BEGIN
    sys.htp.p('<script>'||
        'alert('||apex_escape.js_literal(l_string)||');'||'</script>');
END;