|
Use Escape to Replace Dangerous Characters
By Stephen Bucaro
There are certain situations in Java Script programming where we can run into a
problem storing or passing data. Those situations call for the use of the "escape"
functions. For example, to store data in a browser cookie we can create a cookie
with the statement shown below.
document.cookie = "cookieName=cookievalue";
If the cookie string contains the characters ? = , ; : or spaces and tabs, that
will cause problems. To store data containing these characters in a cookie, use the
escape() function as shown below.
document.cookie = escape("cookieName=cookievalue");
The escape() function will replace all non-alphanumeric characters (except @ * - + . / _)
with their hexadecimal equivalents. This is demonstrated with the code shown below.
<html>
<body>
<script language="JavaScript">
document.write("Original characters: " +
"!#$&'(),:;=?~");
document.write("<br>");
document.write("Escaped characters: " +
escape("!#$&'(),:;=?~"));
</script>
</body>
</html>
Then to retrieve the cookie, use the unescape() function as shown below to change
the hexadecimal character strings back to the original characters.
var cookie_data = unescape(document.cookie);
This is demonstrated with the code shown below.
<html>
<body>
<script language="JavaScript">
document.write("Original characters: " +
"!#$&'(),:;=?~");
document.write("<br>");
document.write("Escaped characters: " +
escape("!#$&'(),:;=?~"));
document.write("<br>");
document.write("Unescaped characters: " +
unescape("%21%23%24%26%27%28%29%2C%3A%3B%3D%3F%7E"));
</script>
</body>
</html>
When an html form is submitted using the GET method, it replaces all dangerous
characters before attaching the form's data to the end of the URL. This is
demonstrated with the code shown below.
<html>
<body>
<form action="retrieve3.htm">
<input type="text" name="data1" value="Form Data">
<input type="text" name="data2" value="!#$&'(),:;=?~">
<input type="submit" value="Submit">
</form>
</body>
</html>
When you click on forms "Submit" button, the browser will request the webpage named
retrieve.htm with the forms data attached to the end of the URL as shown below.
retrieve.htm?data1=Form+Data&data2=%21%23%24%26%27%28
%29%2C%3A%3B%3D%3F%7E
To retrieve the data, create the webpage retrieve.htm with the code shown below.
<html>
<body>
<script language="JavaScript">
var formdata = document.location.href;
document.write(formdata);
</script>
</body>
</html>
| 
Free Downloads