Skip to content Skip to sidebar Skip to footer
Home / Java / Javascript / Jsp / Spring

Jsp Variable As Javascript Function Parameters

Post a Comment
I'm having a trouble with using jsp variables as javascript parameters. The javascript function: function user(name, lastname, nick) { return name + ' ' + lastname + ' (' + nic

Solution 1:

I am not certain that this is the solution without knowing what the values for the eTestsToAdd collection is, however this would certainly be one problem.

Given this code snipplet:

document.write(user(${et.author.name}, ${et.author.lastname}, ${et.author.nick}));

And the values for the author are joe, shmoe, js respectively this would result in this output 

document.write(user(joe, shmoe, js));

This is invalid javascript, the JS evaluator would look for variables named joe, schome and js. You need to wrap the output in quotes.

document.write(user("${et.author.name}", "${et.author.lastname}", "${et.author.nick}"));

Now if someone puts in the name lovemesome"XXS for the first name you will also get a javascript error. You will need to sanitize your output variables, you can do that for this case by using the following:

${fn:replace(${et.author.name}, '\"', '\\\"'}

You may like these posts

Post a Comment for "Jsp Variable As Javascript Function Parameters"