Single and double quotes in JS, HTML, and their escape use

Source: Internet
Author: User

Excerpt from:

' ----Single quotation mark

$ #39; ----single quotes (ie compatible)

" -----double Quotes

A button in a webpage that writes the handling code of the onclick event is accidentally written as follows:
<input value= "Test" type= "button" onclick= "alert (" OK ""); "/>
IE prompt error, then casually changed to:
<input value= "Test" type= "button" onclick= "alert (\" Ok\ ");"/>
The result is still wrong.
At this time, I can not understand, although I know the most direct solution is written like this:
<input value= "" type= "button" onclick= "alert (' OK ');"/>
But why is the escape character in JavaScript \ No effect?

Later, a normal code was found:
<input value= "Test" type= "button" onclick= "alert (&quot;OK&quot;);"/>
At this point, it is understood that the original is still attributed to the scope of the HTML, so the escape character should use HTML, rather than JavaScript.

the practice of two double quotes is VBScript, \ "This approach is JavaScript, and HTML, it is used &quot, and also can use:", ".

The following is a list of the various expression methods:
< body>
< input value= "double quotes inside double quotation marks-error" type= "button" onclick= "alert (" OK ");"/><br/>
< input value= "outer single quotation mark-error" type= "button" onclick= "alert (' OK '); '/><br/>
< input value= "two double quotes-error" type= "button" onclick= "alert (" OK ""); "/><br/>
< input value= "two single quotes-error" type= "button" onclick= "alert (" OK ");"/><br/>
< input value= "\+ double quotes-Error" type= "button" onclick= "alert (\" Ok\ ");"/><br/>
< input value= "\+ single quote-Error" type= "button" onclick= "alert (\ ' Ok\ ');"/><br/>
< input value= "outside double quotes single quote-ok" type= "button" onclick= "alert (' OK ');/><br/>
< input value= "outer single quotation mark-ok" type= "button" onclick= ' Alert ("OK"); '/><br/>
< input value= "external not using quotation marks-ok" type= "button" Onclick=alert (' OK '); Alert ("OK"); /><br/>
< input value= "HTML escape Character" (& # 3 4;)-ok "type=" button "onclick=" alert ("OK"); "/><br/>
< input value= "HTML escape Character" (& # 3 9;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape Character" (& # x 2 2;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape Character" (& # x 2 7;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape character &quot; (& q u o t;)-ok" type= "button" onclick= "alert (&quot;OK&quot;);"/>& Lt;br/>
< input value= "HTML escape character &apos; (& A P o s;)-ie error" type= "button" onclick= "alert (&apos;OK&apos;);"/> <br/>

<input value= "Other \\-Error" type= "button" onclick= "alert (\ \" ok\\ ");"/><br/>
< input value= "other \& # 3 4;-Error" type= "button" onclick= "alert (\" Ok\ ");"/><br/>

Recently, in the test of the function of full-text retrieval module, it is found that there are still great problems in the processing of special symbols.

Some say spring itself provides a transcoding tool class for HTML, JavaScript, and SQL statements, but tested it to find that its htmlutils.htmlescape () does not handle single quotes, just transcoding the following special characters:

    • &:&amp;
    • ": &quot;
    • <: &lt;
    • >:&gt;

      Later replaced with replace (&apos;), IE browser still does not play a role, had to test in Google to see the source code, found its transcoding (& #39;)

      See the following article today to understand:


      In the (x) HTML, some special characters should be escaped by HTML entities.

      Common are: & (and), (double quotes), ' (single quotes), <, (less than), , (greater than), these are in the (x) The contents of the HTML document should be converted to: &amp; , &quot; , & #39; , &lt;   and   &gt; .

      But the question is, why is the escaping of single quotes above different from other special characters? Why is the single quotation mark with the entity number (& #39;), and the other is the entity name (&apos;)?

      The reason is   Internet Explorer temporarily does not support the entity name of single quotes, IE temporarily supports only single quote entity number .

      This is also the PHP htmlspecialchars function to escape the single quotes into & #39, rather than the reason for &apos;.

      Also, Baidu does not support single-quote entity names , which I found in my blog in Baidu search results (I have now changed the single quotation mark to the form of the entity number).

      You can view   the entity number and entity name for all special characters of the HTML.

Character EntityEntity Name Description
" & #34; &quot; Quotation mark
& #39; &apos; (Does not work in IE) Apostrophe
& & #38; &amp; Ampersand
< & #60; &lt; Less-than
> & #62; &gt; Greater-than

Single and double quotes in JS, HTML, and their escape use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.