The JS_LITERAL function escapes and optionally enquotes a javascript string. This function replaces non-immune characters with \xHH or \uHHHH equivalents. The result can be injected into javascript code, within <script> tags or inline ("javascript:xxx"). Immune characters include a through z, A through Z, 0 through 9, commas ",", periods "." and underscores "_" if the output should not be enclosed in quotes when the parameter p_quote is null. If p_quote has a value, printable ASCII 7 characters except for & < > " ' ` / \ % are not escaped.
Syntax
APEX_ESCAPE.JS_LITERAL (
p_string IN VARCHAR2,
p_quote IN VARCHAR2 DEFAULT '''' )
return VARCHAR2;
Parameters
Table 12-6 JS_LITERAL Function Parameters
| Parameter | Description |
|---|---|
|
|
The text string that is escaped. |
|
|
If not null, this string is placed on the left and right of the result. The quotation character must be a single or a double quotation mark. |
Example
It describes how to use JS_LITERAL to escape special characters in the l_string variable.
declare
l_string varchar2(4000) := 'O''Brien';
begin
sys.htp.p('<script>'||
'alert('||apex_escape.js_literal(l_string)||');'||'</script>');
end;
Parent topic: APEX_ESCAPE