How do you safely wrap a JS string variable in double quote chars?

 

Obviously when you're creating an actual string literal yourself, you backslash escape the double quote characters yourself. 

var foo = "baz"bat";

Just as you would with the handful of other control characters, like linebreaks and backslashes. 

var bar = "bazbatnmynew line and a "quote" ";

but if you're just wrapping that existing variable in quote character, ie to give it to some other system that requires quoted input, there's some confusion.

Obviously you have to escape any potential double quote characters that are in the string. 

var doubleQuoteRe = /"/g;
var quoted = """ + unquoted.replace(escaper, '"') + """;

But according to some you also now have to worry about escaping literal backslash characters in the variable. In other words using much bigger hammer than my little regex. However i dont see why.

您可能想要避免转义您已经逃脱的引号 - 

String.prototype.inquotes=function(){
 return '"'+this.replace(/(^|[^])"/g,'$1"')+'"';
}

There is a non standard str.quote() in FF

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/quote They suggest the following polyfill 

    if(!String.prototype.quote){
  // oop version - no dependencies
  String.prototype.quote = (function(){
    // prepare fallback
    // ----------------
    // backslash escape double quotes and backslashes
    var escp_regex = /["]/g,
      escp_callback = '$&',
      // escape control characters
      ctrl_map = {
        'b': 'b', // backspace
        't': 't', // tab
        'n': 'n', // new line
        'f': 'f', // form feed
        'r': 'r'  // carriage return
      },
      // don't rely on `Object.keys(ctrl_map).join('')`
      ctrl_regex = new RegExp('[btnfr]', 'g'),
      ctrl_callback = function(match){
        return ctrl_map[match];
      },
      // hex-escape, spare out control characters and ASCII printables
      // [0-7,11,14-31,127-255]
      xhex_regex = /[x00-x07x0Bx0E-x1Fx7F-xFF]/g,
      xhex_callback = function(match, char_code){
        char_code = match.charCodeAt(0);
        return 'x' + (char_code < 16 ? '0' : '') + char_code;
      },
      // hex-escape all others
      uhex_regex = /[u0100-uFFFF]/g,
      uhex_callback = function(match, char_code){
        char_code = match.charCodeAt(0);
        return 'u' + (char_code < 4096 ? '0' : '') + char_code;
      },
      // delegate to native `JSON.stringify` if available
      stringify = typeof JSON !== 'undefined' && JSON.stringify;

    // return actual polyfill
    // ----------------------
    return function(){
      var self = this; // promote compression
      if(self == null) throw new TypeError('can't convert ' + self + ' to object');
      if(stringify) return stringify(self);
      return '"' + self
        .replace(escp_regex, escp_callback)
        .replace(ctrl_regex, ctrl_callback)
        .replace(xhex_regex, xhex_callback)
        .replace(uhex_regex, uhex_callback) + '"';
    }
  }());

  // generic version - requires Function#bind
  String.quote = Function.call.bind(''.quote);
}

You might want to escape other characters aside from quotes, eg whitespace characters (newlines!) and/or non-ASCII characters. There's Crockford's quote() , and my own implementation can be found at mercurial.intuxication.org.

链接地址: http://www.djcxy.com/p/37856.html

上一篇: 在json字符串中引号问题:php

下一篇: 你如何在双引号字符中安全地包装JS字符串变量?