Previous
Next
Previous |
Next |
This function returns the escaped text surrounded by double quotes. For example, this string could be returned "That\'s a test".
|
Note: This function does not escape HTML tags. It only prevents HTML tags from breaking the JavaScript object attribute assignment. To prevent XSS (cross site scripting) attacks, you must also callSYS.HTF.ESCAPE_SC to prevent embedded JavaScript code from being executed when you inject the string into the HTML page. |
Syntax
APEX_JAVASCRIPT.ADD_VALUE (
p_value IN VARCHAR2,
p_add_comma IN BOOLEAN :=TRUE)
RETURN VARCHAR2;
Parameters
Table: ADD_VALUE Signature 1 Parameters describes the parameters available in the ADD_VALUE signature 1 function.
ADD_VALUE Signature 1 Parameters
| Parameter | Description |
|---|---|
|
|
Text to be escaped and wrapped by double quotes. |
|
|
If |
Example
This example adds some JavaScript code to the onload buffer. The value of p_item.attribute_01 is first escaped with htf.escape_sc to prevent XSS attacks and then assigned to the JavaScript variable lTest by calling apex_javascript.add_value. Add_value takes care of properly escaping the value and wrapping it into double quotes. Because commas are not wanted, p_add_comma is set to FALSE.
apex_javascript.add_onload_code (
'var lTest = '||apex_javascript.add_value(sys.htf.escape_sc(p_item.attribute_01), FALSE)||';'||chr(10)||
'showMessage(lTest);' );
| Copyright © 2003, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
Previous |
Next |