Search code examples
javajsfoc4joracle-adf

Why is Oracle ADF not escaping quotes for me when I use <h:outputText/>?

Why is Oracle ADF not escaping quotes for me when I use to build up strings in Javascript?

<jsp:root ...>
 <f:view ...>
  <afh:html>
   <f:loadBundle basename="message" var="msg"/>
   <afh:head ...>
    <script>
     function validate() {
      var errorMessages = '';
      .
      .
      if (regNum == '') {
       errorMessages = errorMessages + '<h:outputText value='#{msg['getDetails.validate.regNum']}"/>' + '\r\n';
      }
      .
      .

In my message resources file I have something like

getDetails.validate.regNum=I'd enter the registration number if I were you.

The real text is is in Irish with accented characters and I can see that the accented characters get escaped but not the quote character.

Solution

  • Because singlequotes are not illegal in HTML.

    But they are in JS. You can use fn:replace() to escape them.

    <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
...
<script>
   var foo = '<h:outputText value="#{fn:replace(msg['getDetails.validate.regNum'], "'", "\'")}"/>';