Requirements:
fetch a URL that contains a single quote.<a href="javascript:my_function('my_quote%27s.txt');">...</a>.After a lot of hassle of trying to properly encode a single quote (%27) both Waterfox and Chrome both keep throwing errors. Chrome allowed me to see that the error was triggered because the browsers are taking it upon themselves to decode strings (when I have not programed them to) turning %27 in to the literal single quote character so it errors out before the function is even called (e.g. my_function('my_quotes's.txt') with the quote being internally decoded and causing the obvious triple quote issue).
I could use PHP's htmlentities($file_name, ENT_QUOTES) though I'd have to string replace ' which seems pointlessly convoluted.
javascript:.How do I properly encode a single quote in a manner that JavaScript won't take it upon itself to somehow internally decode it and throw errors?
I am required to make the call via
javascript:
Shudder. Please fix this. It's known as a bad practice since over ten years! And it's exactly what's causing the URI decoding - the javascript: schema is followed by an percent-encoded value to interpret.
So if you start with the js code
my_function('my"e's.txt');
it would become one of
javascript:my_function%28%27my%26quote%27s.txt%27%29%3B
javascript:my_function(%27my%26quote%27s.txt%27)%3B
javascript:my_function('my%26quote's.txt')%3B
(the apostrophe ' and the parenthesis actually don't need to be encoded).
But 'my_quote's.txt' is not the valid javascript that you want to start with. What you're actually looking for is 'my_quote\'s.txt' or "my_quote's.txt'. To use these in a javascript:-scheme URI, it becomes
javascript:my_function('my_quote\'s.txt')%3B
javascript:my_function("my_quote's.txt")%3B
So if you generate this href string from a dynamic filename value, you must
javascript urlhref attribute value