Table of Contents
Oracle Application Express API Reference
APEX_APPLICATIONAPEX_ACLAPEX_APPLICATION_INSTALLAPEX_AUTHENTICATIONAPEX_AUTHORIZATIONAPEX_APP_SETTINGAPEX_COLLECTIONAPEX_CREDENTIALAPEX_CSSAPEX_CUSTOM_AUTHAPEX_DEBUGAPEX_ESCAPEAPEX_ERRORAPEX_EXECAPEX_EXPORTAPEX_INSTANCE_ADMINAPEX_IRAPEX_ITEMAPEX_JAVASCRIPTAPEX_JSONAPEX_JWTAPEX_LANGAPEX_LDAPAPEX_MAILAPEX_PKG_APP_INSTALLAPEX_PAGEAPEX_PLUGINAPEX_PLUGIN_UTILAPEX_REGIONAPEX_SESSIONAPEX_SPATIALAPEX_STRINGAPEX_THEMEAPEX_UI_DEFAULT_UPDATEAPEX_UTILAPEX_WEB_SERVICEAPEX_ZIPJavaScript APIsapex namespaceapex.da namespaceapex.debug namespaceapex.event namespaceapex.itemapex.lang namespaceapex.message namespaceapex.navigation namespaceapex.page namespaceapex.regionapex.server namespaceapex.storage namespaceapex.util namespaceapex.widget namespaceEventsNon-namespace JavaScript APIsUsing REST Administration Interface APIThis function escapes text to be used in JavaScript. This function uses APEX_ESCAPE.JS_LITERAL to escape characters and provide a reference to that other API.
Note:
This function prevents HTML tags from breaking the JavaScript object attribute assignment and also escapes the HTML tags '<' and '>'. It does not escape other HTML tags, therefore to be sure to prevent XSS (cross site scripting) attacks, you must also call SYS.HTF.ESCAPE_SC to prevent embedded JavaScript code from being executed when you inject the string into the HTML page.
Syntax
APEX_JAVASCRIPT.ESCAPE (
p_text IN VARCHAR2)
RETURN VARCHAR2;
Parameters
Table 19-14 ESCAPE Parameters
| Parameter | Description |
|---|---|
|
|
Text to be escaped. |
Example
Adds some JavaScript code to the onload buffer. The value of p_item.attribute_01 is first escaped with htf.escape_sc to prevent XSS attacks and then escaped with apex_javascript.escape to prevent that special characters like a quotation mark break the JavaScript code.
apex_javascript.add_onload_code (
'var lTest = "'||apex_javascript.escape(sys.htf.escape_sc(p_item.attribute_01))||'";'||chr(10)||
'showMessage(lTest);' );
Parent topic: APEX_JAVASCRIPT