Are single/double quotes allowed inside HTML attribute values?
I'm trying to set attribute value that contains a single quote:
var attr_value = "It's not working";
var html = "<label my_attr='" + attr_value + "'>Text</label>";
$('body').html(html);
However, I get the following result:
<label working="" not="" s="" my_attr="It">Text</label>
How could I fix this ?
Are double quotes allowed inside attribute values ?
Answer
Yes, both quotes are allowed in attribute values, but you must HTML-escape the quote you're using as an attribute value delimiter, as well as other HTML-special characters like < and &:
function encodeHTML(s) {
return s.split('&').join('&').split('<').join('<').split('"').join('"').split("'").join(''');
}
var html= '<label my_attr="'+encodeHTML(attr_value)+'">Text</label>';
However, you are usually much better off not trying to hack a document together from HTML strings. You risk bugs and HTML-injection (leading to cross-site-scripting security holes) every time you forget to escape. Instead, use DOM-style methods like attr(), text() and the construction shortcut:
$('body').append(
$('<label>', {my_attr: attr_value, text: 'Text'})
);