HTML:Use quotes within quotes within quotes

javascript html string quotes double-quotes
flimmerkiste picture flimmerkiste · Nov 7, 2013 · Viewed 32.6k times · Source

I'm stuck with this problem:

<body onload="document.body.innerHTML="<script>alert('hi')</script>"">

The problem is that i cant use quotes within quotes within quotes. Any ideas?

Answer

Quentin picture Quentin · Nov 7, 2013

To represent a " character inside an HTML attribute delimited by " characters, use the entity &quot;

I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.

Note however, that browsers will not execute JavaScript added to the document with innerHTML. If you want to add a script programatically, the use createElement / appendChild et al.

Related questions

Strip HTML from Text JavaScript

Is there an easy way to take a string of html in JavaScript and strip out the html?

Read More
Fastest method to escape HTML tags as HTML entities?

I'm writing a Chrome extension that involves doing a lot of the following job: sanitizing strings that might contain HTML tags, by converting <, > and & to &lt;, &gt; and &amp;, respectively. (In other words, the …

Read More
Create a string of variable length, filled with a repeated character

So, my question has been asked by someone else in it's Java form here: Java - Create a new String instance with specified length and filled with specific character. Best solution? . . . but I'm looking for its JavaScript equivalent. Basically, I'm …

Read More