Pure JavaScript Forms: Real World Lesson

So in "Pure JavaScript Forms: Step Two" I figured out how to make a form display what I wanted it to display without putting in any application logic into the display HTML code using Javascript. Since then, I've used it in a controlled production environment once and I have learned a first lesson: Escape the variables you are putting into Javascript!

A Javascript array is set like foo = array('bar','yabba','dabba','doo');. The value of each element in the array is set within single quote marks and each element is separated by a comma. What if one of the values was "O'Bar," so that the array was now set by foo = array('O'Bar','yabba','dabba','doo');? Javascript thinks the value of foo[0] is O not O'Bar. After that it probably makes an error and doesn't process anything else. There are a number of other special characters besides the single quote mark that must be treated specially in order for Javascript to accept them in the array. This special treatment is known as escaping special characters. In Javascript, a single quote that you want treated as part of the value of the variable rather than the end of the variable should be written as back-slash single quote (by back-slash I mean the one above the return key), like \'. The Javascript standard published by Sun says that there are eight characters that must be escaped and three character encodings that can be escaped (character encoding refers to how letters other than the bare-bones a through z and standard American punctuation can be represented using that bare-bones set of letters).