You use different methods when escaping characters in JavaScript and HTML. JavaScript uses the backslash character, and HTML uses the ampersand character.

Note: This functionality requires a knowledge of JavaScript, HTML, and Apache Jelly (a Java and XML based scripting and processing engine for turning XML into executable code).

There are two different types of escaping that is required when generating output from Jelly:

  • JavaScript
  • HTML

The escaping for each of these consists of the following types.

Table 1. Jelly escaping types
TypeFromTo
JavaScript

' (single quote)

\'
" (double quote) \"

CR (carriage return)

 (blank)

NL (newline)

\n ('\' followed by 'n')
HTML

& (ampersand)

&

< (less than)

&lt;

> (greater than)

 &gt;

You can also escape HTML using the getHTMLValue() function which will enforce all line breaks and escape the characters mentioned above. It can be used as follows:

${test.getHTMLValue()}

Add escaping to a Jelly replacement

You can handle character escaping in Jelly files. XML escaping behavior can be modified only by users with the security_admin role.

About this task

Note: This functionality requires a knowledge of JavaScript, HTML, and Apache Jelly (a Java and XML based scripting and processing engine for turning XML into executable code).

Procedure

Add a prefix to the ${expression} or $[expression] indicating the escaping to be performed. 
${JS:expression}
${HTML:expression}

The prefix tells the system to take the result of the expression and escape it before outputting. The escaping may be combined by specifying a comma-separated list of prefixes:

${JS,HTML:expression}