Why doesn't encodeURIComponent encode single quotes/apostrophes?

Active3 hr before
Viewed126 times

7 Answers


The escape() function, was deprecated and replaced by encodeURIComponent but encodeURIComponent doesn't encode single quote/apostrophe character. Which I need to escape the apostrophes in a persons surname (E.g. 'O'Neill') in an AJAX form. Why would they remove the ability of something they were trying to improve?,To answer your question, on why ' and the other chars mentioned above are not encoded by encodeURIComponent, the short answer is that they only need to be encoded in certain URI schemes and the decision to encode them depends on the scheme you're using., 5 encodeURIComponent doesn't encode ' characters because ' characters don't need to be encoded in URIs. – Quentin Aug 15 '13 at 11:11 ,URI producing applications should percent-encode data octets that correspond to characters in the reserved set unless these characters are specifically allowed by the URI scheme to represent data in that component. If a reserved character is found in a URI component and no delimiting role is known for that character, then it must be interpreted as representing the data octet corresponding to that character's encoding in US-ASCII.

If you wish to use an encoding compatible with RFC 3986 (which reserves !, ', (, ), and *), you can use:

function rfc3986EncodeURIComponent(str) {
   return encodeURIComponent(str).replace(/[!'()*]/g, escape);

Where "reserved set" is defined as

reserved = gen - delims / sub - delims
gen - delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub - delims = "!" / "$" / "&" / "'" / "(" / ")" /
   "*" / "+" / "," / ";" / "="

Apostrophe is in the sub-delims group. In other words, you must leave these characters unencoded expecially if you are sure that consuming applications will know what to do with them: for example if you mistakenly encoded ? and & they will no longer delimit query parts. Historically there were also proposal for path segments parameters delimited with ; and , (didn't get large adoption), so these characters are also still allowed,. It is not that apostrohe is "free to use" (ie unreserved) in URI data, but that it was assumed it will have some special meaning in the URI context, for example the segment part:

segment = * pchar
pchar = unreserved / pct - encoded / sub - delims / ":" / "@"
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
load more v

Javascript encodeURIComponent doesn’t encode single quotes, is there any alternate fix for this.,did you try encodeURI() instead (which encodes more characters than encodeURIComponent() does),For what other purpose are you encoding the text? There is likely to be a different and better solution for your needs.,my issue is i have a share component by clicking on the social media icon i need to fetch the browser title and page URL in text area. In browser title itself have single quotation mark, though i have used ASCII codes in chrome and IE in social media window showing � like this, my assumption we can fix it trough javascript encodeURIcomponent() function, i am not sure about my assumption.

did you try encodeURI() instead (which encodes more characters than encodeURIComponent() does)

load more v

If you try this out you will see all the special characters are encoded except for the single quote. What function can I use to encode ALL the characters and use PHP to decode them?,I found a neat trick that never misses any characters. I tell it to replace everything except for nothing. I do it like this (URL encoding):,I'm not sure why you would want them to be encoded. If you only want to escape single quotes, you could use .replace(/'/g, "%27"). However, good references are:,As @Bergi wrote, you can just replace all the characters:

Try it out:

load more v

Use JSENCODE to get it to proper JavaScript escaping, and then encodeURIComponent to make sure the URL is correct., My sample field value is '"Someone`s Name"'. And I'm trying to solve this using encodeURI in JavaScript. – r.tolentino Feb 5 '18 at 14:50 ,To subscribe to this RSS feed, copy and paste this URL into your RSS reader., Where does the energy stored in inductor go on opening the switch?

Example Code:

var someonesName = "{!JSENCODE(Contact.Name)}";
var someUrl = "https://.../?name=" + encodeURIComponent(someonesName);

 Double quotes ( \" ) must escape a double quote and vice versa single quotes ( \' ) must escape a single quote.,A double-quoted string can have single quotes without escaping them, conversely, a single-quoted string can have double quotes within it without having to escape them.,Combing through a few popular JavaScript projects we can see a clear preference for single quotes over double-quotes.,On Turkish Q keyboards, we need to press Shift for a single quote and not for a double quote!

'apple' === "apple"

'apple' //correct
"apple" //correct
"apple' //incorrect

var div = '<div class="panel">...</div>'

var message = 'Javascript'
s beauty is simplicity ';

var message = "Javascript's beauty is simplicity";

var message = 'Javascript\'s beauty is simplicity';
load more v

I have run into a problem where the user enters data and if there are single quotes at all, the script errors out. ,I'm sending it through ajax to a database. here is the data parameter for a json ajax call. data: "{str_" + sectionName + " :'" + UpdateText + "',EntityID: '" + EntityID + "' }", with update text being the string that can contain the quotes.,What's the best way to handle single quotes that users enter so it doesn't interfere with the jquery/javascript?


I'm sending it through ajax to a database. here is the data parameter for a json ajax call.
data: "{str_" + sectionName + " :'" + UpdateText + "',EntityID: '" + EntityID + "' }",
with update text being the string that can contain the quotes.

data: "{str_" + sectionName + " :'" + UpdateText + "',EntityID: '" + EntityID + "' }",

The encodeURIComponent function is an extension of encodeURI, the difference being that it also escapes the following characters: , / ? : @ & = + $,In the HTML we use double-quotes and in the JavaScript single-quotes, so any quotes within the JavaScript code will need to be escaped so that they don't conflict with either the HTML or JavaScript quotes.,Another essential PHP function that comes in handy when passing data to JavaScript is addslashes which will add a backslash before: backslashes, single- and double-quotes.,very helpful page. Maybe you should add an encoding option so we can test the funcs with different encodings.

thank you very much for this page, it has been very helpful to me. i just want to add an info:
if you are using ajax(post) forms or in a similar occasion, you can use encodeURIComponent on javascript side and 'conditional' stripslashes on php side, like:
$Name = get_magic_quotes_gpc() ? stripslashes($_POST['Name']) : $_POST['Name'];
- urldecode() will be automatically executed on server for $_POST parameters.
- if you want to output data in html directly, use php command nl2br, for line breaks etc.
- for unicode chars, html files should be saved with code page utf-8 char set. nothing extra to do with code.
- for details and whys, read official documentations of these commands.

$Name = get_magic_quotes_gpc() ? stripslashes($_POST['Name']) : $_POST['Name'];
load more v

Other "doesn-undefined" queries related to "Why doesn't encodeURIComponent encode single quotes/apostrophes?"