I'm not sure if I conveyed my question incorrectly, because your solution is incorrect with respect to what I'm trying to ask. In general, I think people ask a question with respect to their requirements.
When you say escaping with \ in a string literal. Yes that's fine. But as I indicated, this text is going to be emitted out through a server control. This control toggles readonly and edit modes. The input data is inputted/set on page 1(let's call it pageSource.aspx). PageResults.aspx has the custom server control that injects html as I indicated. We display all values entered by user on pageSource on this custom server control. Now the user can "toggle" the control to edit what he had entered on pageSource. I hope this gives you a better picture.
In other words, what will get rendered out will be:
<input id="anExampleId" value="someValueExample"></input>
Now let's say , the user inputs
ab\\\'"b
. See what I'm saying? Now, by escaping etc, it's not going to work. That's what I meant by it doesn't work. Try jsFiddle or another tool try to emit out an input tag with value that contains both single quotes, double quotes etc.
You can't manipulate this:
string input =
string.Format("<input id="{0}" value="{1}" name="{0}">", idHere, valHere);</input>
I think I have a partial solution (this is the direction we have to take):
It's not that input string above that should be manipulated, it's the actual value (
valHere
) that needs to be manipulated.
valHere= valHere.Replace("\'", "\\'");
I'll add my actual solution shortly.