Don’t use it!
escape() is defined in section B.2.1.2 escape and the introduction text of Annex B says:
… All of the language features and behaviours specified in this annex have one or more undesirable characteristics and in the absence of legacy usage would be removed from this specification. …
… Programmers should not use or assume the existence of these features and behaviours when writing new ECMAScript code….
Special characters are encoded with the exception of: @*_+-./
The hexadecimal form for characters, whose code unit value is 0xFF or less, is a two-digit escape sequence:
For characters with a greater code unit, the four-digit format
%uxxxx is used. This is not allowed within a query string (as defined in RFC3986):
query = *( pchar / "/" / "?" ) pchar = unreserved / pct-encoded / sub-delims / ":" / "@" unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" pct-encoded = "%" HEXDIG HEXDIG sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
A percent sign is only allowed if it is directly followed by two hexdigits, percent followed by
u is not allowed.
Use encodeURI when you want a working URL. Make this call:
encodeURI("http://www.example.org/a file with spaces.html")
Don’t call encodeURIComponent since it would destroy the URL and return
Note that encodeURI, like encodeURIComponent, does not escape the ‘ character.
Use encodeURIComponent when you want to encode the value of a URL parameter.
var p1 = encodeURIComponent("http://example.org/?a=12&b=55")
Then you may create the URL you need:
var url = "http://example.net/?param1=" + p1 + "¶m2=99";
And you will get this complete URL:
Note that encodeURIComponent does not escape the
' character. A common bug is to use it to create html attributes such as
href="https://stackoverflow.com/questions/75980/MyUrl", which could suffer an injection bug. If you are constructing html from strings, either use
" instead of
' for attribute quotes, or add an extra layer of encoding (
' can be encoded as %27).
For more information on this type of encoding you can check: http://en.wikipedia.org/wiki/Percent-encoding