问题
In my Qualtrics survey I have a free-response (textbox) question. I'd like to get the response to this question into javascript so I can do some complicated text processing and post the result to an external page.
It looks like the official Qualtrics way to do that is to use the piped text code:
var answer = "${q://QID1/ChoiceTextEntryValue}"
But this generates javascript code with the literal response inserted into the code. If a survey-taker puts a quote mark in their response, it will break the code. I've also verified that it can be used to inject arbitrary javascript!
Is there any way to assign a user-generated value to a variable safely?
What I've tried:
- It would be nice if there were an API call that put the response directly into a javascript variable without having to use piped text. I've examined their API documentation and talked to tech support, and it doesn't look like such a function exists.
- It would also be helpful if Qualtrics had a built-in feature for character substitution that I could use to strip quotes, but I don't think it does.
- I could use response validation to prevent respondents from submitting a response that has quote marks in it. This is the only workable solution I've come up with, but it would be annoying for users.
来源:https://stackoverflow.com/questions/27256458/escaping-qualtrics-piped-text-for-use-in-javascript-more-generally-how-to-safe