Use of JavaScript to work with macros

Edit online

There are two methods of using JavaScript to work with Security Verify Access macros. You can use macros as JavaScript strings or you can use JavaScript to work with the HTML Document Object Model (DOM). To use a macro as a JavaScript string, simply insert the macro name between double or single quotes. For example:

var username = "%USERNAME%";

When using a macro as a JavaScript string, be aware that the macro value may contain URI encoding or HTML entity encoding. You can use the JavaScript unescape() function to remove URI encoding from macro values.

The recommended method for removing HTML entity encoding is to use JavaScript to work with the HTML DOM. For example, the following HTML code can be used to remove entity encoding from the %USERNAME% macro:

<span id='user' style='visibility: hidden'>%USERNAME%</span>
<script>
	var user = document.getElementById('user');
	if (user && user.firstChild) 
		{
		var name = user.firstChild.nodeValue;
		}
</script>

The name variable contains the contents of the %USERNAME% macro; you can then use the variable as needed. However, use caution to avoid introducing DOM-based cross-site scripting vulnerabilities to the HTML template pages when using macro values.