使用jQuery动态更改div的HTML会导致HTML编码丢失
[英]Dynamically changing the HTML of a div with jQuery is causing HTML encoding to be lost
问题描述
I have a piece of code which dynamically alters the HTML of a div called 'accordion' on the fly like so: 
我有一段代码可以动态地动态更改称为“手风琴”的div的HTML,如下所示:
// htmlstring contains some HTML containing some HTML encoding
// e.g. <span class='clickableComponent component' onclick="ComponentClicked('4612', 'Don't know', '44761');">Don't know</span>
$('#accordion').html(htmlstring);
However, after the HTML for the element 'accordion' is set, upon inspecting the HTML of the div via FireBug (or other developer tool) the encoded apostrophe is lost and is instead replaced by an apostrophe which is un-encoded. 但是,在设置了元素“手风琴”的HTML之后,在通过FireBug(或其他开发者工具)检查div的HTML时,编码的撇号会丢失,而是由未编码的撇号代替。 The encoding seems to get lost in the .html method. 编码似乎在.html方法中丢失了。
I've tried using assigning the HTML using the .innerHtml method instead, but the same thing happens. 我尝试使用.innerHtml方法代替分配HTML,但是同样的事情发生了。
Does anybody have any ideas as to why this is happening? 是否有人对为什么会这样有任何想法?
4 个解决方案
解决方案1
1 已采纳 2014-04-24 16:16:37
When the HTML code is merged into the DOM, everything is canonicalized into the internal DOM representation, the original HTML coding is irrelevant. 当HTML代码合并到DOM中时,所有内容都被规范化为内部DOM表示形式,原始的HTML编码无关紧要。 Apostrophe and ' 使徒和' are equivalent in HTML code, so they turn into the same thing in the DOM. 在HTML代码中是等效的,因此它们在DOM中变成相同的东西。
What you need to do is escape the inner apostrophe. 您需要做的是逃脱内部撇号。 htmlstring should contain: htmlstring应该包含:
<span class='clickableComponent component' onclick="ComponentClicked('4612', 'Don\'t know', '44761');">Don't know</span>
Issues like this are one of the reasons why inline Javascript in HTML elements is not recommended. 此类问题是不建议在HTML元素中使用内联Javascript的原因之一。 It would be cleaner if you did something like: 如果您执行以下操作会更干净:
$(".clickableComponent").click(function() {
ComponentClicked('4612', "Don't know", '44761');
});
解决方案2
0 2014-04-24 16:16:17
Try using the javascript escape \\' 尝试使用javascript转义\\'
Here's an excerpt from the jQuery docs that explains why your HTML escape character is being rendered: 这是jQuery文档的摘录,解释了为什么渲染HTML转义符:
By design, any jQuery constructor or method that accepts an HTML string — jQuery(), .append(), .after(), etc. — can potentially execute code.
解决方案3
0 2014-04-24 16:19:29
Check this link: HTML-encoding lost when attribute read from input field 检查此链接: 从输入字段读取属性时,HTML编码丢失
you can use the function that Anentropic write. 您可以使用Anentropic编写的功能。
function htmlEscape(str) {
return String(str)
.replace(/&/g, '&')
.replace(/"/g, '"')
.replace(/'/g, ''')
.replace(/</g, '<')
.replace(/>/g, '>');
}
解决方案4
0 2014-04-25 09:57:11
Thanks go to Barmar for providing the first correct answer. 感谢Barmar提供第一个正确答案。 In actual fact I refactored my code so that I wasn't passing complicated strings via a method parameter, but my you did answer my initial query correctly. 实际上,我重构了代码,以便不通过方法参数传递复杂的字符串,但是您确实可以正确回答初始查询。
Thanks to other comments for your input too. 也感谢您的其他意见。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.