[英]Best practices for passing HTML as JSON
According to what I've read (the below links for instance) you need to escape \\
and "
when sending HTML as JSON, but that's all you need to escape. 根据我所读的内容(例如下面的链接),当以JSON格式发送HTML时,您需要转义\\
和"
,但这仅是转义。
I have two ways of getting my data: 我有两种获取数据的方式:
1) From Front-end 1)从前端
I am fetiching the html from the page like so: 我喜欢从页面中获取html,如下所示:
$('#myDiv').html()
Which gives me a string containing html, newlines and white spaces. 这给了我一个包含html,换行符和空格的字符串。
<a class="some-class" href="somepage.html">
<figure class="someClass">
<img src="/img/pic.png" alt="">
</figure>
</a>
I can now choose to either use JSON.stringify
(which apparently is unnecessary as I only have to escape \\ and ") to get: 我现在可以选择使用JSON.stringify
(显然这是不必要的,因为我只需要转义\\和“)即可:
"<a class=\"some-class\" href=\"somepage.html\">\n <figure class=\"someClass\"> \n <img src=\"/img/pic.png\" alt=\"\">\n </figure>\n </a>"
and then JSON.parse
later to turn it back into HTML and insert into the DOM. 然后使用JSON.parse
将其转换回HTML并插入DOM。
Or I can use escapeHTML()
instead of JSON.Stringify: 或者我可以使用escapeHTML()
而不是JSON.Stringify:
escapeHTML: function(htmlString) {
var chr = {
'"': '"',
'&': '&',
"'": ''',
'/': '/',
'<': '<',
'>': '>'
};
return html.htmlString(/[\"&'\/<>]/g, function (a) { return chr[a]; });
}
which gives me: 这给了我:
<a class="some-class" href="somepage.html">
<figure class="someClass">
<img src="/img/pic.png" alt="">
</figure>
</a>
I can then unescape it by using the following Solution A : 然后,我可以使用以下解决方案A取消转义:
return $('<textarea/>').html( response ).val();
2) From backend: 2)从后端:
The above works great, but if the response I'm getting (from the backend service) looks like the following (escaped " and /), it doesn't work. 上面的方法很好用,但是如果我(从后端服务)获得的响应看起来像下面的内容(“和/”转义),则它不起作用。
<a class=\"some-class\" href=\"somepage.html\">\n<figure class=\"someClass\">\n<img src=\"/img/pic.png\" alt=\"\">\n<\/figure>\n<\/a>
I first use Solution A . 我首先使用解决方案A。 Then to to get rid of \\"
I use: 然后为了摆脱\\"
我使用:
markup.replace('\\"', '"');
Clearly that doesn't remove \\/
. 显然,这不会删除\\/
。 My question is therefor: how can I combine a regexp to unescape both \\
and "
if I am to use the escapeHTML()
way? 为此,我的问题是:如果我要使用escapeHTML()
方式,如何结合使用正则表达式来对\\
和"
进行转义?
Would it be better to use escapeHTML()
or JSON.Stringify
when passing HTML as JSON? 将HTML作为JSON传递时,最好使用escapeHTML()
或JSON.Stringify
?
After a lot of researching and thinking, we've decided it's better to use Javascripts own built in functions, rather than doing something manually. 经过大量研究和思考,我们决定使用自己内置的Javascript更好,而不是手动执行。
Therefore we are using JSON.stringify
combined with JSON.parse
, and told backend to simply html encode their markup, instead of escaping "
and /
manually. 因此,我们将JSON.stringify
与JSON.parse
结合使用,并告诉后端对它们的标记进行简单的html编码,而不是手动转义"
和/
"
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.