将HTML作为JSON传递的最佳做法
[英]Best practices for passing HTML as JSON
问题描述
According to what I've read (the below links for instance) you need to escape \\ and " when sending HTML as JSON, but that's all you need to escape. 
根据我所读的内容(例如下面的链接),当以JSON格式发送HTML时,您需要转义\\和" ,但这仅是转义。
- http://www.thorntech.com/2012/07/4-things-you-must-do-when-putting-html-in-json/ http://www.thorntech.com/2012/07/4-things-you-must-do-when-putting-html-in-json/
- In jQuery, I am returning HTML in a JSON result, what do I have to escape? 在jQuery中,我将以JSON结果返回HTML,我必须转义什么?
- Escaping HTML strings with jQuery 使用jQuery转义HTML字符串
I have two ways of getting my data: 我有两种获取数据的方式:
1) From Front-end 1)从前端
I am fetiching the html from the page like so: 我喜欢从页面中获取html,如下所示:
$('#myDiv').html()
Which gives me a string containing html, newlines and white spaces. 这给了我一个包含html,换行符和空格的字符串。
<a class="some-class" href="somepage.html">
<figure class="someClass">
<img src="/img/pic.png" alt="">
</figure>
</a>
I can now choose to either use JSON.stringify (which apparently is unnecessary as I only have to escape \\ and ") to get: 我现在可以选择使用JSON.stringify (显然这是不必要的,因为我只需要转义\\和“)即可:
"<a class=\"some-class\" href=\"somepage.html\">\n <figure class=\"someClass\"> \n <img src=\"/img/pic.png\" alt=\"\">\n </figure>\n </a>"
and then JSON.parse later to turn it back into HTML and insert into the DOM. 然后使用JSON.parse将其转换回HTML并插入DOM。
Or I can use escapeHTML() instead of JSON.Stringify: 或者我可以使用escapeHTML()而不是JSON.Stringify:
escapeHTML: function(htmlString) {
var chr = {
'"': '"',
'&': '&',
"'": ''',
'/': '/',
'<': '<',
'>': '>'
};
return html.htmlString(/[\"&'\/<>]/g, function (a) { return chr[a]; });
}
which gives me: 这给了我:
<a class="some-class" href="somepage.html">
<figure class="someClass">
<img src="/img/pic.png" alt="">
</figure>
</a>
I can then unescape it by using the following Solution A : 然后,我可以使用以下解决方案A取消转义:
return $('<textarea/>').html( response ).val();
2) From backend: 2)从后端:
The above works great, but if the response I'm getting (from the backend service) looks like the following (escaped " and /), it doesn't work. 上面的方法很好用,但是如果我(从后端服务)获得的响应看起来像下面的内容(“和/”转义),则它不起作用。
<a class=\"some-class\" href=\"somepage.html\">\n<figure class=\"someClass\">\n<img src=\"/img/pic.png\" alt=\"\">\n<\/figure>\n<\/a>
I first use Solution A . 我首先使用解决方案A。 Then to to get rid of \\" I use: 然后为了摆脱\\"我使用:
markup.replace('\\"', '"');
Clearly that doesn't remove \\/ . 显然,这不会删除\\/ 。 My question is therefor: how can I combine a regexp to unescape both \\ and " if I am to use the escapeHTML() way? 为此,我的问题是:如果我要使用escapeHTML()方式,如何结合使用正则表达式来对\\和"进行转义?
Would it be better to use escapeHTML() or JSON.Stringify when passing HTML as JSON? 将HTML作为JSON传递时,最好使用escapeHTML()或JSON.Stringify ?
1 个解决方案
解决方案1
1 已采纳 2014-12-02 18:04:22
After a lot of researching and thinking, we've decided it's better to use Javascripts own built in functions, rather than doing something manually. 经过大量研究和思考,我们决定使用自己内置的Javascript更好,而不是手动执行。
Therefore we are using JSON.stringify combined with JSON.parse , and told backend to simply html encode their markup, instead of escaping " and / manually. 因此,我们将JSON.stringify与JSON.parse结合使用,并告诉后端对它们的标记进行简单的html编码,而不是手动转义"和/ " 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.