[英]JavaScript variable's value is automatically unescaped
<script>
test('test.php?a=%3D');//alert(1)
function test(a){
alert(a);
if(a == 'test.php?a=%3D'){
alert(1);
}else{
alert(2);
}
}
</script>
<a href="javascript:test('test.php?a=%3D')">aaa</a > <!-- alert(2) -->
why two different ways get different results? 为什么两种不同的方式获得不同的结果? can anyone help me? 谁能帮我? thank you very much! 非常感谢你!
Let's analyze these two scenarios: 让我们分析以下两种情况:
test('test.php?a=%3D');//alert(1)
test.php?a=%3D
is considered as a variable. test('test.php?a=%3D');//alert(1)
test.php?a=%3D
被视为变量。
<a href="javascript:test('test.php?a=%3D')">aaa</a > <!-- alert(2) -->
test.php?a=%3D
is considered as an URL with query string and %3D
converts to =
. <a href="javascript:test('test.php?a=%3D')">aaa</a > <!-- alert(2) -->
test.php?a=%3D
被视为带有查询字符串和%3D
URL转换为=
。 So the complete result is test.php?a==
所以完整的结果是test.php?a==
That's the reason these two values are different. 这就是这两个值不同的原因。 Again, consider the code which is shown below - test.php?a=%3D
is considered as a variable, so result is alert(1)
. 再次考虑下面显示的代码test.php?a=%3D
被视为变量,因此结果为alert(1)
。
<input type="button" value="Click" onclick="javascript:test('test.php?
a=%3D')"/>
You have error in your code 您的代码有误
Line 12 12号线
<a href="javascript" click="test('test.php?a=%3D'">aaa</a > <!-- alert(2) -->
Change this line and try 更改此行并尝试
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.