在JavaScript字符串中转义字符
[英]Escaping characters in javascript strings
问题描述
I thought that escaping quote characters in javascript was done by either using the other style of quote 
我认为转义javascript中的引号字符是通过使用其他引号样式完成的
"xxx ' yyy"
or 要么
'xxx " yyy'
or using a backslash to quote them 或使用反斜杠将其引用
'xxx \' yyy\'
or 要么
"xxx \" yyy"
but that doesn't seem to work in the problem I am currently working on. 但这似乎无法解决我目前正在解决的问题。
The code I want to put in my generated HTML is: 我想放入生成的HTML中的代码是:
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999, ['XXX', this.value, 'YYY']);">
The question is what escaping is needed for the string YYY? 问题是字符串YYY需要转义什么?
I thought escaping single quote (') would be fine, but then I would also need to escape double quote (") as that is the outer wrapper for the onChange code. 我认为转义单引号(')会很好,但随后我还需要转义双引号(“),因为这是onChange代码的外部包装。
Lets say the string I want for YYY is: 可以说我想要的YYY字符串是:
SQ' DQ" LT< GT> AMP&
so I tried outputting 所以我尝试输出
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999,
['XXX', this.value, 'SQ\' DQ\" LT< GT> AMP&']);">
but FireFox saw the "<" as breaking the code 但是FireFox认为“ <”违反了代码
Eventually, to keep FireFox happy, I had to use 最终,为了让FireFox开心,我不得不使用
SQ\' DQ\x22 LT\x3C GT\x3E AMP\x26
ie 即
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999,
['XXX', this.value, 'SQ\' DQ\x22 LT\x3C GT\x3E AMP\x26']);">
this is a heck of a lot more escaping than I had expected. 这比我预期的要逃避得多。 Is it really necessary, or have I missed something more straightforward? 真的有必要吗,还是我错过了更简单的方法?
Thanks. 谢谢。
4 个解决方案
解决方案1
3 已采纳 2009-10-06 19:19:41
You're escaping on the wrong level - before it even gets to parsing the javascript, it needs to parse the HTML it's embedded in. 您正在逃避错误的级别-甚至在解析javascript之前,它都需要解析其嵌入的HTML。
Use the HTML entities " 使用HTML实体" , < , < and > 和> and you'll be fine. 你会没事的。
<input type="text" onChange="MyFunction(... ['" < > "']);">
解决方案2
1 2009-10-06 19:27:19
The problem is that you need to the escape the code twice. 问题是您需要两次对代码进行转义。 First you need to escape the characters to put them in the Javascript string literal, then you have to HTML encode the entire Javascript code to put it in the onclick attribute in the HTML tag. 首先,您需要转义字符以将其放入Javascript字符串文字中,然后必须对整个Javascript代码进行HTML编码,以将其放入HTML标记的onclick属性中。
First, to encode the string in the Javascript, it would look like this: 首先,要在Javascript中对字符串进行编码,如下所示:
MyFunction(this, 0, 99999, ['XXX', this.value, 'SQ\' DQ" LT< GT> AMP&']);
Then you HTML encode the entire script. 然后,您对整个脚本进行HTML编码。 In this case there are only characters that need encoding inside the string: 在这种情况下,字符串中仅需要编码的字符:
<input type="text" value="MyValue" name="MyName"
onChange="MyFunction(this, 0, 99999,
['XXX', this.value, 'SQ\' DQ" LT< GT> AMP&']);">
解决方案3
0 2009-10-06 19:19:49
Why not break it up: innerHTML = ' ' + "AMP&']);" 为什么不把它拆开:innerHTML =''+“ AMP&']);” + '">'; +'“>';
This leads me to think you have a problem with your design though, and you may want to rethink what you are doing. 这使我认为您的设计存在问题,并且您可能想重新考虑您在做什么。
For example, you should do this with DOM functions, then this problems becomes simpler, rather than trying to do all this in innerHTML. 例如,您应该使用DOM函数执行此操作,然后问题就变得简单了,而不是尝试在innerHTML中完成所有这些操作。
解决方案4
0 2009-10-06 19:24:46
In xml/html attributes symbols < and > should be escaped: < 在xml / html属性中,符号<和>应该转义:&lt; and > 和&gt;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.