为什么我的Java String中的apostophe在我的HTML中显示为```?
[英]Why does an apostophe in my Java String appear as `'` in my HTML?
问题描述
Why does the Java string: 
为什么Java字符串:
"God's wrath"
appear in HTML as 以HTML格式显示
God's wrath
How to avoid this? 怎么避免这个?
4 个解决方案
解决方案1
5 2010-12-21 19:18:24
This character is escaped to prevent XSS if the resulting string is used in HTML attribute quoted with ' . 如果在带有'引用的HTML属性中使用了结果字符串,则转义此字符以防止XSS。 See OWASP XSS Prevention Cheat Sheet . 请参阅OWASP XSS预防备忘单 。
I don't think it's a good idea to disable such security precautions, since they don't harm the normal behaviour. 我不认为禁用这些安全预防措施是个好主意,因为它们不会损害正常行为。
解决方案2
3 2010-12-21 19:18:59
Just like the '<', '>', and other characters, the quote is replaced by that code to avoid nasty surprises when the browser is rendering the page. 就像'<','>'和其他字符一样,引号被该代码替换,以避免在浏览器呈现页面时出现令人讨厌的意外情况。 Take a look at this list by W3Schools for a complete list of codes and their respective symbol. 请查看W3Schools的此列表,以获取完整的代码列表及其各自的符号。
解决方案3
2 2010-12-21 19:20:37
如果您正在使用JSTL,则c:out标记具有escapeXml属性,您可以将其设置为false以避免编码字符。
解决方案4
1 2010-12-21 19:19:37
Special characters appear as ampersand escaped numbers because they mean something in HTML. 特殊字符显示为&符号转义数字,因为它们表示HTML中的某些内容。 In this case the ' is used to start a string literal. 在这种情况下,'用于启动字符串文字。 if you want it to actually show the ' then you have to replace it with the escaping. 如果你想要它实际显示'那么你必须用逃逸替换它。 That's the why. 这就是原因。
I don't know why you'd want to avoid it though. 我不知道你为什么要避免它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.