Spotify Apps Api-encodeURI /转义

Question

There seems to be a bug when using the JavaScript functions encodeURI / escape and encodeURIComponent. 使用JavaScript函数encodeURI / escape和encodeURIComponent时似乎存在一个错误。 Example: 例：

escape( 'The Frames' )             // The            0.000000rames
encodeURI( 'The Frames' )          // The            0.000000rames
encodeURIComponent( 'The Frames' ) // The            0.000000rames

The comments show the output. 注释显示输出。 Executing this code outside of Spotify in whatever browser works as expected (replacing a space by either + or %20). 在任何可以正常工作的浏览器中的Spotify外部执行此代码（用+或％20替换空格）。

Can others confirm this is a bug? 其他人可以确认这是一个错误吗？ Or am I doing something wrong here...? 还是我在这里做错了...？ Is there a place to report bugs for Spotify Apps? 是否可以报告Spotify应用程序的错误？

EDIT: Apparently the examples above work as they are supposed to. 编辑：显然上面的示例按预期方式工作。 However, incorporating them in an alert() will show a messed up string, while in fact it is OK. 但是，将它们合并到alert（）中将显示混乱的字符串，而实际上是可以的。

Answer 1

From the guidelines : 根据准则：

Encoded Strings 编码字符串

To ensure that applications do not use strings in potentially unsafe ways, all strings given by the Spotify APIs are encoded so that accidental misuse will not cause injection vulnerabilities. 为确保应用程序不会以可能不安全的方式使用字符串，对Spotify API提供的所有字符串均进行了编码，以便意外滥用不会造成注入漏洞。 If the application does not decode these strings, using the two methods described below, the strings will display as garbage to the user. 如果应用程序未使用以下两种方法解码这些字符串，则这些字符串将作为垃圾显示给用户。 The only exception to this is URIs, which are never encoded and thus require no decoding. 唯一的例外是URI，它从未被编码，因此不需要解码。 The API documentation states for each method which strings must be decoded or not. API文档说明了每种方法必须解码或不解码的字符串。 Two methods have been added to the JavaScript strings: decodeForText() and decodeForHTML() . JavaScript字符串中已添加了两个方法： decodeForText（）和decodeForHTML（） 。 If the string is intended to be used in a safe manner, such as setting the innerText or creating a text node using document.createTextNode(), the decodeForText() should be used. 如果打算以安全的方式使用字符串，例如设置innerText或使用document.createTextNode（）创建文本节点，则应使用encodeForText（）。 It will return a raw non-escaped string, so make sure it is never inserted into any context where will be interpreted as HTML. 它将返回原始的非转义字符串，因此请确保不要将其插入任何将被解释为HTML的上下文中。 If the string is inteded to go into an innerHTML or in any piece of code that will be intepreted as HTML, the decodeForHTML() must be used. 如果将字符串放入innerHTML或将要解释为HTML的任何代码段中，则必须使用encodeForHTML（）。 It will ensure that < and > is encoded as < and > etc. For example: 它将确保<和>编码为<和>等。例如：

getElementById('song-title').innerHTML = track.title.decodeForHTML(); getElementById('song-title').innerText = track.title.decodeForText(); getElementById('song-title').appendChild(document.createTextNode(track.title.decodeForText()));

Applications that do not use these methods will a) not be able to display metadata or any other data from the Spotify API, and b) will be rejected in the upload process. 不使用这些方法的应用程序将a）无法显示Spotify API中的元数据或任何其他数据，并且b）在上载过程中将被拒绝。 Also ensure that you propery escape unsafe HTML strings from wherever they happen to come from, eg, your backend servers. 还要确保您正确地从不安全的HTML字符串（例如后端服务器）中逃脱了它们。

And the source code, in case you're curious: 还有源代码，以防您好奇：

String.prototype.decodeForText = function() {
    var result = "";
    for (var i = 0; i < this.length; ++i) {
        if (this.charAt(i) !== "&") {
            result += this.charAt(i);
            continue;
        } else if (this.substring(i, i + 5) === "&amp;") {
            result += "&";
            i += 4;
            continue;
        } else if (this.substring(i, i + 4) === "&lt;") {
            result += "<";
            i += 3;
            continue;
        } else if (this.substring(i, i + 4) === "&gt;") {
            result += ">";
            i += 3;
            continue;
        } else if (this.substring(i, i + 6) === "&quot;") {
            result += "\"";
            i += 5;
            continue;
        } else if (this.substring(i, i + 6) === "&apos;") {
            result += "'";
            i += 5;
            continue;
        } else if (this.substring(i, i + 8) === "&equals;") {
            result += "=";
            i += 7;
            continue;
        }
    }
    return result;
};

String.prototype.decodeForHTML = function() {
    return this;
};

String.prototype.decodeForLink = function() {
    return encodeURI(this.decodeForText());
}

String.prototype.encodeToHTML = function() {
    var result = "";
    for (var i = 0; i < this.length; ++i) {
        if (this.charAt(i) === "&") {
            result += "&amp;";
        } else if (this.charAt(i) === "<") {
            result += "&lt;";
        } else if (this.charAt(i) === ">") {
            result += "&gt;";
        } else if (this.charAt(i) === "\"") {
            result += "&quot;";
        } else if (this.charAt(i) === "'") {
            result += "&apos;";
        } else if (this.charAt(i) === "=") {
            result += "&equals;";
        } else {
            result += this.charAt(i);
        }
    }
    return result;
}
}(this));

Spotify Apps Api-encodeURI /转义

问题描述

1 个解决方案

解决方案1
2 已采纳 2012-02-26 09:36:08

Spotify Apps Api-encodeURI /转义

问题描述

1 个解决方案

解决方案1 2 已采纳 2012-02-26 09:36:08

解决方案1
2 已采纳 2012-02-26 09:36:08