[英]Why won't this string escape?
usI have some html with an onSubmit: 我有一些带有onSubmit的html:
<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">
The problem is that no matter what I do it won't escape the nested quotes. 问题是,无论我做什么,它都不会逃避嵌套引号。 I've tried:
我试过了:
<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">
<form id="login_box" onSubmit="alert(\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\"); this.submit(); this.reset(); return false;">
<form id="login_box" onSubmit=\"alert(\\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\\"); this.submit(); this.reset(); return false;\">
And any other combo I can think of even if I know it won't work. 即使我知道它也行不通,我能想到的任何其他组合。 Nothing I try is escaping the nested quotes.
我没有尝试逃避嵌套引号。
I think you are using twig or any similar template system in python. 我认为你在python中使用twig或任何类似的模板系统。
If you want to translate {{=T('message to translate')}}
, just put that string into a custom attr. 如果您要翻译
{{=T('message to translate')}}
,只需将该字符串放入自定义attr即可。
<form id="login_box" msg="{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}" onSubmit="alert(this.getAttribute('msg')); this.submit(); this.reset(); return false;">
:) :)
Assuming this is in a web2py template, your original code: 假设这是在web2py模板中,您的原始代码:
onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;"
generates the following HTML: 生成以下HTML:
onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"
which as far as I can tell, works fine in the browser. 据我所知,在浏览器中工作正常。 However, if you want to escape those single quotes inside the alert, you can do:
但是,如果要在警报内转义那些单引号,则可以执行以下操作:
onSubmit="alert({{="'%s'" % T('Thank you for contacting us! We have received your email and will contact you shortly.')}}); this.submit(); this.reset(); return false;"
which will generate the following HTML: 这将生成以下HTML:
onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"
which should also work in the browser. 哪个也应该在浏览器中工作。
Everything inside the {{ }}
delimiters is Python code and will be executed on the server and escaped before writing into the response. {{ }}
分隔符内的所有内容都是Python代码,将在服务器上执行并在写入响应之前进行转义。 Everything outside the {{ }}
delimiters will be included in the response as is (ie, no escaping done by web2py). {{ }}
分隔符之外的所有内容都将按原样包含在响应中(即,web2py不会进行转义)。 In your original code, the single quotes in the alert are outside the web2py template delimiters, so they are not escaped by web2py and simply delivered as is. 在原始代码中,警报中的单引号位于web2py模板分隔符之外,因此它们不会被web2py转义并按原样交付。 This is explained further in this section of the web2py book.
这将在web2py本书的这一节中进一步解释。
In HTML attributes, some characters ( "
and &
) have to be encoded as HTML entities. In javascript strings, the string delimiter (eg '
), has to be escaped using a backslash. This means that your first one should work. 在HTML属性中,一些字符(
"
和&
)必须编码为HTML实体。在javascript字符串中,字符串分隔符(例如'
)必须使用反斜杠进行转义。这意味着您的第一个应该可以工作。
<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">
This should alert {{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}
when you click it. 这应该警告
{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}
当您点击它时。 Assuming this is what you want? 假设这是你想要的?
Edit: 编辑:
{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}
will return a string, so 会返回一个字符串,所以
<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">
will become 会变成
<form id="login_box" onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;">
in rendered HTML. 在呈现的HTML中。 This is correct.
这是对的。 However, you need to escape any backslashes, then html entity encode the output of the T function (in that order).
但是,您需要转义任何反斜杠,然后html实体编码T函数的输出(按此顺序)。
对返回的值进行HTML编码,然后将其编码为JSON。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.