堆栈内存溢出
  简体   繁体   English

为什么这个字符串不会逃脱?

[英]Why won't this string escape?

 原文  2012-06-14 18:30:59       javascript/ python/ html/ escaping/ web2py

问题描述

usI have some html with an onSubmit: 我有一些带有onSubmit的html: 

<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">

The problem is that no matter what I do it won't escape the nested quotes. 问题是,无论我做什么,它都不会逃避嵌套引号。 I've tried: 我试过了: 

<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">

<form id="login_box" onSubmit="alert(\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\"); this.submit(); this.reset(); return false;">

<form id="login_box" onSubmit=\"alert(\\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\\"); this.submit(); this.reset(); return false;\">

And any other combo I can think of even if I know it won't work. 即使我知道它也行不通,我能想到的任何其他组合。 Nothing I try is escaping the nested quotes. 我没有尝试逃避嵌套引号。

4 个解决方案

解决方案1
 2 已采纳  2012-06-14 18:57:48

I think you are using twig or any similar template system in python. 我认为你在python中使用twig或任何类似的模板系统。

If you want to translate {{=T('message to translate')}} , just put that string into a custom attr. 如果您要翻译{{=T('message to translate')}} ,只需将该字符串放入自定义attr即可。

Example: 例: 

<form id="login_box" msg="{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}" onSubmit="alert(this.getAttribute('msg')); this.submit(); this.reset(); return false;">

the example 这个例子

:) :)

解决方案2
 1  2012-06-15 19:01:38

Assuming this is in a web2py template, your original code: 假设这是在web2py模板中,您的原始代码: 

onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;"

generates the following HTML: 生成以下HTML: 

onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"

which as far as I can tell, works fine in the browser. 据我所知,在浏览器中工作正常。 However, if you want to escape those single quotes inside the alert, you can do: 但是,如果要在警报内转义那些单引号,则可以执行以下操作: 

onSubmit="alert({{="'%s'" % T('Thank you for contacting us! We have received your email and will contact you shortly.')}}); this.submit(); this.reset(); return false;"

which will generate the following HTML: 这将生成以下HTML: 

onSubmit="alert(&#x27;Thank you for contacting us! We have received your email and will contact you shortly.&#x27;); this.submit(); this.reset(); return false;"

which should also work in the browser. 哪个也应该在浏览器中工作。

Everything inside the {{ }} delimiters is Python code and will be executed on the server and escaped before writing into the response. {{ }}分隔符内的所有内容都是Python代码,将在服务器上执行并在写入响应之前进行转义。 Everything outside the {{ }} delimiters will be included in the response as is (ie, no escaping done by web2py). {{ }}分隔符之外的所有内容都将按原样包含在响应中(即,web2py不会进行转义)。 In your original code, the single quotes in the alert are outside the web2py template delimiters, so they are not escaped by web2py and simply delivered as is. 在原始代码中,警报中的单引号位于web2py模板分隔符之外,因此它们不会被web2py转义并按原样交付。 This is explained further in this section of the web2py book. 这将在web2py本书的这一节中进一步解释。

解决方案3
 0  2012-06-14 18:36:59

In HTML attributes, some characters ( " and & ) have to be encoded as HTML entities. In javascript strings, the string delimiter (eg ' ), has to be escaped using a backslash. This means that your first one should work. 在HTML属性中,一些字符( "& )必须编码为HTML实体。在javascript字符串中,字符串分隔符(例如' )必须使用反斜杠进行转义。这意味着您的第一个应该可以工作。 

<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">

This should alert {{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}} when you click it. 这应该警告{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}当您点击它时。 Assuming this is what you want? 假设这是你想要的?

Edit: 编辑: 

{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}

will return a string, so 会返回一个字符串,所以 

<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">

will become 会变成 

<form id="login_box" onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;">

in rendered HTML. 在呈现的HTML中。 This is correct. 这是对的。 However, you need to escape any backslashes, then html entity encode the output of the T function (in that order). 但是,您需要转义任何反斜杠,然后html实体编码T函数的输出(按此顺序)。

解决方案4
 0  2012-06-14 19:24:01

对返回的值进行HTML编码,然后将其编码为JSON。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么字符串不能在循环中连接? - Why won't the string concatenate in the loop? 为什么此代码不适用于字符串? - Why won't this code work on a string? 为什么此字符串不解析为JSON? - Why won't this string parse to JSON? 为什么“String.prototype = {}”不起作用? - Why “String.prototype={}” won't work? json_encode不能换行 - json_encode won't escape newlines 模态无法使用转义键关闭 - Modal won't close with escape-key 为什么Google Apps脚本无法在数组中找到字符串 - Why won't Google Apps Script find a string in an array Puppeteer 标识符字符串变量不会解析; 不确定为什么 - Puppeteer identifier string variable won't parse; Unsure why 为什么这个POST请求不会向服务器发送JSON字符串? - Why won't this POST request send a JSON string to the server? 为什么不将其解雇? - Why this won't be fired?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM