Ruby 清理代码...为什么是 &消毒过的
我目前使用以下代码在存储字符串之前对其进行清理:
ERB::Util::h(string)
当字符串已经像这样清理时,
string = "Watching baseball `&` football"
就会出现我的问题: 清理后的字符串将如下所示:
sanitized_string = "Watching baseball `&` football"
我可以通过旋转 < 来清理字符串吗?分为 < 和 >通过替换进入 > ?
I currently use the following code to sanitize a string before storing them:
ERB::Util::h(string)
My problem occurs when the string has been sanitized already like this:
string = "Watching baseball `&` football"
The sanitized string will look like:
sanitized_string = "Watching baseball `&` football"
Can I sanitize by just turning < into < and > into > via substitution?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
先取消转义,然后再次转义:
Unescape first, then escape again:
一种基于Erubis 的这段代码的快速方法。
A fast approach based on this snippet from Erubis.
是的,你可以,或者更进一步,你可以使用基本的正则表达式删除整个标签,如下所示:
Yes you can, or taking it further you can just delete entire tags with a basic regex like this:
您可以编写自己的消毒程序,但消毒过程中存在很多极端情况和棘手的边缘。
更好的方法可能是在清理字符串之前对其进行取消编码 - h() 是否有一个可以先将字符串放入的逆函数?
You could write your own sanitizer, but there are lots of corner cases and tricky edges in sanitization.
A better approach might be to unencode your string before sanitizing it - does h() have an inverse you could put your strings through first?