URL 编码见 “&” (与号)为 “&” HTML实体

发布于 2024-09-15 10:59:27 字数 205 浏览 8 评论 0原文

我正在对将在 URL 中传递的字符串进行编码(通过 GET)。但如果我使用 escapeencodeURIencodeURIComponent& 将被替换为 %26amp% 3B,但我希望将其替换为 %26。我做错了什么?

I am encoding a string that will be passed in a URL (via GET). But if I use escape, encodeURI or encodeURIComponent, & will be replaced with %26amp%3B, but I want it to be replaced with %26. What am I doing wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

蓝礼 2024-09-22 10:59:27

如果没有看到你的代码,除了在黑暗中刺伤之外很难回答。我猜测您传递给 encodeURIComponent() 的字符串(这是正确的使用方法)来自访问 innerHTML 属性的结果。解决方案是获取 innerText/textContent 属性值:

var str, 
    el = document.getElementById("myUrl");

if ("textContent" in el)
    str = encodeURIComponent(el.textContent);
else
    str = encodeURIComponent(el.innerText);

如果不是这种情况,您可以使用 replace() 方法替换 HTML 实体:

encodeURIComponent(str.replace(/&/g, "&"));

Without seeing your code, it's hard to answer other than a stab in the dark. I would guess that the string you're passing to encodeURIComponent(), which is the correct method to use, is coming from the result of accessing the innerHTML property. The solution is to get the innerText/textContent property value instead:

var str, 
    el = document.getElementById("myUrl");

if ("textContent" in el)
    str = encodeURIComponent(el.textContent);
else
    str = encodeURIComponent(el.innerText);

If that isn't the case, you can usethe replace() method to replace the HTML entity:

encodeURIComponent(str.replace(/&/g, "&"));
烟沫凡尘 2024-09-22 10:59:27

If you did literally this:

encodeURIComponent('&')

Then the result is %26, you can test it here. Make sure the string you are encoding is just & and not & to begin with...otherwise it is encoding correctly, which is likely the case. If you need a different result for some reason, you can do a .replace(/&/g,'&') before the encoding.

゛清羽墨安 2024-09-22 10:59:27

有 HTML 和 URI 编码。 && 编码在 HTML 中,而 %26URI 编码

因此,在对字符串进行 URI 编码之前,您可能需要先进行 HTML 解码,然后再对其进行 URI 编码:)

var div = document.createElement('div');
div.innerHTML = '&AndOtherHTMLEncodedStuff';
    
var htmlDecoded = div.firstChild.nodeValue;
console.log('htmlDecoded: '+htmlDecoded);
    
var urlEncoded = encodeURIComponent(htmlDecoded);
console.log('urlEncoded: '+urlEncoded);

结果 %26AndOtherHTMLEncodedStuff

希望这可以节省您一些时间

There is HTML and URI encodings. & is & encoded in HTML while %26 is & in URI encoding.

So before URI encoding your string you might want to HTML decode and then URI encode it :)

var div = document.createElement('div');
div.innerHTML = '&AndOtherHTMLEncodedStuff';
    
var htmlDecoded = div.firstChild.nodeValue;
console.log('htmlDecoded: '+htmlDecoded);
    
var urlEncoded = encodeURIComponent(htmlDecoded);
console.log('urlEncoded: '+urlEncoded);

result %26AndOtherHTMLEncodedStuff

Hope this saves you some time

我最亲爱的 2024-09-22 10:59:27

需要明确的是,您永远不要使用 encodeURI()encodeURIComponent()。如果您不同意,请看看它的结果......

console.log(encodeURIComponent('@#$%^&*'));

输入:^&*

输出:%40%23%24%25%5E%26*

这不对吧? * 未转换!我希望您不要将其用作服务器端清理功能,因为 * 不会被视为输入,而是被视为命令,即,想象一下使用 rm *< 删除用户声称的文件/代码>。好吧,我希望您没有使用encodeURI() 或encodeURIComponent()!

TLDR:您实际上想要 fixedEncodeURIComponent()< /code>fixedEncodeURI ()

MDNencodeURI() 文档 ...

函数fixedEncodeURI(str) {
   returnencodeURI(str).replace(/%5B/g, '[').replace(/%5D/g, ']');
}

MDNencodeURIComponent() 文档 ...

函数fixedEncodeURIComponent(str) {
 返回encodeURIComponent(str).replace(/[!'()*]/g, function(c) {
   返回 '​​%' + c.charCodeAt(0).toString(16);
 });
}

通过这些函数,可以使用 fixedEncodeURI() 对单个 URL 片段进行编码,而 fixedEncodeURIComponent() 对 URL 片段和连接器进行编码;或者,更简单地说,fixedEncodeURI() 不会对 +@?=:#;,$& 进行编码(如 &+ 是常见的 URL 运算符),但 fixedEncodeURIComponent() 可以。

Just to be clear, you should never be using encodeURI() and encodeURIComponent(). If you disagree, just look at its results...

console.log(encodeURIComponent('@#$%^&*'));

Input: ^&*.

Output: %40%23%24%25%5E%26*.

That's not right, is it? * did not get converted! I hope you're not using this as a server-side cleansing function, because * will not be treated as input but as commands, i.e., imagine deleting a user's alleged file with rm *. Well, I hope you're not using encodeURI() or encodeURIComponent()!

TLDR: You actually want fixedEncodeURIComponent() and fixedEncodeURI().

MDN encodeURI() Documentation...

function fixedEncodeURI(str) {
   return encodeURI(str).replace(/%5B/g, '[').replace(/%5D/g, ']');
}

MDN encodeURIComponent() Documentation...

function fixedEncodeURIComponent(str) {
 return encodeURIComponent(str).replace(/[!'()*]/g, function(c) {
   return '%' + c.charCodeAt(0).toString(16);
 });
}

With these functions, use fixedEncodeURI() to encode a single URL piece, whereas fixedEncodeURIComponent() will encode URL pieces and connectors; or, more simply, fixedEncodeURI() will not encode +@?=:#;,$& (as & and + are common URL operators), but fixedEncodeURIComponent() will.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文