是>有必要吗?
我现在开发网站和 XML 接口已有 7 年了,从来没有遇到过真正需要使用 > 来实现 > 的情况。 。到目前为止,所有歧义都可以通过单独引用 <、&、" 和 ' 来处理。
有没有人 的情况(例如,与 SGML 处理、浏览器问题、XSLT 相关),您发现使用 > 转义大于号是不必要的?
您是否曾经遇到过这样 >更新:我刚刚检查了 XML 规范,它说,例如,关于2.4节中的字符数据:
角色数据
[14] CharData ::= [^<&]* - ([^<&]* ']]>' [^<&]*)
因此,即使在那里,> 也没有被视为特殊的东西,除了 CDATA 部分的结束序列之外。
在这种情况下,> 具有任何意义,将是 CDATA 部分的结尾,]]>,但话又说回来,如果您引用它,引号(即文字字符串 ]]>)将按字面意思出现在输出中(因为它是 CDATA)。
I now develop websites and XML interfaces since 7 years, and never, ever came in a situation, where it was really necessary to use the > for a >. All disambiguition could so far be handled by quoting <, &, " and ' alone.
Has anyone ever been in a situation (related to, e.g., SGML processing, browser issues, XSLT, ...) where you found it indespensable to escape the greater-than sign with >?
Update: I just checked with the XML spec, where it says, for example, about character data in section 2.4:
Character Data
[14] CharData ::= [^<&]* - ([^<&]* ']]>' [^<&]*)
So even there, the > isn't mentioned as something special, except from the ending sequence of a CDATA section.
This one single case, where the > is of any significance, would be the ending of a CDATA section, ]]>, but then again, if you'd quote it, the quote (i.e., the literal string ]]>) would land literally in the output (since it's CDATA).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您绝对不需要这样做,因为几乎所有 XML 解释器都会理解您的意思。但如果您这样做,您仍然使用没有任何保护的特殊字符。
XML 完全是关于语义的,而这并不真正符合语义。
关于您的更新,您忘记了这部分:
文档中给出的用例更多是这样的:
这里
]]>部分可能是旧 SGML 解析器的问题,因此它必须转义为=]]>出于兼容性原因。You don't need to absolutely because almost any XML interpreter will understand what you mean. But still you use a special character without any protection if you do so.
XML is all about semantic, and this is not really semantic compliant.
About your update, you forgot this part :
The use case given in the documentation is more about something like this :
Here the
]]>part could be a problem with old SGML parsers, so it must be escaped into =]]>for compatibilities reasons.我用了一个不是19小时 之前要通过严格的 xml 验证器。另一种情况是当您实际在 html/xml 内容文本(而不是属性)中使用它们时,如下所示:
<。当然,松散的解析器会接受你扔给它的大部分内容,但如果你担心 XSS,<是你的朋友。
更新:这是一个需要在 Firefox 中转义
>的示例:当然,它仍然不是必须转义单独的
>的示例。I used one not 19 hours ago to pass a strict xml validator. Another case is when you use them actually in html/xml content text (rather than attributes), like this:
<.Sure, a lax parser will accept most anything you throw at it, but if you're ever worried about XSS, < is your friend.
Update: Here's an example where you need to escape
>in Firefox:Granted, it still isn't an example of having to escape a lone
>.与其说是 (x)html 文档的作者,不如说是网站中草率书面注释字段的用户,“提供”您插入 html。
我的意思是,如果您以正确的方式创建网站,您就不会硬编码您的内容,对吗?因此,您对
htmlentities或其他内容(好久不见,php)的调用将为您替换特殊字符。当然,您不会手动输入
>,但我希望您采取措施,以便自动替换>。Not so much as an author of (x)html documents, but more as a user of sloppy written comments fields in websites, that "offer" you to insert html.
I mean if you do your site the right way, you wouldn't hardcode your content anyway, right? So your call to
htmlentitiesor whatever (long time no see, php) would take care of replacing special characters for you.So sure, you wouldn't manually type
>but I hope you take measures so>is automatically replaced.我只是想到了另一个例子,您需要在 HTML5(而不是 XHTML5)文档中引用
>:如果您需要在不带引号的属性中引用它(这是某种东西,那么当然可以争论)。应该等同于 XHTML
但话又说回来,(?
I just thought of another example, where you need to quote
>in HTML5 (not XHTML5) documents: If you need it in attributes without quotes (which is something, that can be argued of course).should be equivalent to XHTML
But then again, (?<!X)HTML is not SGML.
假设您有以下文本
this is a not a ]]>美好的一天,您决定用 CDATA 部分包围它美好的一天]]>。为了避免这种情况(并允许解析具有未终止标记部分的 SGML 片段),ISO 8879:1986 的第 10.4 条声明
]]>在标记之外的出现部分是一个错误。
此外,在 SGML 时代,标记部分非常流行,因为它们不仅用于 CDATA(如 XML 中),还用于 RCDATA(仅允许实体和字符引用)以及 IGNORE 和 INCLUDE(允许识别标记)在它们里面)。
例如,在 SGML 中可以这样写:
这相当于:
Imagine that you have the following text
this is a not a ]]> nice dayand you decide to surround it by CDATA sections<![CDATA[this is a not a ]]> nice day]]>.In order to avoid that (and for allowing parsing of SGML fragments with unterminated marked sections), clause 10.4 of ISO 8879:1986 declares that the occurrence of
]]>outside a markedsection is an error.
Also, in the times of SGML marked sections were very popular, as they were not only used for CDATA (as in XML), but also for RCDATA (only entities and character references allowed) and IGNORE and INCLUDE (which allowed for recognition of markup inside them).
For instance, in SGML one could write:
Which is equivalent to: