当我使用时，为什么 Oracle ADF 不为我转义引号？

发布于 2024-09-18 23:36:27 字数 657 浏览 5 评论 0原文

当我使用 Javascript 构建字符串时，为什么 Oracle ADF 不为我转义引号？

<jsp:root ...>
 <f:view ...>
  <afh:html>
   <f:loadBundle basename="message" var="msg"/>
   <afh:head ...>
    <script>
     function validate() {
      var errorMessages = '';
      .
      .
      if (regNum == '') {
       errorMessages = errorMessages + '<h:outputText value='#{msg['getDetails.validate.regNum']}"/>' + '\r\n';
      }
      .
      .

在我的消息资源文件中，我有类似

getDetails.validate.regNum=I'd enter the registration number if I were you.

“真实文本是爱尔兰语，带有重音字符”的内容，我可以看到重音字符被转义，但引号字符没有转义。

原文

Why is Oracle ADF not escaping quotes for me when I use to build up strings in Javascript?

<jsp:root ...>
 <f:view ...>
  <afh:html>
   <f:loadBundle basename="message" var="msg"/>
   <afh:head ...>
    <script>
     function validate() {
      var errorMessages = '';
      .
      .
      if (regNum == '') {
       errorMessages = errorMessages + '<h:outputText value='#{msg['getDetails.validate.regNum']}"/>' + '\r\n';
      }
      .
      .

In my message resources file I have something like

getDetails.validate.regNum=I'd enter the registration number if I were you.

The real text is is in Irish with accented characters and I can see that the accented characters get escaped but not the quote character.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

戏舞 2024-09-25 23:36:27

因为单引号在 HTML 中并不违法。

但他们在JS。您可以使用 fn:replace() 来转义它们。

<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
...
<script>
   var foo = '<h:outputText value="#{fn:replace(msg['getDetails.validate.regNum'], "'", "\'")}"/>';

Because singlequotes are not illegal in HTML.

But they are in JS. You can use fn:replace() to escape them.

<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
...
<script>
   var foo = '<h:outputText value="#{fn:replace(msg['getDetails.validate.regNum'], "'", "\'")}"/>';

回复收藏 0 原文

薯片软お妹 2024-09-25 23:36:27

<h:outputText value='#{msg['getDetails.validate.regNum']}"/>

outputText JSF 组件用于发出字符数据（例如，它可以发出样式化的 span 元素）。尽管其渲染器发出的确切形式是实现细节，但其规范中没有任何内容表明它适合属性或 JavaScript 字符串文字编码。

文本内容通常由 ResponseWriter.writeText< 发出/a> 方法。字符数据中的引号不需要转义。

重音字符的编码要么是由于它们不存在于您的响应编码中，要么是过于谨慎ResponseWriter 实现防止编码问题。 ASCII 集中的字符不太可能以这种方式转义。

<h:outputText value='#{msg['getDetails.validate.regNum']}"/>

The intent of the outputText JSF component is to emit character data (it can emit a styled span element, for example). Although the exact form emmitted by its renderer is an implementation detail, nothing in its specification suggests that it is suitable for attribute or JavaScript string literal encoding.

Text content will generally be emitted by the ResponseWriter.writeText methods. Quote marks don't need to be escaped in character data.

The encoding of the accented characters is either due to them not being present in your response encoding or an overly cautious ResponseWriter implementation that is guarding against encoding problems. Characters in the ASCII set are unlikely to be escaped in this manner.

回复收藏 0 原文

~没有更多了~