是否有与 ASP.NET 中的 htmlencode / htmldecode 等效的 javascript?
问题是这样的:
您有一个文本框,您输入一些文本,然后将其发送到服务器。在另一页上,检索该值并将其显示在屏幕上的文本框和标签中。
阻止脚本攻击很重要,并且 ASP.NET 不会让您提交不安全的代码,因此请提交您的 javascript Replace <与 <
和 > 相同
当从服务器检索值时,它们将返回 <
和 >
这对于在标签中显示来说很好,但是当放入文本框,必须将它们替换回 <和>
数据应安全地存储在数据库中,因为其他人可能会使用此内容。从安全的角度来看,我想对其调用 htmlencode 然后存储它。我想在客户端的标签中显示编码的 html,但我想在文本框中显示解码的版本。
所以我需要的是 javascript 中的 htmldecode 解决方案。 htmlencode/decode 取代的不仅仅是 < >如果没有明确的列表,我无法创建自己的方法。有解决办法吗?
The problem is this:
You have a textbox, you type in some text, send it to the server. On another page, that value is retrieved and displayed on screen in a textbox and a label.
It's important to stop scripting attacks, and asp.net won't let you submit unsafe code, so on submit you javascript replace < with <
and the same for >
When the values are retrieved from the server, they will come back with <
and >
which is fine for displaying in the label, but when put into the textbox, they must be replaced back to < and >
The data should be stored securely in the database as other people might use this content. From a safety point of view I'd like to call htmlencode on it then store it. It is this encoded html I'd like to display in the label on the client, but the decoded version I'd like to display in the textbox.
So what I need, is a htmldecode solution in javascript. htmlencode/decode replaces more than just < > and without a definitive list I can't create my own method. Is there a solution out there?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
而不是尝试将一串文本转换为 HTML,然后使用innerHTML 将其添加到文档中;使用标准 DOM 方法。
Instead of trying to turn a string of text into HTML and then adding it to the document using innerHTML; use standard DOM methods.