在 UIBinder 中转义 & 符号(adbrite 脚本)
我需要将以下脚本集成到 UIBinder 中的 div 中:
<!-- Begin: adBrite, Generated: 2011-04-14 8:40:27 -->
<script type="text/javascript">
var AdBrite_Title_Color = '66B5FF';
var AdBrite_Text_Color = '000000';
var AdBrite_Background_Color = 'FFFFFF';
var AdBrite_Border_Color = 'CCCCCC';
var AdBrite_URL_Color = '008000';
try{var AdBrite_Iframe=window.top!=window.self?2:1;var AdBrite_Referrer=document.referrer==''?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var AdBrite_Iframe='';var AdBrite_Referrer='';}
</script>
<span style="white-space:nowrap;"><script type="text/javascript">document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(' src="http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'" type="text/javascript">');document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62));</script>
<a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="14" height="90" border="0" /></a></span>
<!-- End: adBrite -->
GWT 编译器抱怨与符号,因此我将它们更改为 &。
我还小心地在文件顶部声明了以下内容,以便可以正确解析&符号实体:
<!DOCTYPE ui:UiBinder SYSTEM "http://dl.google.com/gwt/DTD/xhtml.ent">
这至少允许我编译代码,但生成的页面会使用 &< /code> 而不是 &,这当然会破坏脚本。
如何正确转义 & 符号以便脚本正常运行?有没有办法在我的加载器 html/jsp 中声明此脚本,并将其渲染到我选择的 div 中?我在 Adbrite 网站上找不到太多文档。
最后,Adbrite 真的有必要尝试用 String.fromCharCode 的废话来隐藏脚本来自远程站点的事实吗?据推测,这样做是为了防止某种 XSS 过滤启动。
谢谢
I need to integrate the following script inside a div in UIBinder:
<!-- Begin: adBrite, Generated: 2011-04-14 8:40:27 -->
<script type="text/javascript">
var AdBrite_Title_Color = '66B5FF';
var AdBrite_Text_Color = '000000';
var AdBrite_Background_Color = 'FFFFFF';
var AdBrite_Border_Color = 'CCCCCC';
var AdBrite_URL_Color = '008000';
try{var AdBrite_Iframe=window.top!=window.self?2:1;var AdBrite_Referrer=document.referrer==''?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var AdBrite_Iframe='';var AdBrite_Referrer='';}
</script>
<span style="white-space:nowrap;"><script type="text/javascript">document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(' src="http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'" type="text/javascript">');document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62));</script>
<a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="14" height="90" border="0" /></a></span>
<!-- End: adBrite -->
The GWT compiler complains about the ampersands, so I changed them to &.
I've also taken care to declare the following at the top of my file so that the ampersand entity can be properly resolved:
<!DOCTYPE ui:UiBinder SYSTEM "http://dl.google.com/gwt/DTD/xhtml.ent">
This at least allows me to compile the code, but the resulting page renders with & instead of &, which of course breaks the script.
How can I properly escape the ampersands so that the script runs properly? Is there a way to declare this script in my loader html/jsp, and have it render into a div of my choosing? I couldn't find much documentation on Adbrite's site.
And lastly, is it truly necessary for Adbrite to try and hide the fact that the script is coming from a remote site with the String.fromCharCode nonsense? Presumably this is being done to prevent some kind of XSS filtering from kicking in.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将 Javascript 代码放在 HTML 注释之间。
将
&替换为&。这是经过更正的代码:
Put your Javascript code between HTML comments.
Replace
&by&.Here is the code with the corrections: