javascript中取消转义&字符
我无法正确显示包含转义字符的值(即撇号存储为 \' 而不是 ' 并且括号是 > 和 < 而不是 > 和 <)。
我的数据库中存储的项目的字符 (' < >) 分别转义为 (\' < >)。当我尝试使用 JavaScript 将它们动态添加到页面时,它们在 Firefox 中以转义形式打印出来,而不是像 IE 中那样返回到正常值(< 被打印到HTML 而只是 <)。
<html>
<head>
<script type="text/javascript">
$(document).ready(function() {
var str = ">";
$(document.body).html(str);
});
</script>
</head>
<body>
</body>
</html>
我知道,如果我简单地进行替换,我可以正确打印,但通过这样做,我允许注入 HTML 代码,这就是我首先转义字符串的原因。
补充:
首先,我对我最初帖子中的错误表示歉意。经过仔细检查,在我使用 $().html() 的情况下,字符串打印正确。当我使用如下代码时,它们无法正确打印。
var str = ">";
$('#inputField').val(str);
在本例中,文本“>”显示,而不是“>”。我可以做些什么来解决这个问题吗?
I'm having trouble properly displaying values that contain escaped characters (i.e. apostrophes are stored as \' and not ' and brackets are > and < rather than > and <).
Items stored in my database have the characters (' < >) escaped to (\' < >), respectively. When I try to dynamically add them to the page with JavaScript, they print out in the escaped form in Firefox, rather than returning to their normal values like in IE (< is being printed to the HTML rather just <).
<html>
<head>
<script type="text/javascript">
$(document).ready(function() {
var str = ">";
$(document.body).html(str);
});
</script>
</head>
<body>
</body>
</html>
I know that if I simply do a replace, I can print correctly, but by doing so, I'm allowing the injection of HTML code, which is why I escaped the string in the first place.
ADDED:
Firstly, I apologize about the mistakes in my initial post. After closer examination, in the instances where I am using $().html(), the strings are printing correctly. The times where they aren't printing correctly are when I am using code like below.
var str = ">";
$('#inputField').val(str);
In this instance, the text ">" is shown, rather than ">". Is there something I can do to fix this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您需要像这样解码它们:
演示: http://jsfiddle.net/QUbmK/
您可以移动解码部分也可以运行并调用它:
You need to decode them like this:
Demo: http://jsfiddle.net/QUbmK/
You can move the decode part to function too and call that instead:
首先,您无法运行示例中的代码。 document.body 尚未准备好在 HEAD 标记中进行操作。您必须在文档加载后运行它。如果我将您的代码放在安全的地方运行,它就可以正常工作,正如您在此处看到的那样。
所以......您的情况肯定比您在这里展示的简单示例更多。当代码放在正确的位置时,您可以看到您的简单示例在这里工作正常:
http://jsfiddle.net /jfriend00/RDSNz/
First off, you can't run the code you have in your example. document.body is not ready for manipulation in the HEAD tag. You have to run that after the document has loaded. If I put your code in a safe place to run, it works fine as you can see here.
So ... there must be more to your situation than the simple example you show here. You can see your simple example works fine here when the code is put in the right place:
http://jsfiddle.net/jfriend00/RDSNz/
这种情况不会发生,至少对于 jQuery 来说不会。如果你这样做,字面上:
$(document.body).html(''),你将得到打印到屏幕,而不是div标签。如果您正在执行问题中未列出的操作:请使用
.text()而不是.html()或替换所有&与&:That doesn't happen, at least not with jQuery. If you do, literally:
$(document.body).html('<div>'), you will get<div>printed to the screen, not adivtag. If you're doing something not listed in your question:either use
.text()instead of.html()or replace all&with&: