使用 javascript,我生成 HTML 代码,例如添加一个通过单击链接启动的函数,例如:
$('#myDiv').append('<a href="javascript:start(\''+TERM+'\');">click</a>');
因此,如果有人点击链接(单击),则应调用 start() 。
TERM 可以包含单个单词,例如 world 或 moody's,生成的 HTML 代码将如下所示:
<a href="javascript:start('world');">click</a>
OR
<a href="javascript:start('moody's');">click</a>
如您所见,第二个示例不会起作用。所以我决定“转义”TERM,如下所示:
$('#myDiv').append('<a href="javascript:start(\''+escape(TERM)+'\');">click</a>');
使用 firebug 查看 HTML 源代码,可以看到,生成了以下代码:
<a href="javascript:start('moody%27s');">click</a>
工作正常,直到我真正单击链接- 所以浏览器(这里是firefox)接缝解释 %27 并尝试触发 start('moody's');
有没有办法在不解释的情况下转义术语“持久”这%27 直到该术语在 JS 中处理?除了使用正则表达式将 ' 更改为 \' 之外,还有其他解决方案吗?
using javascript, I generate HTML code, for example adding an function which starts by clicking a link, like:
$('#myDiv').append('<a href="javascript:start(\''+TERM+'\');">click</a>');
So start() should be called if somebody hits the link (click).
TERM could contain a single word, like world or moody's, the generated HTML code would look like:
<a href="javascript:start('world');">click</a>
OR
<a href="javascript:start('moody's');">click</a>
As you can see, the 2nd example will not work. So i decided to "escape" the TERM, like so:
$('#myDiv').append('<a href="javascript:start(\''+escape(TERM)+'\');">click</a>');
Looking at the HTML source-code using firebug, is see, that the following code was generated:
<a href="javascript:start('moody%27s');">click</a>
Thats works fine, until I really click the link - so the browser (here firefox) seams to interpret the %27 and tries to fire start('moody's');
Is there a way to escape the term persistent without interpreting the %27 until the term is handled in JS? Is there an other solution instead of using regular expressions to change ' to \'?
发布评论
评论(3)
不要尝试生成内联 JavaScript。这样会带来太多的痛苦和维护地狱。 (如果您要沿着这条路线走下去,那么您将使用
\转义 JavaScript 字符串中的字符)。请改用标准事件绑定例程。
假设
$是 jQuery,而不是使用该无用变量名称的许多其他库之一:另请参阅 http://jsfiddle.net/TudEw/
Don't try to generate inline JavaScript. That way lies too much pain and maintenance hell. (If you were to go down that route, then you would escape characters in JavaScript strings with
\).Use standard event binding routines instead.
Assuming that
$is jQuery, and not one of the many other libraries that use that unhelpful variable name:See also http://jsfiddle.net/TudEw/
escape() 用于 url 编码,而不是用于放入字符串文字。由于多种原因,您的代码存在严重缺陷。
如果您需要 onclick 事件,请使用 onclick 事件。不要尝试用您的标记“注入”JavaScript 代码。如果变量中有“字符串”,则永远不需要替换其中的任何内容,除非您要生成网址或其他限制术语。
如果你不知道这是做什么的,那么回到基础知识并了解 javascript 中的事件和函数引用意味着什么。
escape() is used for url-encoding stuff, not for making it possible to put in a string literal. Your code is seriously flawed for several reasons.
If you want an onclick event, use an onclick event. Do not try to "inject" javascript code with your markup. If you have the "string" in a variable, you should never need to substitute anything in it unless you are generating urls or other restricted terms.
If you don't know what this does, then go back to basic and learn what events and function references in javascript means.
该
escape()函数用于转义 url 以通过网络传递,而不是字符串。我不知道有一个内置函数可以转义 JavaScript 字符串,但你可以尝试一下我在网上找到的这个函数: http://www.willstrohl.com/Blog/EntryId/67/HOW-TO-Escape-Single-Quotes-for-JavaScript-Strings。用法:
EscapeSingleQuotes(strString)编辑: 刚刚注意到您有关正则表达式的注释。这个解决方案确实使用了正则表达式,但我认为这没有什么问题:-)
That
escape()function is for escaping url's for passing over a network, not strings. I don't know that there's a built-in function to escape strings for JavaScript, but you can try this one I found online: http://www.willstrohl.com/Blog/EntryId/67/HOW-TO-Escape-Single-Quotes-for-JavaScript-Strings.Usage:
EscapeSingleQuotes(strString)Edit: Just noticed your note about regular expressions. This solution does use regular expressions, but I think there's nothing wrong with that :-)