如何在javascript中实现if?
下面的 JavaScript 从 http://mysite.com?url=www.google.com 中提取 www.google.com 并将其写为 href 链接
<script>
var urll = (window.location.search.match(/[?&;]url=([^&;]+)/) || [])[1];
document.write('<a href="http://'+urll+'">url</a>');
</script>
它的问题是,当它提取 url 时 href 值将变为 http://mysite.com/www.google.com,因此 if 应说明原始网址是否为http://mysite.com?url=www.google.com 在 ?url= 前面没有 http://将其添加到 href 值之后,形成 url
在 a 的评论中上一个问题有人给了我这个
if (link.substr(0, 7) !== 'http://') { link = 'http://' + link; }
,但我真的不知道如何实现它,因为我从未在 javascript 中使用过 if 。
The javascript below extracts www.google.com from http://mysite.com?url=www.google.com
and writes it as an <a> href link
<script>
var urll = (window.location.search.match(/[?&;]url=([^&;]+)/) || [])[1];
document.write('<a href="http://'+urll+'">url</a>');
</script>
The problem with it is that when it extracts the url the <a> href value it becomes http://mysite.com/www.google.com so the if should state if the original url http://mysite.com?url=www.google.com doesn't have http:// infront of ?url= then add it after the href value to form <a href="http://www.google.com">url</a>
In a comment for a previous question someone gave me this
if (link.substr(0, 7) !== 'http://') { link = 'http://' + link; }
but I really don't have a clue on how to implement it because I have never used an if in javascript.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
除了其他任何事情之外,您还让自己容易受到 XSS 攻击:
暂时假设
url参数(外部网站可以通过提供指向您网站的链接轻松欺骗该参数)包含字符串“大胆!这个故事的寓意是:永远不要盲目相信用户输入,也不要简单地将其转换为 HTML。
为了避免此类攻击(SQL 注入是针对服务器端代码的非常类似的攻击,它构建SQL 语句)执行以下两件事:
url参数实际上代表有效的 URL。document.createElement()来创建您的a元素,将其href属性设置为所需的值(如上所述进行清理),然后将新创建的a元素添加到 DOM 中适当的位置。Apart from anything else you're making yourself suspectible to XSS attacks:
Assume for a moment that the
urlparameter (which an external site can easily spoof by providing a link to your site) contains the string"><b>BOLD!</b><div class=". Suddenly your page would display some bold text, even 'though you never used a<b>tag in your site. And that's the most harmless example possible, because the attacker can equally well introduce arbitrary JavaScript into your page (including JS that steals the users cookie!).Moral of the story: never blindly trust user input, and don't simply convert it to HTML.
To avoid these kinds of attacks (SQL Injection is a very similar attack against server-side code that builds SQL statements) do these two things:
urlparameter actually represents a valid URL.document.createElement()to create youraelement, set itshrefattribute to the desired value (sanitized as stated above) and then add the newly createdaelement in your DOM at the appropriate position.看起来您需要 https://developer.mozilla.org/en/JavaScript。 “if”是任何编程语言最基本的元素,如果你不理解,你真的需要运行一堆基础知识。
It looks like you need https://developer.mozilla.org/en/JavaScript. "if" is the most basic element of any programming language, if you don't understand that you'll really need to run through a bunch of basics.