如何通过javascript添加el代码或jstl代码 [英] how to add el code or jstl code through javascript

问题描述

如何将el代码和jstl代码添加到动态生成的文本框中，如$ {fn：escapeXml（param.foo）}作为textbox的值。

how to add el code and jstl code to the textbox generated dyanmically like ${fn:escapeXml(param.foo)} as value of textbox.

推荐答案

这是不可能的。 Webbrowser不了解JSTL和EL代码。它只能理解HTML / CSS / JS代码。此JSTL / EL代码必须在Web服务器中运行。最好的办法是让JavaScript向服务器发送一个Ajax请求，然后服务器运行一些带有JSTL / EL代码的JSP，然后返回生成的HTML响应，最后让JavaScript显示该HTML。

That's not possible. Webbrowser doesn't understand JSTL and EL code. It only understands HTML/CSS/JS code. This JSTL/EL code has to run in the webserver. Your best bet is to let JavaScript send an Ajax request to the server which in turn runs some JSP with JSTL/EL code and then returns the generated HTML response and finally let JavaScript display that HTML.

如果您的唯一功能需求是将HTML变量编码为 fn：escapeXml（）的JavaScript变量，那么请转到此处的答案问题：从输入字段读取属性时HTML编码丢失。

If your sole functional requirement is to HTML/XML-encode a JavaScript variable as fn:escapeXml() does for JSP, then head to the answers of this question: HTML-encoding lost when attribute read from input field.

请注意，只要数据完全存储在客户端，就没有XSS风险。一旦将数据发送到服务器并且服务器将其存储并重新显示给另一个最终用户，那么就存在XSS风险。为此，可以使用JSP中的$ code> fn：escapeXml（），因为它是重新显示它的服务器。

Please note that there is no XSS risk as long as the data is stored fully client side. Once you send the data to server and the server stores it and redisplays it to another enduser, then there's means of a XSS risk. For that fn:escapeXml() in JSP can just be used since it's the server which redisplays it.

这篇关于如何通过javascript添加el代码或jstl代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！