浏览器误间preting'和，而不是'在网址 [英] Browser mis-interpreting '&not' in URL

问题描述

显然，如果包含文本的URL ＆放;不要作为一个字段属性的一部分，许多浏览器将跨preT这为的'¬。所以这个HTML code：

Apparently if a URL containing the text &not is used as part of a field property, many browsers will interpret this as '¬'. So this HTML code:

<a href="#" onclick="window.location='http://www.example.com?some_param=1&notify=true';">Click here</a>

将呈现为：

<a href="#" onclick="window.location='http://www.example.com?some_param=1¬ify=true';">Click here</a>

我发现一对夫妇的替代品代＆放;不要与＆放大器;％6Eot ，或通过发布形成的，而不是得到一个参数化URL。但职位并不总是一个受欢迎的选择和替换是无可否认黑客攻击 - 这还需要处理其他常见的标记为＆放大器;美分， ＆安培;柯伦，＆放大器;英镑，＆放大器;教派，＆放大器;复制，＆放大器;章 ...（距离<一所名单href=\"https://www.x.com/developers/paypal/forums/ipn/pdt/paypal-ipn-problem-not-and-current\">here).

I found a couple of alternatives by substituting &not with &%6Eot, or by POSTing a form instead of GETting a parameterized URL. But POSTs aren't always a welcome alternative and substitution is admittedly a hack - it will also need to deal with other common tokens as &cent, &curren, &pound, &sect, &copy, &reg... (list taken from here).

当然有人在那里有这更好的解决方案？

Surely someone out there has a better solution for this?

推荐答案

元素属性是由HTML解析器PTED间$ P $，所以你必须逃离＆安培; 字符为＆放大器;放大器; 。它的工作原理，即使你没有时间的多数，但在某些情况下（比如你的），你必须这样做正确的，否则将无法正常工作。

Element attributes are interpreted by the HTML parser, so you must escape & characters as &. It works most of the time even if you don't, but in some cases (such as yours) you have to do it "right" or it won't work.

这篇关于浏览器误间preting'和，而不是'在网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！