浏览器误间preting'和,而不是'在网址 [英] Browser mis-interpreting '&not' in URL
问题描述
显然,如果包含文本的URL &放;不要
作为一个字段属性的一部分,许多浏览器将跨preT这为的'¬。所以这个HTML code:
Apparently if a URL containing the text ¬
is used as part of a field property, many browsers will interpret this as '¬'. So this HTML code:
<a href="#" onclick="window.location='http://www.example.com?some_param=1¬ify=true';">Click here</a>
将呈现为:
<a href="#" onclick="window.location='http://www.example.com?some_param=1¬ify=true';">Click here</a>
我发现一对夫妇的替代品代&放;不要
与&放大器;%6Eot
,或通过发布形成的,而不是得到一个参数化URL。但职位并不总是一个受欢迎的选择和替换是无可否认黑客攻击 - 这还需要处理其他常见的标记为&放大器;美分
, &安培;柯伦
,&放大器;英镑
,&放大器;教派
,&放大器;复制
,&放大器;章
...(距离<一所名单href=\"https://www.x.com/developers/paypal/forums/ipn/pdt/paypal-ipn-problem-not-and-current\">here).
I found a couple of alternatives by substituting ¬
with &%6Eot
, or by POSTing a form instead of GETting a parameterized URL. But POSTs aren't always a welcome alternative and substitution is admittedly a hack - it will also need to deal with other common tokens as ¢
, ¤
, £
, §
, ©
, ®
... (list taken from here).
当然有人在那里有这更好的解决方案?
Surely someone out there has a better solution for this?
推荐答案
元素属性是由HTML解析器PTED间$ P $,所以你必须逃离&安培;
字符为&放大器;放大器;
。它的工作原理,即使你没有时间的多数,但在某些情况下(比如你的),你必须这样做正确的,否则将无法正常工作。
Element attributes are interpreted by the HTML parser, so you must escape &
characters as &
. It works most of the time even if you don't, but in some cases (such as yours) you have to do it "right" or it won't work.
这篇关于浏览器误间preting'和,而不是'在网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!