在UIBinder中转义&符号(adbrite脚本) [英] escaping ampersands in UIBinder (adbrite script)
问题描述
<! - 开始:adBrite,生成的:2011-04-14 8:40:27 - >
< script type =text / javascript>
var AdBrite_Title_Color ='66B5FF';
var AdBrite_Text_Color ='000000';
var AdBrite_Background_Color ='FFFFFF';
var AdBrite_Border_Color ='CCCCCC';
var AdBrite_URL_Color ='008000';
try {var AdBrite_Iframe = window.top!= window.self?2:1; var AdBrite_Referrer = document.referrer ==''?document.location:document.referrer; AdBrite_Referrer = encodeURIComponent(AdBrite_Referrer);} catch (e){var AdBrite_Iframe =''; var AdBrite_Referrer ='';}
< / script>
< span style =white-space:nowrap;>< script type =text / javascript> document.write(String.fromCharCode(60,83,67,82,73,80 ,84)); document.write('src =http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+ ''type =text / javascript>'); document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62));< / script>
< a target =_ tophref =http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1>< img src =http ://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gifstyle =background-color:#CCCCCC; border:none; padding:0; margin:0; alt =Your Ad Herewidth =14height =90border =0/>< / a>< / span>
<! - End:adBrite - >
GWT编译器抱怨&符号,所以我将它们改为& amp; 。
我也很注意在我的文件顶部声明以下内容,以便可以正确解析&符号实体:
<!DOCTYPE ui:UiBinder SYSTEMhttp://dl.google.com/gwt/DTD/xhtml。 ENT>
这至少允许我编译代码,但生成的页面使用& amp; 而不是& ,这当然会破坏脚本。
如何正确地跳过&符号以便脚本正确运行?有没有办法在我的加载器html / jsp中声明这个脚本,并将它渲染为我选择的div?我无法在Adbrite的网站上找到很多文档。
最后,Adbrite确实需要尝试隐藏脚本来自远程站点的事实与 String.fromCharCode 废话?据推测,这是为了防止某种XSS过滤器被踢入。
谢谢
将您的Javascript代码放在HTML注释之间。
将& 替换为& amp; 。
以下是更正后的代码:
<! - 开始:adBrite,生成日期:2011-04 -14 8:40:27 - >
< script type =text / javascript><! -
var AdBrite_Title_Color ='66B5FF';
var AdBrite_Text_Color ='000000';
var AdBrite_Background_Color ='FFFFFF';
var AdBrite_Border_Color ='CCCCCC';
var AdBrite_URL_Color ='008000';
try {var AdBrite_Iframe = window.top!= window.self?2:1; var
AdBrite_Referrer = document.referrer ==''?document.location:document.referrer; AdBrite_Referrer = encodeURIComponent(AdBrite_Referrer );} catch(e){var
AdBrite_Iframe =''; var AdBrite_Referrer ='';}
- >< / script>
< span style =white-space:nowrap;>
< script type =text / javascript><! - document.write(String.fromCharCode(60,83,67,82,73,80,84)); document.write(' src =http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'type =text / javascript> ;');文件撰写(使用String.fromCharCode(60,47,83,67,82,73,80,84,62)); - >< /脚本>
< a target =_ tophref =http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1>< img src = http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gifstyle =background-color:#CCCCCC; border:none; padding:0; margin:0; alt =Your Ad Herewidth =14height =90border =0/>< / a>< / span>
<! - End:adBrite - >
I need to integrate the following script inside a div in UIBinder:
<!-- Begin: adBrite, Generated: 2011-04-14 8:40:27 -->
<script type="text/javascript">
var AdBrite_Title_Color = '66B5FF';
var AdBrite_Text_Color = '000000';
var AdBrite_Background_Color = 'FFFFFF';
var AdBrite_Border_Color = 'CCCCCC';
var AdBrite_URL_Color = '008000';
try{var AdBrite_Iframe=window.top!=window.self?2:1;var AdBrite_Referrer=document.referrer==''?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var AdBrite_Iframe='';var AdBrite_Referrer='';}
</script>
<span style="white-space:nowrap;"><script type="text/javascript">document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(' src="http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'" type="text/javascript">');document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62));</script>
<a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="14" height="90" border="0" /></a></span>
<!-- End: adBrite -->
The GWT compiler complains about the ampersands, so I changed them to &.
I've also taken care to declare the following at the top of my file so that the ampersand entity can be properly resolved:
<!DOCTYPE ui:UiBinder SYSTEM "http://dl.google.com/gwt/DTD/xhtml.ent">
This at least allows me to compile the code, but the resulting page renders with & instead of &, which of course breaks the script.
How can I properly escape the ampersands so that the script runs properly? Is there a way to declare this script in my loader html/jsp, and have it render into a div of my choosing? I couldn't find much documentation on Adbrite's site.
And lastly, is it truly necessary for Adbrite to try and hide the fact that the script is coming from a remote site with the String.fromCharCode nonsense? Presumably this is being done to prevent some kind of XSS filtering from kicking in.
Thanks
Put your Javascript code between HTML comments.
Replace & by &.
Here is the code with the corrections:
<!-- Begin: adBrite, Generated: 2011-04-14 8:40:27 -->
<script type="text/javascript"><!--
var AdBrite_Title_Color = '66B5FF';
var AdBrite_Text_Color = '000000';
var AdBrite_Background_Color = 'FFFFFF';
var AdBrite_Border_Color = 'CCCCCC';
var AdBrite_URL_Color = '008000';
try{var AdBrite_Iframe=window.top!=window.self?2:1;var
AdBrite_Referrer=document.referrer==''?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var
AdBrite_Iframe='';var AdBrite_Referrer='';}
--></script>
<span style="white-space:nowrap;">
<script type="text/javascript"><!-- document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(' src="http://ads.adbrite.com/mb/text_group.php?sid=123&zs=123&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'" type="text/javascript">');document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62)); --></script>
<a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=123&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard.gif" style="background-color:#CCCCCC;border:none;padding:0;margin:0;" alt="Your Ad Here" width="14" height="90" border="0" /></a></span>
<!-- End: adBrite -->
这篇关于在UIBinder中转义&符号(adbrite脚本)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
