style = attributes内的注释 - 安全吗? [英] Comments within style= attributes - safe?
问题描述
我正在开发一个CMS,用于从用户输入中生成CSSstyle ='xyz'语句。
用户输入将被验证,但作为附加保障,我想检查CSS代码生成值的有效性。
如果无效值遇到 - 例如一个相对宽度(50%),其中由于布局限制只允许绝对值 - 我想返回一个评论INSIDE的style属性来帮助调试:
< div class =contentstyle =background-color:lightblue; / * WIDTH无效:这里只允许绝对值* /; border:1px orange dotted;>
这是否为安全,即所有主流浏览器是否仍会正确解析注释前后的设置?这是很难谷歌的信息。
这可能是安全的,但我不会把错误的值注释到标记。
让用户在生成标记之前就知道他们在一开始就做了错误。
A好主意是创建这样一个测试用例,并将其提供给W3C验证器,看看它会说些什么。
I am working on a CMS that generates CSS "style='xyz'" statements from user input. The user input will be validated but as an additional safeguard, I want to check the validity of the values on generation of the CSS code.
If an invalid value is encountered - e.g. a relative width ("50%") where only absolute values are allowed due to layout restrictions - I would like to return a comment INSIDE the style attribute to help debugging:
<div class="content" style="background-color: lightblue; /* WIDTH was invalid: Only absolute values allowed here */; border: 1px orange dotted;">
Is this "safe", i.e. will all major browsers still parse the settings before and after the comment properly? It is difficult to Google information about this.
It is probably safe but I wouldn't put the wrong values commented into the markup.
Let the user know they did something wrong in the very beginning before you generate markup.
A good idea would be to create such a test case and feed it to the W3C validator to see what it would say says about it.
这篇关于style = attributes内的注释 - 安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
