html实体/转义的动态网址(ajax更新的网址)? [英] html entities/escape for dynamic url (ajax updated url)?

问题描述

var fb_ps_page = window.location.href;
document.write('<iframe src="//www.facebook.com/plugins/like.php?href=' + fb_ps_page + '&amp;send=false&amp;layout=button_count&amp;width=450&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=21&amp;appId=205223179497882" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:21px;" allowTransparency="true"></iframe>');

我将动态网址写入按钮之类的动态网址的功能.

My function to write the dynamic url to facebook like button.

但是，我的网址包含/，#，+和&-我是否需要转义这些字符，我会使用正则表达式来做到这一点吗?

But, my url contains /, #, +, and & - do I need to escape these, and would I do that using regex?

推荐答案

您要插入到URL上下文中，因此请首先使用正确的URL编码:

You are inserting into the URL context, so use proper URL encoding first:

document.write('<iframe src="//www.facebook.com/plugins/like.php?href=' + encodeURIComponent(fb_ps_page) + '&amp;send=false&amp;layout=button_count&amp;width=450&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=21&amp;appId=205223179497882" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:21px;" allowTransparency="true"></iframe>');

由于encodeURIComponent已经对HTML特殊字符"，&和<(也包括/，#和+)进行了编码，因此您无需进行编码不再用于HTML上下文.

As encodeURIComponent does already encode the HTML special chars ", &, and < (/, #, and + too), you don’t need need to encode it for the HTML context any more.

这篇关于html实体/转义的动态网址(ajax更新的网址)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！