JavaScript函数调用将编码的单引号%27解释为文字 [英] JavaScript function call interprets encoded Single Quote %27 as literal
问题描述
要求:
- 我必须
fetch
一个包含单引号的URL. - 我需要通过调用函数;例如
< a href =" javascript:my_function('my_quote%27s.txt');> ...</a>
.
- I have to
fetch
a URL that contains a single quote. - I am required to call a function via; e.g.
<a href="javascript:my_function('my_quote%27s.txt');">...</a>
.
在尝试正确编码单引号(%27
)的麻烦之后,Waterfox和Chrome 两者都继续抛出错误.Chrome浏览器允许我看到该错误已触发,因为浏览器将其自己解码为字符串(当我 not 对其进行编程时)将%27
转到了文字单引号字符,因此甚至在调用该函数之前就会出错(例如, my_function('my_quotes's.txt')
),并且对引号进行内部解码并导致明显的三重引号问题).
After a lot of hassle of trying to properly encode a single quote (%27
) both Waterfox and Chrome both keep throwing errors. Chrome allowed me to see that the error was triggered because the browsers are taking it upon themselves to decode strings (when I have not programed them to) turning %27
in to the literal single quote character so it errors out before the function is even called (e.g. my_function('my_quotes's.txt')
with the quote being internally decoded and causing the obvious triple quote issue).
我可以使用PHP的 htmlentities($ file_name,ENT_QUOTES)
,尽管我不得不用字符串替换'
,这似乎毫无意义.
I could use PHP's htmlentities($file_name, ENT_QUOTES)
though I'd have to string replace '
which seems pointlessly convoluted.
- 我需要 支持单引号并通过
javascript:
进行呼叫. - 我希望在调用函数时避免对字符串进行字面解释.
- 我想尽量避免大惊小怪,只使用JavaScript不会抱怨的 编码.
- 没有框架或库.
- I am required to support the single quote and make the call via
javascript:
. - I'd like to avoid literal interpretation of encoded strings when calling functions.
- I'd like to minimize the fuss and just use an encoding that JavaScript won't complain about.
- No frameworks or libraries.
我如何正确地编码单引号,以使JavaScript本身不会以某种方式对其内部进行解码并抛出错误?
How do I properly encode a single quote in a manner that JavaScript won't take it upon itself to somehow internally decode it and throw errors?
推荐答案
我需要通过
javascript:
发抖.请解决此问题.自从十年!正是造成URI解码的原因- javascript:
模式后跟一个百分号编码的值来解释.
Shudder. Please fix this. It's known as a bad practice since over ten years! And it's exactly what's causing the URI decoding - the javascript:
schema is followed by an percent-encoded value to interpret.
因此,如果您以js代码开头
So if you start with the js code
my_function('my"e's.txt');
它将成为其中之一
javascript:my_function%28%27my%26quote%27s.txt%27%29%3B
javascript:my_function(%27my%26quote%27s.txt%27)%3B
javascript:my_function('my%26quote's.txt')%3B
(撇号'
和括号实际上不需要进行编码).
(the apostrophe '
and the parenthesis actually don't need to be encoded).
但是'my_quote's.txt'
不是您要开始使用的有效JavaScript.您实际上要查找的是'my_quote \'s.txt'
或'my_quote's.txt'
.要在 javascript:
-方案URI中使用它们,它将变为
But 'my_quote's.txt'
is not the valid javascript that you want to start with. What you're actually looking for is 'my_quote\'s.txt'
or "my_quote's.txt'
. To use these in a javascript:
-scheme URI, it becomes
javascript:my_function('my_quote\'s.txt')%3B
javascript:my_function("my_quote's.txt")%3B
因此,如果您从动态文件名值生成此 href
字符串,则必须
So if you generate this href
string from a dynamic filename value, you must
- 用字符串转义JS字符串文字中的文件名
- 在
javascript
网址 中对完整代码进行URL编码 - html-entity-escape完整的
href
属性值
这篇关于JavaScript函数调用将编码的单引号%27解释为文字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!