逃避用户生成的内容 - 这是什么意思? [英] Escape user-generated content - What does that mean?

问题描述

我开始使用 Google 的分享按钮.我实际上正在使用共享链接，并且在文档中的某个时候它说:

I am starting to use the Share button from Google. I am actually using the Share link, and at some point in the docs it says this:

注意:将 {URL} 替换为您要共享的页面的 URL.你必须正确地转义任何可能出现的用户生成的内容{网址}

Note: Replace {URL} with the URL of the page you want to share. You must properly escape any user-generated content that may occur within {URL}

这是什么意思，我该如何逃避?

What does that mean, and how can I escape this?

推荐答案

转义意味着您将可能有害的字符转换为对计算机无害的字符进行翻译.

To escape something means that you convert possible harmful characters into something that is not harmful for the computer to translate.

例如:

url = "<script>doSomeNastyStuff();</script>";

是可能有害的内容字符串.主要是因为您在应用程序中的某处存储了普通的 javascript.

is a possible harmful string of contents. Mainly because youre storing plain javascript somewhere in your application.

逃避这一点时，您基本上将其变成了完全无害的东西.

When escaping this you're basically turning this into something not harmful at all.

示例:

url = "\"\x3Cscript\x3EdoSomeNastyStuff();\x3C\x2Fscript\x3E\"";

现在您已将有害脚本转换为正常字符，并且在打印或存储时，您不必担心有害脚本被注入到您的代码中.

Now you've turned the harmful script into normal characters and when printed or stored you will not have to worry about a harmful script being injected into your code.

其他转义字符的例子是这个

Other examples of escaping characters is this

var sayHello = "Hello "world", as you like to call yourself";

现在，这个在 javascript 代码中未转义的代码会产生错误，因为字符串已被终止，并且单词world"现在是一个变量，然后一个新字符串开始.

Now, this unescaped in javascript code would produce an error because the string has been terminated and the word 'world' is now a variable and then a new string starts.

这是同一个字符串转义以允许引号.

This is the same string escaped to allow for quotation marks.

var sayHello = "Hello \"world\", as you like to call yourself";

而且它完全有效！

Dillen 所建议的正是您解决问题的正确方法，但我认为解释转义方法也很合适.

What Dillen suggests is exactly the right way for you to solve your problem but I thought explaining the escaping method would be appropriate as well.

这篇关于逃避用户生成的内容 - 这是什么意思?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！