你什么时候应该使用escape而不是encodeURI/encodeURIComponent? [英] When are you supposed to use escape instead of encodeURI / encodeURIComponent?

问题描述

当对要发送到网络服务器的查询字符串进行编码时 - 何时使用 escape() 以及何时使用 encodeURI() 或 encodeURIComponent():

When encoding a query string to be sent to a web server - when do you use escape() and when do you use encodeURI() or encodeURIComponent():

使用转义:

escape("% +&=");

或

使用 encodeURI()/encodeURIComponent()

use encodeURI() / encodeURIComponent()

encodeURI("http://www.google.com?var1=value1&var2=value2");

encodeURIComponent("var1=value1&var2=value2");

推荐答案

escape()

不要使用它！escape() 定义在 B.2.1.2 转义 和 附件 B 的介绍文本 说:

escape()

Don't use it! escape() is defined in section B.2.1.2 escape and the introduction text of Annex B says:

... 本附件中指定的所有语言特性和行为都有一个或多个不受欢迎的特性，如果没有遗留用法，将从本规范中删除....
...程序员在编写新的 ECMAScript 代码时不应使用或假设这些特性和行为的存在......

... All of the language features and behaviours specified in this annex have one or more undesirable characteristics and in the absence of legacy usage would be removed from this specification. ...
... Programmers should not use or assume the existence of these features and behaviours when writing new ECMAScript code....

行为:

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/escape

特殊字符编码除外:@*_+-./

Special characters are encoded with the exception of: @*_+-./

编码单元值为 0xFF 或更小的字符的十六进制形式是一个两位数的转义序列:%xx.

The hexadecimal form for characters, whose code unit value is 0xFF or less, is a two-digit escape sequence: %xx.

对于具有更大代码单元的字符，使用四位格式%uxxxx.这在查询字符串中是不允许的(如 RFC3986 中所定义):

For characters with a greater code unit, the four-digit format %uxxxx is used. This is not allowed within a query string (as defined in RFC3986):

query       = *( pchar / "/" / "?" )
pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded   = "%" HEXDIG HEXDIG
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

百分号只允许直接跟两个十六进制数字，百分比后面跟u是不允许的.

A percent sign is only allowed if it is directly followed by two hexdigits, percent followed by u is not allowed.

当你想要一个有效的 URL 时使用 encodeURI.拨打这个电话:

Use encodeURI when you want a working URL. Make this call:

encodeURI("http://www.example.org/a file with spaces.html")

获得:

http://www.example.org/a%20file%20with%20spaces.html

不要调用 encodeURIComponent 因为它会破坏 URL 并返回

Don't call encodeURIComponent since it would destroy the URL and return

http%3A%2F%2Fwww.example.org%2Fa%20file%20with%20spaces.html

请注意，encodeURI 与 encodeURIComponent 一样，不会对 ' 字符进行转义.

Note that encodeURI, like encodeURIComponent, does not escape the ' character.

当您想对 URL 参数的值进行编码时，请使用 encodeURIComponent.

Use encodeURIComponent when you want to encode the value of a URL parameter.

var p1 = encodeURIComponent("http://example.org/?a=12&b=55")

然后您可以创建您需要的网址:

Then you may create the URL you need:

var url = "http://example.net/?param1=" + p1 + "&param2=99";

你会得到这个完整的网址:

And you will get this complete URL:

http://example.net/?param1=http%3A%2F%2Fexample.org%2F%Ffa%3D12%26b%3D55&param2=99

请注意， encodeURIComponent 不会对 ' 字符进行转义.一个常见的错误是使用它来创建 html 属性，例如 href='MyUrl'，这可能会遭受注入错误.如果您正在从字符串构造 html，请使用 " 而不是 ' 来作为属性引号，或者添加一个额外的编码层(' 可以编码为 %27).

Note that encodeURIComponent does not escape the ' character. A common bug is to use it to create html attributes such as href='MyUrl', which could suffer an injection bug. If you are constructing html from strings, either use " instead of ' for attribute quotes, or add an extra layer of encoding (' can be encoded as %27).

有关此类编码的更多信息，您可以查看:http://en.wikipedia.org/wiki/百分比编码

For more information on this type of encoding you can check: http://en.wikipedia.org/wiki/Percent-encoding

这篇关于你什么时候应该使用escape而不是encodeURI/encodeURIComponent?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！