将 HTML 标签转义为 HTML 实体的最快方法? [英] Fastest method to escape HTML tags as HTML entities?

问题描述

我正在编写一个 Chrome 扩展程序，其中涉及很多的以下工作:通过转换<<来清理可能包含 HTML 标签的字符串/code>、> 和 & 到 &lt;、&gt; 和 >&amp;，分别.

I'm writing a Chrome extension that involves doing a lot of the following job: sanitizing strings that might contain HTML tags, by converting <, > and & to <, > and &, respectively.

(换句话说，与 PHP 的 htmlspecialchars(str, ENT_NOQUOTES) 相同——我认为没有任何真正需要转换双引号字符.)

(In other words, the same as PHP's htmlspecialchars(str, ENT_NOQUOTES) – I don't think there's any real need to convert double-quote characters.)

这是我目前发现的最快的函数:

This is the fastest function I have found so far:

function safe_tags(str) {
    return str.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;') ;
}

但是当我必须一次运行几千个字符串时，仍然存在很大的滞后.

But there's still a big lag when I have to run a few thousand strings through it in one go.

有人可以改进吗?它主要用于 10 到 150 个字符之间的字符串，如果这有区别的话.

Can anyone improve on this? It's mostly for strings between 10 and 150 characters, if that makes a difference.

(我的一个想法是不要对大于号进行编码——这样做会有什么真正的危险吗?)

(One idea I had was not to bother encoding the greater-than sign – would there be any real danger with that?)

推荐答案

您可以尝试传递一个回调函数来执行替换:

You could try passing a callback function to perform the replacement:

var tagsToReplace = {
    '&': '&',
    '<': '&lt;',
    '>': '&gt;'
};

function replaceTag(tag) {
    return tagsToReplace[tag] || tag;
}

function safe_tags_replace(str) {
    return str.replace(/[&<>]/g, replaceTag);
}

这是一个性能测试:http://jsperf.com/encode-html-entities 对比重复调用replace函数，使用Dmitrij提出的DOM方法.

Here is a performance test: http://jsperf.com/encode-html-entities to compare with calling the replace function repeatedly, and using the DOM method proposed by Dmitrij.

你的方式似乎更快...

Your way seems to be faster...

你为什么需要它?

这篇关于将 HTML 标签转义为 HTML 实体的最快方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！