将 HTML 标签转义为 HTML 实体的最快方法? [英] Fastest method to escape HTML tags as HTML entities?
问题描述
我正在编写一个 Chrome 扩展程序,其中涉及很多的以下工作:通过转换<<来清理可能包含 HTML 标签的字符串/code>、
>
和 &
到 <
、>
和 >&
,分别.
I'm writing a Chrome extension that involves doing a lot of the following job: sanitizing strings that might contain HTML tags, by converting <
, >
and &
to <
, >
and &
, respectively.
(换句话说,与 PHP 的 htmlspecialchars(str, ENT_NOQUOTES)
相同——我认为没有任何真正需要转换双引号字符.)
(In other words, the same as PHP's htmlspecialchars(str, ENT_NOQUOTES)
– I don't think there's any real need to convert double-quote characters.)
这是我目前发现的最快的函数:
This is the fastest function I have found so far:
function safe_tags(str) {
return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>') ;
}
但是当我必须一次运行几千个字符串时,仍然存在很大的滞后.
But there's still a big lag when I have to run a few thousand strings through it in one go.
有人可以改进吗?它主要用于 10 到 150 个字符之间的字符串,如果这有区别的话.
Can anyone improve on this? It's mostly for strings between 10 and 150 characters, if that makes a difference.
(我的一个想法是不要对大于号进行编码——这样做会有什么真正的危险吗?)
(One idea I had was not to bother encoding the greater-than sign – would there be any real danger with that?)
推荐答案
您可以尝试传递一个回调函数来执行替换:
You could try passing a callback function to perform the replacement:
var tagsToReplace = {
'&': '&',
'<': '<',
'>': '>'
};
function replaceTag(tag) {
return tagsToReplace[tag] || tag;
}
function safe_tags_replace(str) {
return str.replace(/[&<>]/g, replaceTag);
}
这是一个性能测试:http://jsperf.com/encode-html-entities 对比重复调用replace
函数,使用Dmitrij提出的DOM方法.
Here is a performance test: http://jsperf.com/encode-html-entities to compare with calling the replace
function repeatedly, and using the DOM method proposed by Dmitrij.
你的方式似乎更快...
Your way seems to be faster...
你为什么需要它?
这篇关于将 HTML 标签转义为 HTML 实体的最快方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!