decodeURIComponent vs unescape，unescape 有什么问题? [英] decodeURIComponent vs unescape, what is wrong with unescape?

问题描述

在回答另一个问题时，我意识到我的 Javascript/DOM 知识有点过时了，因为我仍在使用 escape/unescape 对内容进行编码URL 组件，而看起来我现在应该使用 encodeURIComponent/decodeURIComponent 代替.

In answering another question I became aware that my Javascript/DOM knowledge had become a bit out of date in that I am still using escape/unescape to encode the contents of URL components whereas it appears I should now be using encodeURIComponent/decodeURIComponent instead.

我想知道的是 escape/unescape 有什么问题?有一些模糊的建议认为 Unicode 字符存在某种问题，但我找不到任何明确的解释.

What I want to know is what is wrong with escape/unescape ? There are some vague suggestions that there is some sort of problem around Unicode characters, but I can't find any definite explanation.

我的网络经验相当有偏见，几乎所有的经验都在编写与 Internet Explorer 相关的大型 Intranet 应用程序.这涉及到 escape/unescape 的大量使用，并且所涉及的应用程序已经完全支持 Unicode 多年了.

My web experience is fairly biased, almost all of it has been writing big Intranet apps tied to Internet Explorer. That has involved a lot of use of escape/unescape and the apps involved have fully supported Unicode for many years now.

那么 escape/unescape 应该有哪些 Unicode 问题?有没有人有任何测试用例来证明问题?

So what are the Unicode problems that escape/unescape are supposed to have ? Does anyone have any test cases to demonstrate the problems ?

推荐答案

我想知道的是escape/unescape有什么问题?

What I want to know is what is wrong with escape/unescape ?

它们本身并没有错误"，它们只是它们自己的特殊字符串格式，看起来有点像 URI 参数编码，但实际上并非如此.特别是:

They're not "wrong" as such, they're just their own special string format which looks a bit like URI-parameter-encoding but actually isn't. In particular:

• ‘+’表示加号，而不是空格
• 有一种特殊的%uNNNN"格式用于编码 Unicode UTF-16 代码点，而不是编码 UTF-8 字节

因此，如果您使用 escape() 创建 URI 参数值，您将得到包含加号或任何非 ASCII 字符的字符串的错误结果.

So if you use escape() to create URI parameter values you will get the wrong results for strings containing a plus, or any non-ASCII characters.

escape() 可以用作内部仅 JavaScript 编码方案，例如转义 cookie 值.然而，现在所有浏览器都支持 encodeURIComponent(最初并非如此)，没有理由优先使用转义.

escape() could be used as an internal JavaScript-only encoding scheme, for example to escape cookie values. However now that all browsers support encodeURIComponent (which wasn't originally the case), there's no reason to use escape in preference to that.

据我所知，escape/unescape 的现代用法只有一种，这是通过利用 URIComponent 处理中的 UTF-8 处理来快速实现 UTF-8 编码器/解码器的方法:

There is only one modern use for escape/unescape that I know of, and that's as a quick way to implement a UTF-8 encoder/decoder, by leveraging the UTF-8 processing in URIComponent handling:

utf8bytes= unescape(encodeURIComponent(unicodecharacters));
unicodecharacters= decodeURIComponent(escape(utf8bytes));

这篇关于decodeURIComponent vs unescape，unescape 有什么问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！