如何在JSP中转义JavaScript？ [英] How to escape JavaScript in JSP?

问题描述

我完全坚持这一点，我试图逃避JSP中的单引号。我有一些数据，我直接输出到一个JS字符串，单引号似乎是引起问题。

这是我的代码：

 < dsp：droplet name =/ atg / dynamo / droplet / ForEach> 
< dsp：param value =$ {CommerceItems}name =array/> 
< dsp：param name =elementNamevalue =CommerceItem/> 
< dsp：oparam name =outputStart> 
 var itemNameList ='
< / dsp：oparam> 
< dsp：oparam name =output> 
< dsp：getvalueof id =Descparam =CommerceItem.auxiliaryData.productRef.displayName> 
 $ {fn：replace（Desc，'，\\ /）} 
< / dsp：getvalueof> 
< / dsp：oparam> 
< dsp：oparam name =outputEnd>';< / dsp：oparam> 
< / dsp：drops> 
  

这里是我得到的输出：

  var itemNameList ='
 Weyland Estate圣巴巴拉黑比诺
 Raymond \ /'Prodigal \ /'北海岸赤霞珠Sauvignon 
高塔图克酒庄
  

但这是错误的，我只需要 /'Prodigal'/ 或根本没有单引号！

---

编辑：或者我实际上需要使用 \ 反斜杠来转义引号？

解决方案

正斜杠不是转义字符。那是反斜杠

  $ {fn：replace（Desc，'，\\）} 
 < （$，
 
 
 （是的，它被提交了两次，因为这是还 Java中的一个转义字符但是，您不仅需要'由<$ c $（$）
 
 
 c> \'，您还需要通过 \\\\
 替换 \\\
 （newlines） / code>。字符串已经被打印在多行，这也使得它也是一个无效的JS字符串变量。您的最终结果必须基本如下所示：
  var itemNameList = ''
 +'\\\
Weyland Estate圣巴巴拉黑比诺Noir'
 +'\\\
Raymond \'Prodigal \'北海岸赤霞珠'
 +'\Chateau Haute Tuque' ; （请注意，语法荧光笔在这里同意我的意见，但不符合您的意见）
 em> 
 
 
 
然而，有更多可能需要转义的特殊字符。它们都覆盖了 Apache Commons Lang    StringEscapeUtils＃escapeEcmaScript（） 。更容易创建一个定制的EL函数，它调用该方法。如果尚未完成，请在 / WEB-INF / lib 中下载并删除 commons-lang.jar 。然后创建一个 /WEB-INF/functions.tld 文件，如下所示：
 <？xml version =1.0encoding =UTF-8？> 
< taglib 
 xmlns =http://java.sun.com/xml/ns/javaee
 xmlns：xsi =http://www.w3.org/2001 / XMLSchema-instance
 xsi：schemaLocation =http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd 
 version =2.1> 
 
< display-name>自定义函数< / display-name> 
< tlib-version> 1.0< / tlib-version> 
< uri> http：//example.com/functions< / uri> 
 
< function> 
< name> escapeJS< / name> 
< function-class> org.apache.commons.lang3.StringEscapeUtils< / function-class> 
< function-signature> java.lang.String escapeEcmaScript（java.lang.String）< / function-signature> 
< / function> 
< / taglib> 
  
所以你可以使用它如下：
 <％@ taglib prefix =utiluri =http://example.com/functions％> 
 ... 
 $ {util：escapeJS（Desc）} 
  
 
I'm totally stuck on this, I'm trying to escape a single quote in a JSP. I have some data that I'm outputting directly into a JS string and the single quotes seem to be causing issues.

Here is my code:
<dsp:droplet name="/atg/dynamo/droplet/ForEach">
  <dsp:param value="${CommerceItems}" name="array" />
  <dsp:param name="elementName" value="CommerceItem" />
  <dsp:oparam name="outputStart">
    var itemNameList ='
  </dsp:oparam>
  <dsp:oparam name="output">
    <dsp:getvalueof id="Desc" param="CommerceItem.auxiliaryData.productRef.displayName">
      ${fn:replace(Desc, "'", "\\/'")}
    </dsp:getvalueof>
  </dsp:oparam>
  <dsp:oparam name="outputEnd">';</dsp:oparam>
</dsp:droplet>
And here is the output that Im getting:
var itemNameList ='
Weyland Estate Santa Barbara Pinot Noir
Raymond \/'Prodigal\/' North Coast Cabernet Sauvignon
Chateau Haute Tuque'; 
But this is wrong, and I just need /'Prodigal'/ or no single quotes at all!



EDIT: Or I actually need to escape quotes with \ backward slash?
解决方案
The forward slash is not an escape character. That's the backslash. 
${fn:replace(Desc, "'", "\\'")}
(yes, it's been presented twice, because that's also an escape character in Java!)

However, you don't only need to repace ' by \', you also need to replace \n (newlines) by \\n. The string is been printed over multiple lines, which makes it also an invalid JS string variable. Your final result must basically look like this:
var itemNameList = ''
    + '\nWeyland Estate Santa Barbara Pinot Noir'
    + '\nRaymond \'Prodigal\' North Coast Cabernet Sauvignon'
    + '\nChateau Haute Tuque'; 
(please note that the syntax highlighter agrees on me here but not on yours)

There are however much more possible special characters which needs to be escaped. They are all covered by Apache Commons Lang StringEscapeUtils#escapeEcmaScript(). Much easier is to create a custom EL function which calls exactly that method. If not done yet, download and drop commons-lang.jar in /WEB-INF/lib. Then create a /WEB-INF/functions.tld file like follows:
<?xml version="1.0" encoding="UTF-8" ?>
<taglib 
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"
    version="2.1">

    <display-name>Custom Functions</display-name>    
    <tlib-version>1.0</tlib-version>
    <uri>http://example.com/functions</uri>

    <function>
        <name>escapeJS</name>
        <function-class>org.apache.commons.lang3.StringEscapeUtils</function-class>
        <function-signature>java.lang.String escapeEcmaScript(java.lang.String)</function-signature>
    </function>
</taglib>
So that you can use it as follows:
<%@taglib prefix="util" uri="http://example.com/functions" %>
...
${util:escapeJS(Desc)}


                        
这篇关于如何在JSP中转义JavaScript？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！