如何在JSP中转义JavaScript? [英] How to escape JavaScript in JSP?
问题描述
这是我的代码:
< dsp:droplet name =/ atg / dynamo / droplet / ForEach>
< dsp:param value =$ {CommerceItems}name =array/>
< dsp:param name =elementNamevalue =CommerceItem/>
< dsp:oparam name =outputStart>
var itemNameList ='
< / dsp:oparam>
< dsp:oparam name =output>
< dsp:getvalueof id =Descparam =CommerceItem.auxiliaryData.productRef.displayName>
$ {fn:replace(Desc,',\\ /)}
< / dsp:getvalueof>
< / dsp:oparam>
< dsp:oparam name =outputEnd>';< / dsp:oparam>
< / dsp:drops>
这里是我得到的输出:
var itemNameList ='
Weyland Estate圣巴巴拉黑比诺
Raymond \ /'Prodigal \ /'北海岸赤霞珠Sauvignon
高塔图克酒庄
但这是错误的,我只需要 /'Prodigal'/
或根本没有单引号!
编辑:或者我实际上需要使用 \
反斜杠来转义引号?
正斜杠不是转义字符。那是反斜杠
$ {fn:replace(Desc,',\\)}
,您还需要通过
< ($,
(是的,它被提交了两次,因为这是还 Java中的一个转义字符但是,您不仅需要
'
由<$ c $($)
c> \'
\\\\
替换\\\
(newlines) / code>。字符串已经被打印在多行,这也使得它也是一个无效的JS字符串变量。您的最终结果必须基本如下所示:
var itemNameList = ''
+'\\\
Weyland Estate圣巴巴拉黑比诺Noir'
+'\\\
Raymond \'Prodigal \'北海岸赤霞珠'
+'\Chateau Haute Tuque' ; (请注意,语法荧光笔在这里同意我的意见,但不符合您的意见)em>
然而,有更多可能需要转义的特殊字符。它们都覆盖了 Apache Commons Lang
StringEscapeUtils#escapeEcmaScript()
。更容易创建一个定制的EL函数,它调用该方法。如果尚未完成,请在/ WEB-INF / lib
中下载并删除commons-lang.jar
。然后创建一个/WEB-INF/functions.tld
文件,如下所示:<?xml version =1.0encoding =UTF-8?>
< taglib
xmlns =http://java.sun.com/xml/ns/javaee
xmlns:xsi =http://www.w3.org/2001 / XMLSchema-instance
xsi:schemaLocation =http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd
version =2.1>
< display-name>自定义函数< / display-name>
< tlib-version> 1.0< / tlib-version>
< uri> http://example.com/functions< / uri>
< function>
< name> escapeJS< / name>
< function-class> org.apache.commons.lang3.StringEscapeUtils< / function-class>
< function-signature> java.lang.String escapeEcmaScript(java.lang.String)< / function-signature>
< / function>
< / taglib>
所以你可以使用它如下:
<%@ taglib prefix =utiluri =http://example.com/functions%>
...
$ {util:escapeJS(Desc)}
I'm totally stuck on this, I'm trying to escape a single quote in a JSP. I have some data that I'm outputting directly into a JS string and the single quotes seem to be causing issues.
Here is my code:
<dsp:droplet name="/atg/dynamo/droplet/ForEach"> <dsp:param value="${CommerceItems}" name="array" /> <dsp:param name="elementName" value="CommerceItem" /> <dsp:oparam name="outputStart"> var itemNameList =' </dsp:oparam> <dsp:oparam name="output"> <dsp:getvalueof id="Desc" param="CommerceItem.auxiliaryData.productRef.displayName"> ${fn:replace(Desc, "'", "\\/'")} </dsp:getvalueof> </dsp:oparam> <dsp:oparam name="outputEnd">';</dsp:oparam> </dsp:droplet>
And here is the output that Im getting:
var itemNameList =' Weyland Estate Santa Barbara Pinot Noir Raymond \/'Prodigal\/' North Coast Cabernet Sauvignon Chateau Haute Tuque';
But this is wrong, and I just need
/'Prodigal'/
or no single quotes at all!
EDIT: Or I actually need to escape quotes with
\
backward slash?解决方案The forward slash is not an escape character. That's the backslash.
${fn:replace(Desc, "'", "\\'")}
(yes, it's been presented twice, because that's also an escape character in Java!)
However, you don't only need to repace
'
by\'
, you also need to replace\n
(newlines) by\\n
. The string is been printed over multiple lines, which makes it also an invalid JS string variable. Your final result must basically look like this:var itemNameList = '' + '\nWeyland Estate Santa Barbara Pinot Noir' + '\nRaymond \'Prodigal\' North Coast Cabernet Sauvignon' + '\nChateau Haute Tuque';
(please note that the syntax highlighter agrees on me here but not on yours)
There are however much more possible special characters which needs to be escaped. They are all covered by Apache Commons Lang
StringEscapeUtils#escapeEcmaScript()
. Much easier is to create a custom EL function which calls exactly that method. If not done yet, download and dropcommons-lang.jar
in/WEB-INF/lib
. Then create a/WEB-INF/functions.tld
file like follows:<?xml version="1.0" encoding="UTF-8" ?> <taglib xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd" version="2.1"> <display-name>Custom Functions</display-name> <tlib-version>1.0</tlib-version> <uri>http://example.com/functions</uri> <function> <name>escapeJS</name> <function-class>org.apache.commons.lang3.StringEscapeUtils</function-class> <function-signature>java.lang.String escapeEcmaScript(java.lang.String)</function-signature> </function> </taglib>
So that you can use it as follows:
<%@taglib prefix="util" uri="http://example.com/functions" %> ... ${util:escapeJS(Desc)}
这篇关于如何在JSP中转义JavaScript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!