我必须在“脚本”元素中逃避什么? [英] What exactly do I have to escape inside a `script` element?
问题描述
在HTML页面中,必须在脚本
元素中转义JavaScript代码的哪些部分? <>&
足够或太多?
What parts of JavaScript code do I have to escape inside a script
element in a HTML page? Is <>&
enough or too much?
这与此错误有关: http://code.google。 com / p / rendersnake / issues / detail?id = 15#c6 comment#6
This is related to this bug: http://code.google.com/p/rendersnake/issues/detail?id=15#c6 comment #6
推荐答案
和XHTML,如果您是邪恶的人将您的XHTML页面发送为文本/ html
),脚本
标签是 #CDATA
,因此,你唯一的内容不应该是< / script>
,因为这是解析器寻找标记标签结束的所有信息。不要逃避任何东西只需确保您在标签内容中没有< / script>
。例如,如果您有一个带有关闭脚本标记的字符串,请将其拆分:
In HTML (and XHTML if you're an evil person that sends your XHTML pages as text/html
), script
tags are #CDATA
, and therefore, the only thing that you shouldn't have in the content is </script>
, as that is all that the parser looks for to signal the end of the tag. Don't escape anything; just make sure you don't have </script>
in the tag content. For example, if you have a string with a closing script tag, split it up:
var a = '</scr' + 'ipt>';
在XHTML中发送为 application / xhtml + xml
,脚本
标签是 #PCDATA
,因此转义
和&
是必要的,除非您可以使用<![CDATA [...]]>
块更改为 #CDATA
解析模式,但在这种情况下,请记住,您不能有]]>
在您的标签内容。
In XHTML, sent as application/xhtml+xml
, script
tags are #PCDATA
, and therefore, escaping <
and &
is necessary, unless you can use a <![CDATA[ ... ]]>
block to change to #CDATA
parsing mode, but in that case, remember that you can't have ]]>
in your tag content.
这篇关于我必须在“脚本”元素中逃避什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!