我必须在“脚本”元素中逃避什么？ [英] What exactly do I have to escape inside a `script` element?

问题描述

在HTML页面中，必须在脚本元素中转义JavaScript代码的哪些部分？ <>& 足够或太多？

What parts of JavaScript code do I have to escape inside a script element in a HTML page? Is <>& enough or too much?

这与此错误有关： http://code.google。 com / p / rendersnake / issues / detail？id = 15＃c6 comment＃6

This is related to this bug: http://code.google.com/p/rendersnake/issues/detail?id=15#c6 comment #6

推荐答案

和XHTML，如果您是邪恶的人将您的XHTML页面发送为文本/ html ），脚本标签是 #CDATA ，因此，你唯一的内容不应该是< / script> ，因为这是解析器寻找标记标签结束的所有信息。不要逃避任何东西只需确保您在标签内容中没有< / script> 。例如，如果您有一个带有关闭脚本标记的字符串，请将其拆分：

In HTML (and XHTML if you're an evil person that sends your XHTML pages as text/html), script tags are #CDATA, and therefore, the only thing that you shouldn't have in the content is </script>, as that is all that the parser looks for to signal the end of the tag. Don't escape anything; just make sure you don't have </script> in the tag content. For example, if you have a string with a closing script tag, split it up:

var a = '</scr' + 'ipt>';

在XHTML中发送为 application / xhtml + xml ，脚本标签是 #PCDATA ，因此转义 和& 是必要的，除非您可以使用<！[CDATA [...]]> 块更改为 #CDATA 解析模式，但在这种情况下，请记住，您不能有]]> 在您的标签内容。

In XHTML, sent as application/xhtml+xml, script tags are #PCDATA, and therefore, escaping < and & is necessary, unless you can use a <![CDATA[ ... ]]> block to change to #CDATA parsing mode, but in that case, remember that you can't have ]]> in your tag content.

这篇关于我必须在“脚本”元素中逃避什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！