问题描述
我正在从数据库输出值(它不是公开的公开的,但它是公开的,由用户进入公司 - 意思是,我不担心。)我试图输出一个标签如下:
< a href =onclick =DoEdit('DESCRIPTION');>单击我; / A>
描述实际上是一个数据库中的值,如下所示:
预先评估迷你报告
我已经尝试用\替换了,但无论我尝试什么,Firefox都会在
我必须明白答案,但对于我的生活我无法理解。
这是整个HTML页面(这将是一个页面,但是为了解决这个问题,我拿出了一切,但问题代码)
< HTML>
< body>
< a href =#onclick =DoEdit('Preliminary Assessment \Mini\'); return false;> edit< / a>
< / body>
< / html>
你需要将你正在写的字符串 DoEdit 来清理双引号字符。它们导致 onclick HTML属性过早关闭。
使用JavaScript转义字符 \ ,在HTML上下文中是不够的。您需要使用适当的XML实体表示替换双引号,& quot; 。
I'm outputting values from a database (it isn't really open to public entry, but it is open to entry by a user at the company -- meaning, I'm not worried about XSS.)
I'm trying to output a tag like this:
<a href="" onclick="DoEdit('DESCRIPTION');">Click Me</a>
DESCRIPTION is actually a value from the database that is something like this:
Prelim Assess "Mini" Report
I've tried replacing " with \", but no matter what I try, Firefox keeps chopping off my JavaScript call after the space after the word Assess, and it is causing all sorts of issues.
I must bemissing the obvious answer, but for the life of me I can't figure it out.
Anyone care to point out my idiocy?
Here is the entire HTML page (it will be an ASP.NET page eventually, but in order to solve this I took out everything else but the problem code)
<html>
<body>
<a href="#" onclick="DoEdit('Preliminary Assessment \"Mini\"'); return false;">edit</a>
</body>
</html>
You need to escape the string you are writing out into DoEdit to scrub out the double-quote characters. They are causing the onclick HTML attribute to close prematurely.
Using the JavaScript escape character, \, isn't sufficient in the HTML context. You need to replace the double-quote with the proper XML entity representation, ".
这篇关于在JavaScript中转义引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!