XMLHttpRequest encodes the string before sending it. You will have to unescape the string. on the client side javascript, try using:

XMLHttpRequest 在发送之前对字符串进行编码。您将不得不对字符串进行转义。在客户端javascript，尝试使用：

alert(unescape(returned_string))

<is the way to show "<" in html, which is produced from XMLHttpRequest. try using XMLRequest

<是在 html 中显示“<”的方式，它是从 XMLHttpRequest 生成的。尝试使用 XMLRequest

It is the entity reference for "<" while &gt ; is the entity reference for ">" you will need to unescape the string using the unescape() method

它是“<”而 > 的实体引用。是 ">" 的实体引用，您需要使用 unescape() 方法取消转义字符串

Paul Fisher's answer is the right one. I'll take a moment to explain why. HTML-Encoding of content from the server is a security measure to protect your users from script injection attacks. If you simply unescape() what comes from the server you could be putting your users at risk, as well as your site's reputation.

保罗·费舍尔的回答是正确的。我会花点时间解释原因。来自服务器的内容的 HTML 编码是一种安全措施，可保护您的用户免受脚本注入攻击。如果您只是 unescape() 来自服务器的内容，您可能会将您的用户置于危险之中，以及您网站的声誉。

Try doing what Paul said. It's not difficult and it's much more secure. Just to make it easier, here's a sample:

试着照保罗说的去做。这并不困难，而且更安全。为了方便起见，这里有一个示例：

var divStuff = document.createElement('div');
divStuff.appendChild(containerElement);
divStuff.id = 'message1';
divStuff.innerHTML = getQuestion();

This is much more secure and draws a better separation for you presentation layer in your application.

这更加安全，并且为您的应用程序中的表示层绘制了更好的分离。

It might be better to send back a raw string with your message, and leave the client Javascript to create a divwith class message1to put it in. This will also help if you ever decide to change the layout or the style of your notices.

最好将原始字符串与您的消息一起发回，并让客户端 Javascript 创建一个divwith 类message1来放入它。如果您决定更改通知的布局或样式，这也将有所帮助。

I don't think you can avoid that. It's how "<" is represented in HTML, and the result would be OK on your HTML page.

我认为你无法避免这种情况。这就是“<”在 HTML 中的表示方式，结果在您的 HTML 页面上就可以了。