百分比符号 (%) 是否应该始终使用 HTML 转义?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12851976/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Should the percent symbol (%) always be HTML-escaped?
提问by Jensen Ching
I know the percent symbol has to be URL-encoded when being passed around, but when I display it in the browser, is it also necessary to escape it like so: %?
我知道百分比符号在传递时必须是 URL 编码的,但是当我在浏览器中显示它时,是否也需要像这样转义它:%?
采纳答案by Jon Newmuis
In URLs, the percent sign (%) has a special meaning, so it should be escaped. In HTML, it does not, so it is not necessary to escape it.
在 URL 中,百分号 ( %) 具有特殊含义,因此应该对其进行转义。在 HTML 中,它没有,因此没有必要对其进行转义。
回答by bobsobol
I agreewith the chosen answer, but would like to qualifythe statement “it is not necessary to escape it.”
我同意所选择的答案,但想限定“没有必要逃避它”这句话。
Ifyou have a need (or desire) to escape a percentage sign in HTML code, (and there are goodreasons to do this with anypotentially ambiguous character or symbol) then I would highlyrecommend using the percentage entity code %as opposed to any numeric code. (those I use when there is no entity name you coulduse)
如果您需要(或希望)在 HTML 代码中转义百分比符号(并且有充分的理由使用任何可能不明确的字符或符号来执行此操作),那么我强烈建议使用百分比实体代码%而不是任何数字代码。(当没有您可以使用的实体名称时我使用的那些)
That was the answer I was looking for when I found this page, because I forgot it looses the final "e".
当我找到这个页面时,这就是我正在寻找的答案,因为我忘记了它失去了最后的“e”。
We should probably allbe using at leastthe entities kindly listed here. (whoever Webmasterish is; thank you)
我们可能都应该至少使用这里列出的实体。(无论网站管理员是谁;谢谢)
Reasoning:Numeric codes (and particularly byte codes from unencoded characters) change with code–pages, on systems using different default languages, and / or different operating systems. (Windows and Mac using slightly different code sets for “English” being the classic, which stillplagues plain–text eMail sent between Apple Mail and Outlook) This is slowing down, and shouldstop with UTF, but I'm stillseeing it pop up.
推理:在使用不同默认语言的系统和/或不同的操作系统上,数字代码(尤其是来自未编码字符的字节代码)随代码页而变化。(Windows 和 Mac 使用稍微不同的代码集,“英语”是经典的,这仍然困扰着 Apple Mail 和 Outlook 之间发送的纯文本电子邮件)这正在变慢,应该停止使用 UTF,但我仍然看到它流行向上。
If you're converting HTML to some other mark–up, (note, I used "–" not a "-", or even "−" for the samereason) such as LaTeX, DVI, PostScript or even MarkDown, then it's useful to completelysquash any ambiguity… And those processes tend to happen on the information you leastexpect to be used in such a way when you initially write it. So just get used to doing it everywhereand be grateful to your former self for having had the foresight to do so. Probably yearsdown the line, when you're looking to update formulae to be more readable by utilising MathJax or such, and keep picking up hyphenated words. <swearmarks>
如果您要将 HTML 转换为其他标记(注意,出于同样的原因,我使用了“ –” 不是“ -”,甚至是“ −” ),例如 LaTeX、DVI、PostScript 甚至 MarkDown,那么完全消除任何歧义……这些过程往往发生在您最初编写时最不希望以这种方式使用的信息上。因此,只要习惯于在任何地方都这样做,并感谢以前的自己有远见地这样做。可能几年后,当您希望通过使用 MathJax 等来更新公式以使其更具可读性时,并继续选择带连字符的单词。<脏话>
回答by stej
I'd like to add this - if you use javascript in href, you are in troubles too. Check this example:
我想补充一点 - 如果你在 href 中使用 javascript,你也会遇到麻烦。检查这个例子:
One of the workarounds might be using onclickinstead of href.
一种解决方法可能是使用onclick而不是href.
回答by Norguard
If you're talking about in HTML text, visible to the reader, no. It can't do anything harmful, there.
如果您是在 HTML 文本中讨论,对读者可见,则不是。它不能做任何有害的事情,那里。
...if you're talking about inside of HTML attributes, then yes, that would be good to consider.
...如果您在谈论 HTML 属性的内部,那么是的,最好考虑一下。
URLs and HTML are different languages, as weird as that might seem, so they have different weaknesses.
URL 和 HTML 是不同的语言,虽然看起来很奇怪,但它们有不同的弱点。
