如何在 JSP 中转义 JavaScript?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9708242/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to escape JavaScript in JSP?
提问by jrutter
I'm totally stuck on this, I'm trying to escape a single quote in a JSP. I have some data that I'm outputting directly into a JS string and the single quotes seem to be causing issues.
我完全坚持这一点,我试图逃避 JSP 中的单引号。我有一些数据直接输出到 JS 字符串中,单引号似乎引起了问题。
Here is my code:
这是我的代码:
<dsp:droplet name="/atg/dynamo/droplet/ForEach">
<dsp:param value="${CommerceItems}" name="array" />
<dsp:param name="elementName" value="CommerceItem" />
<dsp:oparam name="outputStart">
var itemNameList ='
</dsp:oparam>
<dsp:oparam name="output">
<dsp:getvalueof id="Desc" param="CommerceItem.auxiliaryData.productRef.displayName">
${fn:replace(Desc, "'", "\/'")}
</dsp:getvalueof>
</dsp:oparam>
<dsp:oparam name="outputEnd">';</dsp:oparam>
</dsp:droplet>
And here is the output that Im getting:
这是我得到的输出:
var itemNameList ='
Weyland Estate Santa Barbara Pinot Ntheitroad
Raymond \/'Prodigal\/' North Coast Cabernet Sauvignon
Chateau Haute Tuque';
But this is wrong, and I just need /'Prodigal'/or no single quotes at all!
但这是错误的,我只需要/'Prodigal'/或根本不需要单引号!
EDIT: Or I actually need to escape quotes with \backward slash?
编辑:或者我实际上需要用\反斜杠转义引号?
回答by BalusC
The forward slash is not an escape character. That's the backslash.
正斜杠不是转义字符。那是反斜杠。
${fn:replace(Desc, "'", "\'")}
(yes, it's been presented twice, because that's alsoan escape character in Java!)
(是的,它已经出现了两次,因为它也是Java 中的转义字符!)
However, you don't only need to repace 'by \', you also need to replace \n(newlines) by \\n. The string is been printed over multiple lines, which makes it also an invalid JS string variable. Your final result must basicallylook like this:
但是,您不仅需要 repac 'by \',还需要替换\n(newlines) by \\n。该字符串被打印在多行上,这使得它也是一个无效的 JS 字符串变量。您的最终结果必须基本上如下所示:
var itemNameList = ''
+ '\nWeyland Estate Santa Barbara Pinot Ntheitroad'
+ '\nRaymond \'Prodigal\' North Coast Cabernet Sauvignon'
+ '\nChateau Haute Tuque';
(please note that the syntax highlighter agrees on me here but not on yours)
(请注意,这里的语法高亮笔与我的一致,但与您的不一致)
There are however muchmore possible special characters which needs to be escaped. They are all covered by Apache Commons LangStringEscapeUtils#escapeEcmaScript(). Much easier is to create a custom EL function which calls exactly that method. If not done yet, download and drop commons-lang.jarin /WEB-INF/lib. Then create a /WEB-INF/functions.tldfile like follows:
然而,有很多更可能的,这需要转义特殊字符。它们都包含在Apache Commons Lang 中StringEscapeUtils#escapeEcmaScript()。更容易的是创建一个自定义的 EL 函数来调用该方法。如果尚未完成,请下载并commons-lang.jar放入/WEB-INF/lib. 然后创建一个/WEB-INF/functions.tld文件如下:
<?xml version="1.0" encoding="UTF-8" ?>
<taglib
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"
version="2.1">
<display-name>Custom Functions</display-name>
<tlib-version>1.0</tlib-version>
<uri>http://example.com/functions</uri>
<function>
<name>escapeJS</name>
<function-class>org.apache.commons.lang3.StringEscapeUtils</function-class>
<function-signature>java.lang.String escapeEcmaScript(java.lang.String)</function-signature>
</function>
</taglib>
So that you can use it as follows:
这样您就可以按如下方式使用它:
<%@taglib prefix="util" uri="http://example.com/functions" %>
...
${util:escapeJS(Desc)}
