发表新帖
发表新帖

Escaping output safely for both html and input fields

后端 未结
关注
3 1824
名媛妹妹
名媛妹妹 2020-12-19 11:32

In my web app, users can input text data. This data can be shown to other users, and the original author can also go back and edit their data. I\'m looking for the correct w

3条回答
  • 暗喜
    暗喜 (楼主)
    2020-12-19 12:09

    I believe it is a problem with the way you are applying the value towards the input. It is being displayed as encoded, which makes sense because it is Javascript, not HTML. So, what I would propose is to write your encoded text as part of the markup so that it gets parsed naturally (as opposed to being injected with client script). Since your textboxes are not readily available when the server is responding, you can use a temporary hidden field...

    " />

    Then it will get parsed as good old HTML, and when you try to access the value with Javascript it should be decoded...

    // Give your textbox an ID!
$("#txtInput").val($("#hidEncoded").val());

    0 讨论(0)
 看不清?
提交回复
热议问题