问题
<!DOCTYPE html>
<html>
<body>
<p>Click the button to trigger a function that will output "Hello World" in a p element with id="demo".</p>
<button onclick="myFunction()">Click me</button>
<p id="demo"></p>
<script>
function myFunction() {
document.getElementById("demo").innerHTML = "'Python\x20Auto\x20\x3Cscript\x20type\x3D\x22text\x2Fjavascript\x22\x3E\x20alert\x28\x22JavaScript\x20alert\x22\x29\x3B\x20\x3C\x2Fscript\x3E\x20'";
}
</script>
</body>
</html>回答1:
Need to use < for <, > for >, and \" for ". Everything else should be fine to use the actual characters, see below.
<!DOCTYPE html>
<html>
<body>
<p>Click the button to trigger a function that will output "Hello World" in a p element with id="demo".</p>
<button onclick="myFunction()">Click me</button>
<p id="demo"></p>
<script>
function myFunction() {
document.getElementById("demo").innerHTML = "'Python Auto <script type=\"text/javascript\"> alert(\"JavaScript alert\");</script>'";
}
</script>
</body>
</html>回答2:
!!!Please see the comment below, also, please make your question a bit more clear!!!
Instead of using \x3C you can use < because somehow it is escaping rest of the string,
<!DOCTYPE html>
<html>
<body>
<p>Click the button to trigger a function that will output "Hello World" in a p element with id="demo".</p>
<button onclick="myFunction()">Click me</button>
<p id="demo"></p>
<script>
function myFunction() {
document.getElementById("demo").innerHTML = "'Python\x20Auto\x20<script\x20type\x3D\x22text\x2Fjavascript\x22\x3E\x20alert\x28\x22JavaScript\x20alert\x22\x29\x3B\x20\x3C\x2Fscript\x3E\x20'";
}
</script>
</body>
</html>
来源:https://stackoverflow.com/questions/40422236/script-tag-is-missing-when-printing-a-javascript-escaped-text