1

我们我有一些带有 onSubmit 的 html:

<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">

问题是,无论我做什么,它都不会逃脱嵌套的引号。我试过了:

<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">

<form id="login_box" onSubmit="alert(\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\"); this.submit(); this.reset(); return false;">

<form id="login_box" onSubmit=\"alert(\\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\\"); this.submit(); this.reset(); return false;\">

以及我能想到的任何其他组合,即使我知道它不起作用。我没有尝试转义嵌套引号。

4

4 回答 4

2

我认为您在 python 中使用了 twig 或任何类似的模板系统。

如果要翻译{{=T('message to translate')}},只需将该字符串放入自定义属性中。

例子:

<form id="login_box" msg="{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}" onSubmit="alert(this.getAttribute('msg')); this.submit(); this.reset(); return false;">

这个例子

:)

于 2012-06-14T18:57:48.333 回答
1

假设这是在 web2py 模板中,您的原始代码:

onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;"

生成以下 HTML:

onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"

据我所知,它在浏览器中运行良好。但是,如果您想转义警报中的那些单引号,您可以执行以下操作:

onSubmit="alert({{="'%s'" % T('Thank you for contacting us! We have received your email and will contact you shortly.')}}); this.submit(); this.reset(); return false;"

这将生成以下 HTML:

onSubmit="alert(&#x27;Thank you for contacting us! We have received your email and will contact you shortly.&#x27;); this.submit(); this.reset(); return false;"

这也应该在浏览器中工作。

分隔符内的所有内容{{ }}都是 Python 代码,将在服务器上执行并在写入响应之前转义。分隔符之外的所有内容都{{ }}将按原样包含在响应中(即,web2py 不进行转义)。在您的原始代码中,警报中的单引号位于 web2py 模板分隔符之外,因此它们不会被 web2py 转义,而是按原样交付。这在 web2py 书的这一部分有进一步的解释。

于 2012-06-15T19:01:38.590 回答
0

在 HTML 属性中,某些字符 ("&) 必须编码为 HTML 实体。在 javascript 字符串中,字符串分隔符(例如')必须使用反斜杠进行转义。这意味着您的第一个应该可以工作。

<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">

{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}当您单击它时,这应该会发出警报。假设这是你想要的?

编辑:

{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}

将返回一个字符串,所以

<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">

会变成

<form id="login_box" onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;">

在呈现的 HTML 中。这是对的。但是,您需要转义任何反斜杠,然后 html 实体对 T 函数的输出进行编码(按该顺序)。

于 2012-06-14T18:36:59.573 回答
0

对返回的值进行 HTML 编码,然后将其编码为 JSON。

于 2012-06-14T19:24:01.953 回答