0

当我使用 Javascript 构建字符串时,为什么 Oracle ADF 没有为我转义引号?

<jsp:root ...>
 <f:view ...>
  <afh:html>
   <f:loadBundle basename="message" var="msg"/>
   <afh:head ...>
    <script>
     function validate() {
      var errorMessages = '';
      .
      .
      if (regNum == '') {
       errorMessages = errorMessages + '<h:outputText value='#{msg['getDetails.validate.regNum']}"/>' + '\r\n';
      }
      .
      .

在我的消息资源文件中,我有类似

getDetails.validate.regNum=I'd enter the registration number if I were you.

真正的文本是带有重音字符的爱尔兰语,我可以看到重音字符被转义,但引号字符却没有。

4

2 回答 2

3

因为单引号在 HTML 中不是非法的。

但它们在 JS 中。您可以使用fn:replace()它们来逃避它们。

<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
...
<script>
   var foo = '<h:outputText value="#{fn:replace(msg['getDetails.validate.regNum'], "'", "\'")}"/>';
于 2010-09-14T17:39:53.443 回答
2 
<h:outputText value='#{msg['getDetails.validate.regNum']}"/>

The intent of the outputText JSF component is to emit character data (it can emit a styled span element, for example). Although the exact form emmitted by its renderer is an implementation detail, nothing in its specification suggests that it is suitable for attribute or JavaScript string literal encoding.

Text content will generally be emitted by the ResponseWriter.writeText methods. Quote marks don't need to be escaped in character data.

The encoding of the accented characters is either due to them not being present in your response encoding or an overly cautious ResponseWriter implementation that is guarding against encoding problems. Characters in the ASCII set are unlikely to be escaped in this manner.

于 2010-09-14T17:30:21.003 回答