2

在编码此值时,我看到一些 javascript 字符串文字存在问题:

未编码

<!-- Start ValueClick Media 300x250 Code for Test Tag -->
<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=j&t=n"></script>
<noscript><a href="http://media.fastclick.net/w/click.here?sid=38901&m=6&c=1" target="_blank">
<img src="http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=s&c=1"width=300 height=250 border=1></a></noscript>
<!-- End ValueClick Media 300x250 Code for Test Tag -->

我最终得到这个值:

解码

"<!-- Start ValueClick Media 300x250 Code for Test Tag -->\r\n<script language=\"javascript\" src=\"http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=j&t=n\"></script>\r\n<noscript><a href=\"http://media.fastclick.net/w/click.here?sid=38901&m=6&c=1\" target=\"_blank\">\r\n<img src=\"http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=s&c=1\"width=300 height=250 border=1></a></noscript>\r\n<!-- End ValueClick Media 300x250 Code for Test Tag -->"

当在某些 javascript 代码中用作 javascript 文字时,Firefox 抱怨它未终止 - 但我自己不明白为什么。

奇怪的是,如果我</script>从上面的 html 中删除“”结束标记,编码版本可以正常工作,如下所示:

未编码

<!-- Start ValueClick Media 300x250 Code for Test Tag -->
<script language="javascript" src="http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=j&t=n">
<noscript><a href="http://media.fastclick.net/w/click.here?sid=38901&m=6&c=1" target="_blank">
<img src="http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=s&c=1"width=300 height=250 border=1></a></noscript>
<!-- End ValueClick Media 300x250 Code for Test Tag -->

编码

"<!-- Start ValueClick Media 300x250 Code for Test Tag -->\r\n<script language=\"javascript\" src=\"http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=j&t=n\">\r\n<noscript><a href=\"http://media.fastclick.net/w/click.here?sid=38901&m=6&c=1\" target=\"_blank\">\r\n<img src=\"http://media.fastclick.net/w/get.media?sid=38901&m=6&tp=8&d=s&c=1\"width=300 height=250 border=1></a></noscript>\r\n<!-- End ValueClick Media 300x250 Code for Test Tag -->"

此编码值有效...

有人知道我错过了什么吗?

更新

现在似乎很明显,我责怪睡眠不足,在这种情况下,应用程序依赖于较旧版本的 JSON.Net 来编码 javascript - 所以我通过为字符串引入一个新的 JsonConverter 来解决这个问题,它处理转义关闭在应用了 JavaScript 转义后的第二遍标记。

public class EscapeTagsStringConverter : JsonConverter
{
    public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
    {
        if (value == null)
        {
            writer.WriteNull();
            return;
        }

        string escapedValue = ToEscapedJavaScriptString(value.ToString(), '"').Replace("</", "<\\/");

        writer.WriteRawValue("\"" + escapedValue + "\"");
    }

    public override object ReadJson(JsonReader reader, Type objectType, JsonSerializer serializer)
    {
        return reader.Value.ToString();
    }

    public override bool CanConvert(Type objectType)
    {
        return (objectType == typeof (string));
    }

    public static char IntToHex(int n)
    {
        if (n <= 9)
        {
            return (char)(n + 48);
        }
        return (char)((n - 10) + 97);
    }

    public static void WriteCharAsUnicode(TextWriter writer, char c)
    {
        char h1 = IntToHex((c >> 12) & '\x000f');
        char h2 = IntToHex((c >> 8) & '\x000f');
        char h3 = IntToHex((c >> 4) & '\x000f');
        char h4 = IntToHex(c & '\x000f');

        writer.Write('\\');
        writer.Write('u');
        writer.Write(h1);
        writer.Write(h2);
        writer.Write(h3);
        writer.Write(h4);
    }

    public static void WriteEscapedJavaScriptChar(TextWriter writer, char c, char delimiter)
    {
        switch (c)
        {
            case '\t':
                writer.Write(@"\t");
                break;
            case '\n':
                writer.Write(@"\n");
                break;
            case '\r':
                writer.Write(@"\r");
                break;
            case '\f':
                writer.Write(@"\f");
                break;
            case '\b':
                writer.Write(@"\b");
                break;
            case '\\':
                writer.Write(@"\\");
                break;
            case '\'':
                writer.Write((delimiter == '\'') ? @"\'" : @"'");
                break;
            case '"':
                writer.Write((delimiter == '"') ? "\\\"" : @"""");
                break;
            default:
                if (c > '\u001f')
                    writer.Write(c);
                else
                    WriteCharAsUnicode(writer, c);
                break;
        }
    }

    public void WriteEscapedJavaScriptString(TextWriter writer, string value, char delimiter)
    {
        if (value != null)
        {
            for (int i = 0; i < value.Length; i++)
            {
                WriteEscapedJavaScriptChar(writer, value[i], delimiter);
            }
        }
    }

    public string ToEscapedJavaScriptString(string value)
    {
        return ToEscapedJavaScriptString(value, '"');
    }

    public string ToEscapedJavaScriptString(string value, char delimiter)
    {
        using (StringWriter w = CreateStringWriter(GetLength(value) ?? 16))
        {
            WriteEscapedJavaScriptString(w, value, delimiter);
            return w.ToString();
        }
    }

    public static StringWriter CreateStringWriter(int capacity)
    {
        StringBuilder sb = new StringBuilder(capacity);
        StringWriter sw = new StringWriter(sb, CultureInfo.InvariantCulture);

        return sw;
    }

    public static int? GetLength(string value)
    {
        if (value == null)
            return null;
        return value.Length;
    }
}
4

2 回答 2

4

嗯,是的,如果你有:

<script>
    var s= '</script>';
</script>

浏览器应该如何知道第一个</script>不是脚本元素的真正结束?每个浏览器,不仅仅是 Firefox,都将读取为:

<script>
    var s= '   // uh-oh! string literal left open!
</script>';    // script element closed. Then some trailing text content
</script>      // close-tag for a script that isn't open, ignore

为避免包含</(ETGO) 序列的字符串文字过早结束,您必须以某种方式对其进行转义。你可以说'<\/script>''\x3C/script>'或者甚至'<'+'/script>'(那个很流行,虽然我觉得它很不雅)。

于 2010-11-08T19:58:26.580 回答
0

解码后的值不会在 chrome 或 ff 中引发错误 3.6.10 您使用的是什么 ff 版本?

于 2010-11-08T19:51:10.560 回答