HTML-encoding lost when attribute read from input field

前端未结

关注

 25  3843

I’m using JavaScript to pull a value out from a hidden field and display it in a textbox. The value in the hidden field is encoded.

For example,

25条回答

2020-11-21 04:42

';
console.log(aString.htmlEncode());

Will output: <script>alert("I hack your site")</script>

.htmlEncode() will be accessible on all strings once defined.

0 讨论(0)