What do I need to escape inside the html
 tag

前端 未结 4 1217
栀梦
栀梦 2021-02-07 03:19

I use the

 tag in my blog to post code. I know I have to change < to < and > to >         


        
相关标签:
4条回答
  • 2021-02-07 03:48

    What happens if you use the <pre> tag to display HTML markup on your blog:

    <pre>Use a <span style="background: yellow;">span tag with style attribute</span> to hightlight words</pre>

    This will pass HTML validation, but does it produce the expected result? No. The correct way is:

    <pre>Use a &lt;span style=&quot;background: yellow;&quot;&gt;span tag with style attribute&lt;/span&gt; to hightlight words</pre>

    Another example: if you use the pre tag to display some other language code, the HTML encoding is still required:

    <pre>if (i && j) return;</pre>
    

    This might produce the expected result but does it pass HTML validation? No. The correct way is:

    <pre>if (i &amp;&amp; j) return;</pre>
    

    Long story short, HTML-encode the content of a pre tag just the way you do with other tags.

    0 讨论(0)
  • 2021-02-07 03:52

    For posting code within your markup, I suggest using the <code> tag. It works the same way as pre but would be considered semantically correct.

    Otherwise, <code> and <pre> only need the angle brackets encoded.

    0 讨论(0)
  • 2021-02-07 03:58

    Use this and don't worry about any of them.

    <pre>
    ${fn:escapeXml('
      <!-- all your code -->
    ')};
    </pre>
    

    You'll need to have jQuery enabled for it to work.

    0 讨论(0)
  • 2021-02-07 04:04

    The "Only For You" - HTML "fosile" version: using <xmp> tag

    This is not well known, but it really does exist and even chrome still supports it, however using pair <xmp> tag is NOT recommended to be relied on - it's just for you, but its a very simple way how to do your personal e.g. DOCS. even w3.org WIKI says in example "No, really. don't use it."

    You can put ANY html (excluding </xmp> end tag) inside <xmp></xmp>

    <xmp>
    <html> <br> just any other html tags...
    </xmp>
    

    The proper version

    Proper version could be considered a HTML stored as STRING and displayed with the help of some escaping function.
    Just remember one thing - the strings in C-like languages are ususally written between single quotes or double quotes - if you wrap your string in double => you should escape doubles (problably with \), if you wrap your string in single => escape singles (probably with \)...

    The most common way - Server-side language escaping (ex. in PHP)

    Server-side scripting languages often have some built-in function to escape HTML.

    <?php
       $html = "<html> <br> or just any other HTML"; //store html
       echo htmlspecialchars($html); //display escaped html
    ?>
    

    The client-side way (example in JavaScript&jQuery)

    Similar approach as on server-side is achievable in client-side scripts, JavaScript, from what I know, has no built-in function for that (it's quite logical), but if you use some framework/library, like jQuery - there are functions that can be used that way.
    Just remember the same thing as for server-side - in C-like languages, escape the quotes you've wrapped your string in...

    var html = '<html> <br> or just any other HTML';
    var $elementToInsertEscapedHTMLto = jQuery("XXX"); //XXX is selector, e.g. CSS selector
    $elementToInsertEscapedHTMLto.text( html ); 
    
    0 讨论(0)
提交回复
热议问题