问题
I use the <pre>
tag in my blog to post code. I know I have to change <
to <
and >
to >
. Are any other characters I need to escape for correct html?
回答1:
What happens if you use the <pre>
tag to display HTML markup on your blog:
<pre>Use a <span style="background: yellow;">span tag with style attribute</span> to hightlight words</pre>
This will pass HTML validation, but does it produce the expected result? No. The correct way is:
<pre>Use a <span style="background: yellow;">span tag with style attribute</span> to hightlight words</pre>
Another example: if you use the pre tag to display some other language code, the HTML encoding is still required:
<pre>if (i && j) return;</pre>
This might produce the expected result but does it pass HTML validation? No. The correct way is:
<pre>if (i && j) return;</pre>
Long story short, HTML-encode the content of a pre tag just the way you do with other tags.
回答2:
The "Only For You" - HTML "fosile" version: using <xmp>
tag
This is not well known, but it really does exist and even chrome still supports it,
however using pair <xmp>
tag is NOT recommended to be relied on - it's just for you, but its a very simple way how to do your personal e.g. DOCS. even w3.org WIKI says in example "No, really. don't use it."
You can put ANY html (excluding </xmp>
end tag) inside <xmp></xmp>
<xmp>
<html> <br> just any other html tags...
</xmp>
The proper version
Proper version could be considered a HTML stored as STRING and displayed with the help of some escaping function.
Just remember one thing - the strings in C-like languages are ususally written between single quotes or double quotes - if you wrap your string in double => you should escape doubles (problably with \
), if you wrap your string in single => escape singles (probably with \
)...
The most common way - Server-side language escaping (ex. in PHP)
Server-side scripting languages often have some built-in function to escape HTML.
<?php
$html = "<html> <br> or just any other HTML"; //store html
echo htmlspecialchars($html); //display escaped html
?>
The client-side way (example in JavaScript&jQuery)
Similar approach as on server-side is achievable in client-side scripts,
JavaScript, from what I know, has no built-in function for that (it's quite logical), but if you use some framework/library, like jQuery - there are functions that can be used that way.
Just remember the same thing as for server-side - in C-like languages, escape the quotes you've wrapped your string in...
var html = '<html> <br> or just any other HTML';
var $elementToInsertEscapedHTMLto = jQuery("XXX"); //XXX is selector, e.g. CSS selector
$elementToInsertEscapedHTMLto.text( html );
回答3:
For posting code within your markup, I suggest using the <code> tag. It works the same way as pre but would be considered semantically correct.
Otherwise, <code> and <pre> only need the angle brackets encoded.
回答4:
Use this and don't worry about any of them.
<pre>
${fn:escapeXml('
<!-- all your code -->
')};
</pre>
You'll need to have jQuery enabled for it to work.
来源:https://stackoverflow.com/questions/1273145/what-do-i-need-to-escape-inside-the-html-pre-tag