无效字符破坏了脚本
本文关键字:脚本 坏了 字符 无效 | 更新日期: 2023-09-27 18:31:37
我使用此代码创建一串javascript代码,并从C#代码隐藏运行它们。
它对于正常值工作正常,但是当值中有 '(撇号)时会中断。
StringBuilder sb = new StringBuilder();
sb.Append("<script>");
// Store transmission chrome feature.
for(int i=0; i < Transmission.Length; i++)
{
sb.Append("var obj = {text: '" + Transmission[i][0] + "',"
+ "value: '" + Transmission[i][1] +"'};");
sb.Append("transChromeData.push(obj);");
}
sb.Append("</" + "script>");
this.RegisterStartupScript("Info", sb.ToString());
使用Microsoft JScript转义函数
Microsoft.JScript.GlobalObject.escape("String to escape");
在您的代码下方编辑
StringBuilder sb = new StringBuilder();
sb.Append("<script>");
// Store transmission chrome feature.
for(int i=0; i < Transmission.Length; i++)
{
sb.Append("var obj = {text: '" + Microsoft.JScript.GlobalObject.escape(Transmission[i][0]) + "',"
+ "value: '" + Microsoft.JScript.GlobalObject.escape(Transmission[i][1]) +"'};");
sb.Append("transChromeData.push(obj);");
}
sb.Append("</" + "script>");
this.RegisterStartupScript("Info", sb.ToString());
或者您可以使用
HttpUtility.UrlDecode
但它会不安全
在 asp.net 1.1 尝试使用此处建议的代码http://www.west-wind.com/weblog/posts/2007/Jul/14/Embedding-JavaScript-Strings-from-an-ASPNET-Page
如果有人添加'
作为值,它也会中断。您需要转义会破坏 Javascript 字符串的字符 - HttpUtility.JavaScriptStringEncode 将为您执行此操作:
StringBuilder sb = new StringBuilder();
sb.Append("<script>");
// Store transmission chrome feature.
for(int i=0; i < Transmission.Length; i++)
{
sb.Append("var obj = {text: '" + HttpUtility.JavaScriptStringEncode(Transmission[i][0]) + "',"
+ "value: '" + HttpUtility.JavaScriptStringEncode(Transmission[i][2]) +"'};");
sb.Append("transChromeData.push(obj);");
}
sb.Append("</" + "script>");
this.RegisterStartupScript("Info", sb.ToString());
对于 .NET 的古老版本,需要自行推出。Rick Strahl 有一个很好的实现,涵盖了不同的 JS 字符:
public static string EncodeJsString(string s)
{
StringBuilder sb = new StringBuilder();
sb.Append("'"");
foreach (char c in s)
{
switch (c)
{
case ''"':
sb.Append("'''"");
break;
case '''':
sb.Append("''''");
break;
case ''b':
sb.Append("''b");
break;
case ''f':
sb.Append("''f");
break;
case ''n':
sb.Append("''n");
break;
case ''r':
sb.Append("''r");
break;
case ''t':
sb.Append("''t");
break;
default:
int i = (int)c;
if (i < 32 || i > 127)
{
sb.AppendFormat("''u{0:X04}", i);
}
else
{
sb.Append(c);
}
break;
}
}
sb.Append("'"");
return sb.ToString();
}
试试这个:
StringBuilder sb = new StringBuilder();
sb.Append("<script>");
// Store transmission chrome feature.
for (int i = 0; i < Transmission.Length; i++)
{
sb.Append("var obj = {text: '")
.Append(Escape(Transmission[i][0]))
.Append("',")
.Append("value: '")
.Append(Escape(Transmission[i][1]))
.Append("'};")
.Append("transChromeData.push(obj);");
}
sb.Append("</script>");
this.RegisterStartupScript("Info", sb.ToString());
...
static string Escape(string source)
{
return source.Replace(@"'", @"''");
}