在构造动态 HTML 表单时清理脚本对象中的 HTML

3回答

梦里花落0921

任何属性值中任何未转义的双引号都将破坏代码。let myExample = 'this is an "example" with double quotes';'<textarea value="' + myExample + '"></textarea>'这将产生以下无效的HTML混乱：<textarea value="this is an "example" with double quotes"></textarea>为防止出现这种情况，您可以转义所有双引号：let escaped = myExample.replace(/"/g, '\\"');// 'this is an \"example\" that will break'这将产生这个有效的HTML：<textarea value="this is an \"example\" with double quotes"></textarea>更好的是，您可以从创建带有字符串的HTML更改为直接创建DOM元素：// append <label>, <input>, <br> to formfunction appendInput(form, labelTxt, inputName, inputValue) {&nbsp; let label = document.createElement('label');&nbsp; form.appendChild(label);&nbsp; label.htmlFor = inputName;&nbsp; label.innerHTML = labelTxt;&nbsp; let input = document.createElement('input');&nbsp; form.appendChild(input);&nbsp; input.id = inputName;&nbsp; input.name = inputName;&nbsp; input.value = inputValue;&nbsp; let br = document.createElement('br');&nbsp; form.appendChild(br);}function generatePersonalForm(data) {&nbsp; const form = document.createElement('form');&nbsp; form.id = 'personalForm';&nbsp;&nbsp;&nbsp; appendInput(form, 'First name:', 'firstname',&nbsp; &nbsp; data.billing.contact.firstname);&nbsp; &nbsp;&nbsp;&nbsp; appendInput(form, 'Last name:', 'lastname',&nbsp; &nbsp; data.billing.contact.lastname);&nbsp; // label and textarea&nbsp; let label = document.createElement('label');&nbsp; form.appendChild(label);&nbsp; label.htmlFor = 'emailbody';&nbsp; label.innerHTML = 'Data:';&nbsp; let txtArea = document.createElement('textarea');&nbsp; form.appendChild(txtArea);&nbsp; txtArea.id = txtArea.name = 'emailbody';&nbsp; txtArea.rows = '12';&nbsp; txtArea.cols = '50';&nbsp; txtArea.value = data.emailbody;&nbsp; let br = document.createElement('br');&nbsp; form.appendChild(br);&nbsp;&nbsp;&nbsp; // submit input&nbsp; let submit = document.createElement('input');&nbsp; form.appendChild(submit);&nbsp; submit.type = 'submit';&nbsp; submit.value = 'Submit';&nbsp;&nbsp;&nbsp; return form;}const dummyData = {&nbsp; billing: {&nbsp; &nbsp; contact: {&nbsp; &nbsp; &nbsp; firstname: 'Joe',&nbsp; &nbsp; &nbsp; lastname: '"the dude" Dokes'&nbsp; &nbsp; &nbsp; }&nbsp; },&nbsp; emailbody: 'this is an "emailbody" with double-quotes'}window.onload = (() => {&nbsp; const formData = generatePersonalForm(dummyData);&nbsp; let result = document.getElementById('result');&nbsp; result.appendChild(formData);})();<div id="result">&nbsp; Result:<br></div>

0

0

0

千万里不及你

不能在 中放置超链接。 仅用于处理文本。如果您想要一个带有活动链接的简单文本，那么您应该使用div容器作为文本区域。textareaTextarea

0

0

0

翻过高山走不出你

要清理 HTML，您需要将 字符 、 、 、 和 替换为其 HTML 实体，就像以下函数一样：<>"'&function sanitizeHTML(str){&nbsp; return str.replace(/[<>"'&]/g, function(match) {&nbsp; &nbsp; return "&#" + match.charCodeAt(0) + ";";&nbsp; });}然后，在代码中，将 对 的调用替换为 ，您将获得不会破坏代码的清理输出。data.emailbodysanitizeHTML(data.emailbody)

0

0

0