原生的javascript的innerHTML属性是直接赋上代有脚本的字符串时,脚本将不执行。
必须使用自定义的替代函数做到,见下方例子:
<script type="text/javascript">
<!--
function write(objId,str)
{
obj=document.getElementById(objId);
obj.innerHTML+=str;
}
function writeln(objId,str)
{
obj=document.getElementById(objId);
obj.innerHTML+="<br>"+str;
}
function set_innerHTML(objId, html) {
obj=document.getElementById(objId)
var ie = navigator.appVersion.match(/MSIE/);
var opera = (navigator.userAgent.toLowerCase().indexOf("opera") != -1);
if (ie && !opera) {
html = '<span style="display: none">hack ie</span>' + html;
}
obj.innerHTML = html;
var scripts = obj.getElementsByTagName("script");
if (scripts) {
repstr="write('"+objId+"',"
repstr2="writeln('"+objId+"',"
for (var i = 0; i < scripts.length; i++) {
script= scripts[i].text.replace(/document.write\(/ig,repstr).replace(/document.writeln\(/ig,repstr2)
eval(script)
}
}
}
-->
</script>
<div id="abc"></div>
<script>
set_innerHTML('abc', '<script>alert("Hello")<\/script>');
// 去掉注释看看
//document.getElementById('abc').innerHTML = '<script>alert("Hello")<\/script>'; // 由于javascript自身的限制,这段代码将不起作用
</script>
这里还有一个讨论关于该问题的帖子:
http://bbs.blueidea.com/thread-2440594-1-1.html