在jsp编写中经常会在页面上使用变量直接输出(eg.<%=userName%>),有时是为了显示信息,有时作为js参数提供,有时用于拼装url。由于html语言自身的转义字符的存在,变量的直接输出会导致页面显示不正常,或js语法错误,或url错误,本文讨论这一问题的分析和解决,同时探讨struts框架对这一问题的解决方案,希望对其他类似问题的解决有所启发。
Html:
< escape sequence for <
> escape sequence for >
& escape sequence for &
" escape sequence for “
JavaScript:
Url:
Struts的解决方案:
附:
Html:
< escape sequence for <
> escape sequence for >
& escape sequence for &
" escape sequence for “
JavaScript:
Url:
Struts的解决方案:
附:
public class PageUtil { /** * genarate escape sequance in html for special str * @see HTML 4.01 Specification 5.3.2 Character entity references */ public static String escape4html(String str){ StringBuffer sb = new StringBuffer(); for(int i=0;i<str.length();i++){ char c = str.charAt(i); if(c =='"') sb.append("""); else if(c =='<') sb.append("<"); else if(c =='>') sb.append(">"); else sb.append(c); } return sb.toString(); } /** * genarate escape sequance in javascript for special str * @see JavaScript Language 1.1 Specification 2.7.5 Escape Sequences for String Literals */ public static String escape4js(String str){ StringBuffer sb = new StringBuffer(); for(int i=0;i<str.length();i++){ char c = str.charAt(i); if(c =='/'') sb.append("///'"); else if(c =='"') sb.append("///""); else sb.append(c); } return sb.toString(); } public static void main(String[] args) { } }