我有一些带有onSubmit的HTML:
<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">
问题在于,无论我做什么,它都不会逃避嵌套引号。我试过了:
<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">
<form id="login_box" onSubmit="alert(\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\"); this.submit(); this.reset(); return false;">
<form id="login_box" onSubmit=\"alert(\\"{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}\\"); this.submit(); this.reset(); return false;\">
即使我知道它也行不通,我能想到的任何其他组合。我没有尝试逃避嵌套引号。
答案 0 :(得分:2)
我认为你在python中使用twig或任何类似的模板系统。
如果您要翻译{{=T('message to translate')}}
,只需将该字符串放入自定义attr。
<form id="login_box" msg="{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}" onSubmit="alert(this.getAttribute('msg')); this.submit(); this.reset(); return false;">
:)
答案 1 :(得分:1)
假设这是在web2py模板中,您的原始代码:
onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;"
生成以下HTML:
onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"
据我所知,在浏览器中工作正常。但是,如果要在警报中转义那些单引号,则可以执行以下操作:
onSubmit="alert({{="'%s'" % T('Thank you for contacting us! We have received your email and will contact you shortly.')}}); this.submit(); this.reset(); return false;"
将生成以下HTML:
onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;"
也可以在浏览器中使用。
{{ }}
分隔符内的所有内容都是Python代码,将在服务器上执行并在写入响应之前进行转义。 {{ }}
分隔符之外的所有内容都将按原样包含在响应中(即,web2py不会进行转义)。在原始代码中,警报中的单引号位于web2py模板分隔符之外,因此它们不会被web2py转义并按原样交付。这在web2py书的this section中进一步解释。
答案 2 :(得分:0)
在HTML属性中,某些字符("
和&
)必须编码为HTML实体。在javascript字符串中,字符串分隔符(例如'
)必须使用反斜杠进行转义。这意味着你的第一个应该可以工作。
<form id="login_box" onSubmit="alert('{{=T(\'Thank you for contacting us! We have received your email and will contact you shortly.\')}}'); this.submit(); this.reset(); return false;">
点击它时,这应该提醒{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}
。假设这是你想要的?
修改强>
{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}
将返回一个字符串,所以
<form id="login_box" onSubmit="alert('{{=T('Thank you for contacting us! We have received your email and will contact you shortly.')}}'); this.submit(); this.reset(); return false;">
将成为
<form id="login_box" onSubmit="alert('Thank you for contacting us! We have received your email and will contact you shortly.'); this.submit(); this.reset(); return false;">
在呈现的HTML中。这是对的。但是,你需要转义任何反斜杠,然后html实体编码T函数的输出(按此顺序)。
答案 3 :(得分:0)
对返回的值进行HTML编码,然后将其编码为JSON。