数组中的回车符导致意外的令牌错误

时间:2014-01-23 22:12:05

标签: javascript json angularjs

我正在尝试检索存在回车符时损坏的文本字符串。

有一个多行输入字段,允许用户点击输入并输入下一行。有一个按钮,允许用户保存笔记。

保存正在发生...... 

if (save) note = $('#annotation_textarea').val();

导航到SPA应用程序中的另一个页面会导致意外的令牌错误。

我试图将回车转换为la RegEx。

note.replace(/(\r\n|\n|\r)/g,"<br />");

没有用。

以下是重现此问题的代码:

app.js 

var mySceApp = angular.module('mySceApp', ['ngSanitize']);

mySceApp.controller("myAppController", function myAppController($http, $templateCache, $sce) {
  var self = this;
  $http.get("test_data.json", {cache: $templateCache}).success(function(userComments) {
    self.userComments = userComments;
  });
  self.explicitlyTrustedHtml = $sce.trustAsHtml(
      '<span onmouseover="this.textContent=&quot;Explicitly trusted HTML bypasses ' +
      'sanitization.&quot;">Hover over this text.</span>');
});

HTML 

<!doctype html>
<html ng-app="mySceApp">
  <head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular-sanitize.min.js"></script>
<script type="text/javascript" src="script.js"></script>
</head>
  <body>

<div ng-controller="myAppController as myCtrl">
  <i ng-bind-html="myCtrl.explicitlyTrustedHtml" id="explicitlyTrustedHtml"></i><br><br>
  <b>User comments</b><br>
  By default, HTML that isn't explicitly trusted (e.g. Alice's comment) is sanitized when
  $sanitize is available.  If $sanitize isn't available, this results in an error instead of an
  exploit.
  <div class="well">
    <div ng-repeat="userComment in myCtrl.userComments">
      <b>{{userComment.name}}</b>:
      <span ng-bind-html="userComment.htmlComment" class="htmlComment"></span>
      <br>
    </div>
  </div>
</div>


  </body>
</html>

测试数据

[
  { "name": "Carriage Return test",
    "htmlComment":
        "<span onmouseover='this.textContent=\"PWN3D!\"'>Is <i>anyone</i> reading this?</span>"
  },
  { "name": "Bob",
    "htmlComment": "<i>Yes!</i>  Am I the only other one?"
  },
  { "name": "Hal",
    "htmlComment": "You,
     are
     not
     alone!"
  }
]

这是一个plnkr
http://plnkr.co/edit/RYReiYQfD0Vw8u0BeDVc?p=preview

1 个答案:

答案 0 :(得分:1)

我不完全确定会发生什么。我认为最安全的是使用$sce服务并解析为html,如

$sce.parseAsHtml(someValue)

以下是有关此服务的文件:

http://docs.angularjs.org/api/ng。$ SCE

相关问题
最新问题