我已将数据存储在我的数据库中,格式为utf-8。该文本可能包含一些ascii art,从utf-8表中的代码点U + 2500到U + 25FF范围,甚至可能包含其他代码点范围。我不确定,因为这是用户编辑的。使用JSON over REST将文本传递给客户端,并且文本在某种程度上会被扭曲。
我在这里提到的utf-8字符范围具有三字节性质。例如,一组0xe2 0x96 0x93将在utf-8中等于▓或纯文本▓。客户端不是显示这个单个字符,而是将每个字节显示为自己的字符,最终显示â–‘
不确定如何攻击这个。我试图找出一种使用php转换文本服务器端的方法,但utf-8表对我来说很大,并检查每个潜在的三字节组合只是过度镶嵌。这应该很容易。我之前看过这个,但是整个页面都是服务器端。这是一个angularJs页面。
有人可以指点解决这个问题吗?谢谢。
编辑:剥离代码(php呈现)
<head>
<meta charset="utf-8">
...
</head>
<body>
...
<?
$link = new mysqli($mysql_host, $mysql_user, $mysql_pass, $mysql_db);
$result = $link->query('select descr from my_table where id = 1');
?>
<div class="well"><?=$result['descr']; ?></div>
...
</body>
会显示:
░░░░
▒░ ░▒ ▓░ ░▓ ▓░ ░▓ █░ ░█ █ █ █▓ ▓█ ▓▓▌ ▐▓▓ ▀██▄ ▄██▀ ▄ ▄████▓▓▓█▄█▀▀ ▀▀ ▄ ▄▄▄▌▄▓████████████████████████▓▀▓████▄ ▄
使用Laravel查询相同的数据库表并通过http async发送(也基本上是剥离代码):
class MyModel extends Eloquent {
public function getDescriptionAttribute($value) {
return $value;
}
}
class MyModelController extends Controller {
public function getModel ($modelId) {
return Response::json(MyModel::findOrFail($modelId));
}
}
angular.module(_SERVICES_).factory('MyModelService', ['Restangular', function (Restangular) {
'use strict';
return {
get: function (id) {
return Restangular.one('model', id).get();
}
}
}
angular.module(_CONTROLLERS_).controller('MyModelCtrl', ['$scope', '$routeParams', 'MyModelService',
function ($scope, $routeParams, MyModelService) {
MyModelService.get($routeParams.modelId).then(function (response) {
$scope.model = response;
}
}
}
<head>
<meta charset="utf-8">
...
</head>
<body ng-controller="MyModelCtrl">
....
<div class="well" ng-bind-html="model.descr"></div>
...
</body>
会显示
â–‘ â–‘ â–‘â–‘ â–‘â–‘ â–’â–‘ â–‘â–’ â–’â–‘ â–‘â–’ â–“â–‘ â–‘â–“ â–“â–‘ â–‘â–“ █░ â–‘â–ˆ â–ˆ â–ˆ █▓ â–“â–ˆ â–“â–“â–Œ â–â–“â–“ ▀██▄ ▄██▀ â–„ ▄████▓▓▓█▄█▀▀ ▀▀ â–„ ▄▄▄▌▄▓████████████████████████▓▀▓████▄ â–„
编辑2:请求/响应标头
PHP呈现的页面
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,nb;q=0.6,nn;q=0.4,no;q=0.2
Cache-Control: no-cache Connection:keep-alive
Host: example.com Pragma:no-cache
Referer: http://example.com/mymodel.php?id=1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Response Headers
Cache-control: private
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Tue, 29 Jul 2014 20:18:10 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache Server:Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Transfer-Encoding: chunked
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.4.28
异步请求/响应
Request Headers
Accept: application/json, text/plain, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,nb;q=0.6,nn;q=0.4,no;q=0.2
Cache-Control: no-cache
Connection: keep-alive
Host: example.com
Pragma: no-cache
Referer: http://www.example.com/modelview/1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Response Headers
Cache-Control: max-age=0
Cache-Control: no-cache
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 3669
Content-Type: application/json;charset=utf-8
Date: Wed, 30 Jul 2014 12:29:11 GMT
Expires: Wed, 30 Jul 2014 12:29:11 GMT
Keep-Alive: timeout=5, max=96
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Vary: Accept-Encoding,User-Agent
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/5.4.28
X-UA-Compatible: IE=edge,chrome=1