在javascript中,我正在写一个<input>的链接,然后使用document.getElementById(&#39; downloadlink&#39;)。值读取并放入要执行的iframe src中。
代码在我的本地主机上工作正常,但不是实时服务器,由于名称无效,文件永远不会被加载(注意:http 302暂时移动是由于文件请求无效而导致.htaccess重定向)。我确信这是编码&符号的问题。我的理解是input需要&符号(和其他html实体)编码。我使用的是htmlspecialchars()和htmlspecialchars_decode()的php.js等价物(这也适用于localhost)。
对于img.src,我的理解是我希望将&符号编码为&但是在我的本地主机上,它可以在没有它们的情况下工作,但不能对它们进行编码。在我的实际网站上,它无论如何都无法正常工作。
为了对它们进行编码,我尝试过:
url = url.replace(/&/g, "&");
是时候停止撕掉我的头发并寻求帮助了。任何人吗?
iframe(来自js htmlspecialchars的编码)注意:我无法让&保持编码以进行显示 - 它们会在保存时被替换。
<iframe src="www.waldorfteacherresources.com/getfile.php?file=g2-saints-martin-009.jpg&mode=download&hv=4443f86959bf104e1df0eac204b8aaf226ae533b&wtrpath=docs " id="iframe" height="0" width="0" hidden=""></iframe>
代码
function downloadfile() {
if (document.getElementById("downloadlink")) {
var div = document.getElementById('datadiv');
var url = hx(document.getElementById('downloadlink').value);
var ifrm = document.createElement("iframe");
ifrm.setAttribute("src", url);
ifrm.setAttribute("id", "iframe");
ifrm.height = 0;
ifrm.width = 0;
ifrm.hidden = true;
div.appendChild(ifrm);
}
}
// support functions to encode / decode
// encodes output - equivalent of php hx function
// hx notation is a shortcut for htmlspecialchars() with all options set
function hx( string, flags, charsetEncoding, double_encode) {
if (typeof flags == "undefined"){
flags = 0;
}
if (typeof charsetEncoding == "undefined" ){
charsetEncoding = "UTF-8";
}
if (typeof double_encode == "undefined"){
double_encode = true;
}
// constants not valid until php v 5.4
var ENT_HTML401 = 0;
var ENT_HTML5 = (16 | 32);
var ENT_COMPAT = 2;
if ( flags == 0) {
flags = ENT_COMPAT | ENT_HTML401;
}
string = htmlspecialchars( string, flags, charsetEncoding, double_encode);
return string;
}
// decodes output of hx() / htmlspecialchars() - shortcut notation for htmlspecialchars_decode()
function hdx(string) {
return htmlspecialchars_decode(string);
}
function htmlspecialchars(string, quote_style, charset, double_encode) {
// discuss at: http://phpjs.org/functions/htmlspecialchars/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined' || quote_style === null) {
quote_style = 2;
}
string = string.toString();
if (double_encode !== false) { // Put this first to avoid double-encoding
string = string.replace(/&/g, '&');
}
string = string.replace(/</g, '<')
.replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'ENT_IGNORE' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, ''');
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
return string;
}
function htmlspecialchars_decode(string, quote_style) {
// discuss at: http://phpjs.org/functions/htmlspecialchars_decode/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined') {
quote_style = 2;
}
string = string.toString().replace(/</g, '<').replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, "'");
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
// Put this in last place to avoid escape being double-decoded
string = string.replace(/&/g, '&');
return string;
}
The request headers
GET /www.example.com/getfile.php?file=myfile.jpg&mode=download&hv=939afca0cdaafd55a1e1471da7463be9acbf5478&wtrpath=docs HTTP/1.1
Host: www.example.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Referer: http://www.waldorfteacherresources.com/index.php?grade=2&page=Saints
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: id=XXX;
PHPSESSID=.... session info here
The response
HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Feb 2016 21:16:05 GMT
Server: Apache
X-Powered-By: PHP/5.5.32
**** this is an .htaccess redirect due to an invalid file request
Location: /index.php
Cache-Control: max-age=86400
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
答案 0 :(得分:0)
事实证明,除了url格式之外,它根本不是&符号。 www.example.com src无效http://www. - www.。 src仅对我的网站有效 - 不知道为什么或如何与服务器的通信与.get_level_values()的不同,而不是与浏览器命令栏的通信。但它确实如此。