Question

<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
<script>
$(document).ready(function(){
var data = encodeURI("<script>alert('123');</script>");
alert(data);

// 无法收到提醒（＆＃39; 123＆＃39;）;由于＆gt; 符号

而处于警戒状态

// 按钮点击甚至有助于在后端发布数据

 $("button").click(function(){
            $.post("demo_test_post.asp",
            {
              name: data ,
              city: "Duckburg"
            },
            function(data,status){
                alert("Data: " + data + "\nStatus: " + status);
            });
        });

});
</script>
</head>
<body>

<button>Send an HTTP POST request to a page and get the result back</button>

</body>
</html>

Answer 1

问题是您的序列未正确转义。

试

var data = encodeURI("<script>alert('123');<\/script>");

而不是

var data = encodeURI("<script>alert('123');</script>");

在进行Ajax调用时，我无法发布<script> alert（'123'）; </script>。我使用了encodeURI，encodeURIComponent和escape。还是行不通

1 个答案: