我想在我的数据库中插入带有textarea字段的html和JavaScript代码。问题是代码已插入,但它用反弹替换了所有双重问题。如何使用textarea插入此代码。
<div id="TA_cdsratingsonlynarrow539" class="TA_cdsratingsonlynarrow"><ul id="Ny62NY" class="TA_links r04zlbt"><li id="jb9xdEapRG" class="sc9nmfeVX"><a target="_blank" href="https://www.tripadvisor.com/"><img src="https://www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png" alt="TripAdvisor"/></a></li></ul></div><script src="https://www.jscache.com/wejs?wtype=cdsratingsonlynarrow&uniq=539&locationId=671932&lang=en_US&border=false&shadow=false&display_version=2"></script>
答案 0 :(得分:0)
可以使用textarea输入字段将html和javascript代码插入/注入当前页面。
考虑一下,你跟随textarea:
<div id="output"></div>
<div style="margin: 25px auto; width: 80%; height: auto;">
<form id="myform" name="myform">
<textarea id="mytextarea" name="mytextarea" cols="90" rows="20"></textarea>
<br> <button type="button" id="mybutton">execute</button>
</form>
</div>
现在,您可以向上面的按钮添加事件侦听器,以从textarea中提取html和javascript代码并将它们插入到页面中:
window.addEventListener('load', function () {
document.getElementById('mybutton').addEventListener('click', function (e) {
var mytextarea = document.getElementById('mytextarea');
var pattern = /<script>([^]+?)<\/script>/mg;
var matches, txt = mytextarea.value;
if (txt) {
while (matches = pattern.exec(txt)) {
if (matches[1]) {
var tContent = matches[1].replace(/(\n|\r)+/gm, '');
var s = document.createElement('script');
s.innerText = tContent;
document.body.appendChild(s);
}
}
txt = txt.replace(pattern, '');
}
if (txt) {
document.getElementById('output').innerHTML = txt;
}
});
});