1. Javascript character escaping
JavaScript code involves three functions:Escape, encodeuri, encodeuricomponentCorresponding three decoding functions: Unescape, decodeuri, decodeuricomponent
1,You must use encodeuricomponent when passing parameters so that the combined URL will not be truncated by special characters such.
For example:
<Script language = "JavaScript"> document. Write ('<a href = "http://passport.baidu.com /? Logout & Aid = 7 & U = '+ encodeuricomponent ("http://cang.baidu.com/bruce42") +' "> exit </a & amp; gt; '); </SCRIPT>
2,Encodeuri can be used for URL redirection.
Example: location. href = encodeuri (http://cang.baidu.com/do/s? WORD = China & Ct = 21 );
The urldecode () function can be used to encode characters in PHP.
3,You can use escape when JS uses data.
When encoding Unicode values other than 0-, escape outputs % u *** format. In other cases, escape, encodeuri, and encodeuricomponent have the same encoding result.
Escape unencoded characters are 69: *, +,-,.,/, @, _, 0-9, A-Z, A-Z
Encodeuri is not encoded with 82 characters :!, #, $, &, ', (,), *, +,-,.,/,:,;, = ,?, @,_,~, 0-9, A-Z, A-Z
Encodeuricomponent has 71 unencoded characters :!, ',(,),*,-,.,_,~, 0-9, A-Z, A-Z
2. escape characters in PHP
Htmlspecialchars (), htmlspecialchars_decode ()
Htmlentities (), html_entity_decode ()
Urlencode (); urldecode ()
Rawurlencode (); rawurldecode ()
3. Note 1. store raw data in dB; 2. when the access layer obtains the DB data, it needs to perform htmlspecialchars for the string data and URL to be displayed on the page, so that the script can be displayed normally rather than executed; 3. if the access layer (such as PHP test) does not escape the output data, you need to escape the output data before the page test is displayed. It is only used for filling the page with JS, and the top character before filling is specified for escape replacement.