| HTML processing |
Striptags | escapehtml | unescapehtml |
|
|
| JSON processing |
Unfilterjson | Isjson | Evaljson | Parsejson |
| Script processing |
Stripscripts | Extractscripts | evalscripts |
Now, the string section is transferred to a specific association application that corresponds
HTML strings, JSON strings, and script strings in HTML.
"In a word, something about JSON, you can look at http://www.cnblogs.com/TomXu/archive/2012/01/11/2311956.html."
The following are described separately:
One, HTML string
Striptags: Removes all HTML tags from the string.
Escapehtml: Converts HTML special characters to their equivalent entities. (& corresponding & < corresponding < > corresponding to >)
Unescapehtml: Removes the label from the string and converts the HTML special characters represented in the entity to their normal form. (Reverse operation of escapehtml)
A regular/<\w+ in Striptags (\s+ ("[^"]* "|") [^']*'| [^>]) +)? >|<\/\w+>/gi is used to match the contents of the label, note that the line can not be changed, but the line will have syntax errors.
"The only place that this method needs to be noted is that striptags removes the <script> tag, but does not remove the contents, so it may expose the contents of <script> and affect the structure of the page."
Second, script string
Stripscripts: Removes all HTML script blocks from the string. Make up the defect of Striptags method to script label
Extractscripts: Extracts the contents of all the script contained in the string and returns it as an array of strings.
Evalscripts: Executes the contents of all the script blocks contained in the string. Returns an array that contains the values that are returned after each script is executed.
The regularization of stripscripts is a regular development in the Striptags
Copy Code code as follows:
function stripscripts () {
var pattern = new RegExp (' <script[^>]*> (\\s\\s]*?) <\/script> ', ' img ');//i ignore case, M line wrap, G global
Return to This.replace (pattern, ');
}
Copy Code code as follows:
function extractscripts () {
var matchall = new RegExp (' <script[^>]*> (\\s\\s]*?) <\/script> ', ' img '),
Matchone = new RegExp (' <script[^>]*> [\\s\\s]*?) <\/script> ', ' im ');
Return (This.match (matchall) | | []). Map (function (Scripttag) {
Return (Scripttag.match (matchone) | | ['', '']) [1];
});
}
Map is an extension of the array, some browsers have this native method, see "The Chrome Native Method array"
The last thing you get is an array of the contents of all the script tags, so the evalscripts approach is natural to think about it-loop through the resulting array, and then execute (eval) to store the results of each execution.
Copy Code code as follows:
function evalscripts () {
Return this.extractscripts (). Map (function (script) {return eval (script)});
}
Third, JSON processing
Unfilterjson: Removes the security annotation qualifier around Ajax JSON or JavaScript response content.
Isjson: Using regular expressions to detect whether a string is a valid JSON format
Evaljson: Executes a JSON-formatted string and returns the result object
Where Isjson and Evaljson are the Parsejson of Json.js, and the code is similar, see parsing json from a string
By the way, the security annotation in the Unfilterjson, this is a security mechanism, for their own data, the return value can be added at both ends of a special character (qualifier) to indicate the source of the data, the client parsing the Unfilterjson to deal with the addition of the defined character, This can reduce some of the XSS attacks to some extent.
The default form in prototype is:
'/*-secure-\n{' name: ' Small Western Hills ', ' age ': 24}\n*/'
which defines the symbol as/*-secure-\n ' and ' \n*/'
