In the URL, the query string conflicts with the HTML object, which may cause problems.

Related information about this issue (I am not at the beginning, it seems that some friends will not find it .)

Ie10 +, safari5.17 +, firefox4.0 +, opera12 +, chrome7 + It has been implemented according to the new standard, so there is no such problem. Refer to the standard: Http://www.w3.org/html/ig/zh/wiki/HTML5/tokenization The new standard clearly states that if the entity is not followed, and the next one is =, it will not be processed. It is to solve this problem.

 

Let's look at the demo:

<A href = "http://www.baidu.com? A = 1 & reg = 2 & reg_a = 3 "> tragedy </a>

Some browsers (corresponding to each browser that has been implemented according to the new standard version above .) the link above will automatically convert & reg to (Some browsers will automatically encode the converted characters ). This bug. the essence is When HTML contains the relevant HTML Entity (HTML character entity. it will be automatically converted. therefore, in theory, using scripts, resources created dynamically do not have this problem, such as new image (). src = 'HTTP: // www.baidu.com? A = 1 & reg = 2'; and even the dynamically created IFRAME. Ie9-two problems are more serious than other browsers: 1. Use a script to jump to the current page, for example Location. href = xxx, or location. Replace (XXX) Or call Window. Open (XXX) If the query string contains these HTML entities, this issue is still triggered... 2 ., see the Standard. You will know the entity + "other characters", "other characters", and which are connected with the object. for example, in & Rega, & reg1, the connection between a, 1 and & reg does not have this problem. From the standard perspective, even & reg_a does not have this problem. however, ie9 beat us again. for other special characters such #~ And so on. different browsers have different performances. when designing a field name, it is unlikely that the characters will appear. we are no longer entangled in the differences implemented by other browsers here. therefore, theoretically, this problem should be solved by the back-end students when outputting HTML. more attention. front-end students should pay attention to the fact that there is a related field in the URL during the jump or pop-up window that contains an HTML object without a semicolon. why is ie so special... I don't want to understand either... therefore, no matter the back-end students or the front-end students, we may have a relatively high cost to change the specified fields. in fact, the most appropriate method should be like this: (Thank you @ Chen guang For reminding me .)

 
VaR fixurl = function (URL) {return URL. replace (// G, '& amp;') ;}; // replace &. and then output it to HTML, or jump to the link, or pop-up window... of course, front-end students in JSCodeThe reason why I want to do this is mainly due to the drag of IE...
 

In general, many HTML entities may have problems: Http://www.whatwg.org/specs/web-apps/current-work/multipage/named-character-references.html#named-character-references This table does not end with a semicolon, which is a hidden danger... that is, the following 106: (thanks @ Kenny for providing the latest list address. I spent some time writing a script. capture all the items to be processed .) we can use the following script for testing:

VaR checkurl = function () {var list = [// 106 '& aacute', '& aacute', '& acirc', '& acirc', '& acute ', '& aelig', '& aelig', '& agrave', '& agrave', '& am',' & am', '& aring', '& aring ', '& atilde',' & atilde', '& auml', '& auml', '& brvbar', '& ccedil', '& ccedil', '& cedil ', '& cent', '& copy',' & copy', '& curren',' & deg ',' & divide ',' & eacute ',' & eacute ', '& ecirc', '& ecirc', '& egrave', '& egrave', '& ETH', '& ETH', '& E UML ',' & euml ',' & frac12', '& frac14',' & frac34', '& gt', '& Iacute ', '& Iacute', '& icirc', '& icirc', '& iexcl', '& igrave', '& igrave', '& iquest', '& iuml ', '& iuml', '& laquo', '& lt', '& lt', '& macr',' & micro ',' & middot ',' & nbsp ', '& not', '& ntilde', '& ntilde', '& oacute', '& oacute', '& ocirc', '& ocirc', '& ograve ', '& ograve', '& ordf', '& ORDM', '& Oslash', '& Oslash', '& otilde', '& otilde', '& ouml ', '& ouml', '& Para',' & plusmn ',' & pound ',' & quot ',' & quot ',' & raquo ',' & reg ', '& reg', '& sect', '& shy',' & sup1 ',' & sup2 ',' & sup3 ',' & szlig ',' & thorn ', '& thorn',' & Times ',' & uacute ',' & uacute ',' & ucirc ',' & ucirc ',' & ugrave ',' & ugrave ', '& UML', '& uuml', '& uuml', '& yacute', '& yacute', '& yen',' & yuml ']; return function (URL) {var L = List; var I = L. length; var matchindex; var current; var nextchar; var errors = []; For (; I --;) {matchindex = URL. indexof (L [I]); current = L [I]; If (matchindex>-1) {If (current = '& amp' | current = '& amp') & URL. charat (matchindex + 4) ===='; ') {// if it is & amp; or & amp;, we think it is intentional output &, for example, it is a URL that has been corrected by calling the fixurl method. & will be replaced with amp; //, so we need to skip it and check it later. continue;} nextchar = URL. charat (matchindex + current. length); If (! /[A-zA-Z0-9]/. test (nextchar) {// Here we only need to find any one, such as & reg followed by characters not in the-Z, A-Z, 0-9 range. even if there is a problem. // there are minor differences in actual and standard details and browser implementations. however, running case in any browser can discover potential threats. and implementation complexity considerations. // Let's handle it like this. it seems pretty good. errors. push (current + nextchar) ;}} if (errors. length) {Throw error ('ins INS: \ n' + errors. join ('\ n '));}};}();

Test Case 1:

 
VaR url = '// www.baidu.com? A = 1 & amp = 2 & lt = 3 & reg = 4'; document. onclick = function () {// ie9-OK. it proves that our correction is OK. window. open (fixurl (URL ))};
 

 Test Case 2:

 
VaR url = '// www.baidu.com? A = 1 & amp = 2 & lt = 3 & reg = 4'; try {checkurl (URL);} catch (e) {alert (E. Message )}