[JavaScript] uses the get method to submit the processing scheme for some symbols before Ajax is submitted. getajax
Some projects use the get method to submit Ajax, And the backend decodes the value passed by the get method. For example, write/xx in the url for submitting ajax? Param1 = xx & param = 2...
This is not good. Generally, the post method is used for submission. Post method submit Ajax in "[Servlet] Using json + ajax in Servlet3.0 to push the data queried by the database to the front-end display without any additional json parsing package" (click to open the link) as mentioned in [Struts2] Using JQuery to implement the Ajax function of Struts2 (click to open the link), I will not repeat it here. However, it is better to stay behind a lot of predecessors in the project, or you may like the get method ajax, And you should process the parameters passed in the past. Otherwise, if the user writes ~ '! @ # $ % ^ & * () _ +-= {}| [] \: "<> ?; ',./And other strange English symbols, it is possible to cut the submitted url and cause your web project to crash.
After you get what the user entered in the form, you should handle it ~ '! @ # $ % ^ & * () _ +-= {}| [] \: "<> ?; ',./These strange English symbols. Character escaping is a serious problem in Web development. In the past, there were only a few input boxes, but this problem was not serious. Now there are many user interactions in the input box on the network, and this problem has become increasingly serious.
You cannot use the same method as "[JavaScript] Some characters that do not escape can cause the webpage to crash and display methods that involve escape characters" (click to open the link ~ '! @ # $ % ^ & * () _ +-= {}| [] \: "<> ?; ',./These strange English symbols are written as & amp; & lt; and other escape characters. In this way, & is more, and the submitted url is truncated. Therefore, Ajax should not be submitted using the get method. However, you can consider changing these symbols to the full angle.
The following describes how to convert half-width to full-width without English symbols:
/** EscapeAjaxString () is called for submitted text before ajax submission in the get Method * ~! @ # $ % ^ & * () And other symbols break the ajax address of the get Method */function escapeAjaxString (txtstring) {var tmp = ""; for (var I = 0; I <txtstring. length; I ++) {if (txtstring. charCodeAt (I) = 32) {tmp = tmp + String. fromCharCode (12288);} if (32 <txtstring. charCodeAt (I) & txtstring. charCodeAt (I) <48) | (57 <txtstring. charCodeAt (I) & txtstring. charCodeAt (I) <65) | (90 <txtstring. charCodeAt (I) & txtstring. charCodeAt (I) <97) | (122 <txtstring. charCodeAt (I) & txtstring. charCodeAt (I) <127) {tmp = tmp + String. fromCharCode (txtstring. charCodeAt (I) + 65248);} else {tmp = tmp + String. fromCharCode (txtstring. charCodeAt (I);} return tmp ;}
Note that there are many conditions in the second judgment, but it is only a range. In the Ascii and Unicode code tables, the distribution of symbols is broken across different ranges.
Here, the Unicode code table contains the Ascii code table. The Ascii code table is a subset of the Unicode code table. The 0-255 Unicode code table is the whole Ascii code table. The order of the Ascii code table is the same.
The above algorithm tests the passed strings:
If a space is encountered, it is offset by 12288 to a Chinese space.
If you encounter a halfwidth symbol, it will be offset by 65248 positions and changed to a fullwidth symbol.
If you encounter other things, it is not offset.
Then re-construct a new string and return it.
This completes the conversion of halfwidth symbols and spaces to fullwidth. When the Get method is used to process Ajax, it will be treated as a common text processing ~ '! @ # $ % ^ & * () _ +-= {}| [] \: "<> ?; ',./These strange English symbols truncation the submitted ActionURL!