Grid gets data, if the data exists test characters, or JS statement, will cause the page layout confusion, the following method, so that the obtained data all as text to display
This action mainly prevents the following highlights
1. Due to business needs, there are special characters or JS statements in the data of the query, such as: "Alert (' Product Code '), the field in the database field,", then the fields are found in the table, the page will pop up a prompt box
The field of the 2.grid query comes from the text entered manually by the user, and if there is a malicious attack, the input JS statement will execute the relevant statement.
Call HTMLEncode when the table field formatter
{field: ' Dladdress ', title: ' Place of Use ', Width:200,align: ' Center ',
Formatter:function (value, row, index) {
return HTMLEncode (value);
}
}
/*-----------------------------------------------------------------------------------------*\
* Function: Convert special characters
* Parameters: Value--a string that needs to be converted
* Return value:
Description
\*-----------------------------------------------------------------------------------------*/
function HTMLEncode (value) {
var returnvalue;
if (value==null) {
return null;
}
returnvalue = Value.replace (/&/g, ' & ');
returnvalue = Returnvalue.replace (/</g, ' < ');
returnvalue = Returnvalue.replace (/>/g, ' > ');
returnvalue = Returnvalue.replace (/\n\n/g, ' <br/> ');
returnvalue = Returnvalue.replace (/\r\r/g, ' <br/> ');
returnvalue = Returnvalue.replace (/\n/g, ' <br/> ');
returnvalue = Returnvalue.replace (/\r/g, ' <br/> ');
returnvalue = Returnvalue.replace (/\t/g, ' ');
Return returnvalue;
}
jquery Easyui grid table special character processing