Excerpt from: http://blog.csdn.net/changhong009/article/details/46004343
' ----Single quotation mark
$ #39; ----single quotes (ie compatible)
" -----double Quotes
A button in a webpage that writes the handling code of the onclick event is accidentally written as follows:
<input value= "Test" type= "button" onclick= "alert (" OK ""); "/>
IE prompt error, then casually changed to:
<input value= "Test" type= "button" onclick= "alert (\" Ok\ ");"/>
The result is still wrong.
At this time, I can not understand, although I know the most direct solution is written like this:
<input value= "" type= "button" onclick= "alert (' OK ');"/>
But why is the escape character in JavaScript \ No effect?
Later, a normal code was found:
<input value= "Test" type= "button" onclick= "alert ("OK");"/>
At this point, it is understood that the original is still attributed to the scope of the HTML, so the escape character should use HTML, rather than JavaScript.
the practice of two double quotes is VBScript, \ "This approach is JavaScript, and HTML, it is used ", and also can use:", ".
The following is a list of the various expression methods:
< body>
< input value= "double quotes inside double quotation marks-error" type= "button" onclick= "alert (" OK ");"/><br/>
< input value= "outer single quotation mark-error" type= "button" onclick= "alert (' OK '); '/><br/>
< input value= "two double quotes-error" type= "button" onclick= "alert (" OK ""); "/><br/>
< input value= "two single quotes-error" type= "button" onclick= "alert (" OK ");"/><br/>
< input value= "\+ double quotes-Error" type= "button" onclick= "alert (\" Ok\ ");"/><br/>
< input value= "\+ single quote-Error" type= "button" onclick= "alert (\ ' Ok\ ');"/><br/>
< input value= "outside double quotes single quote-ok" type= "button" onclick= "alert (' OK ');/><br/>
< input value= "outer single quotation mark-ok" type= "button" onclick= ' Alert ("OK"); '/><br/>
< input value= "external not using quotation marks-ok" type= "button" Onclick=alert (' OK '); Alert ("OK"); /><br/>
< input value= "HTML escape Character" (& # 3 4;)-ok "type=" button "onclick=" alert ("OK"); "/><br/>
< input value= "HTML escape Character" (& # 3 9;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape Character" (& # x 2 2;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape Character" (& # x 2 7;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
< input value= "HTML escape character " (& q u o t;)-ok" type= "button" onclick= "alert ("OK");"/>& Lt;br/>
< input value= "HTML escape character ' (& A P o s;)-ie error" type= "button" onclick= "alert ('OK');"/> <br/>
<input value= "Other \\-Error" type= "button" onclick= "alert (\ \" ok\\ ");"/><br/>
< input value= "other \& # 3 4;-Error" type= "button" onclick= "alert (\" Ok\ ");"/><br/>
</body>
Recently, in the test of the function of full-text retrieval module, it is found that there are still great problems in the processing of special symbols.
Some say spring itself provides a transcoding tool class for HTML, JavaScript, and SQL statements, but tested it to find that its htmlutils.htmlescape () does not handle single quotes, just transcoding the following special characters:
- &:&
- ": "
- <: <
- >:>
Later replaced with replace ('), IE browser still does not play a role, had to test in Google to see the source code, found its transcoding (& #39;)
See the following article today to understand:
Go: http://blog.huachen.me/single-quote-ie-html-entity
In the (x) HTML, some special characters should be escaped by HTML entities.
Common are: & (and), (double quotes), ' (single quotes), <, (less than), , (greater than), these are in the (x) The contents of the HTML document should be converted to: & , " , & #39; , < and > .
But the question is, why is the escaping of single quotes above different from other special characters? Why is the single quotation mark with the entity number (& #39;), and the other is the entity name (')?
The reason is Internet Explorer temporarily does not support the entity name of single quotes, IE temporarily supports only single quote entity number .
This is also the PHP htmlspecialchars function to escape the single quotes into & #39, rather than the reason for '.
Also, Baidu does not support single-quote entity names , which I found in my blog in Baidu search results (I have now changed the single quotation mark to the form of the entity number).
You can view the entity number and entity name for all special characters of the HTML.
Character |
Entity | Number
Entity Name |
Description |
" |
& #34; |
" |
Quotation mark |
‘ |
& #39; |
' (Does not work in IE) |
Apostrophe |
& |
& #38; |
& |
Ampersand |
< |
& #60; |
< |
Less-than |
> |
& #62; |
> |
Greater-than
|
Single and double quotes in JS, HTML, and their escape use