When using ajax to leave a message, a problem occurred. Because after the message content is written, the content is submitted through ajax, and js is used to add the content of the message to the page. When browsing the message, the request is also made through ajax, and then Then display. In this way, if someone writes a js statement in the message, these statements will be executed. The solution is to escape these special characters and then display them. If you use jstl tags in jsp, it is very simple. . Just use This will do it, it will be escaped automatically, and the parameter escapeXML="true" is omitted, which is the default. So it is displayed Do not use el expressions when submitting content submitted by these users, because el will not be automatically escaped. It is better to use c:out. And if it is also requested through ajax and then displayed, then use the following method. In fact, it is also Very simple.
var html="<script>alert ('asdfasdf')</script>";
$("#content").text(html);
So what happens? The solution is very simple. Escape the characters, that is, < becomes <> becomes > Use jquery to escape the characters.
<script> <br>var html="<script>alert('asdfasdf')</scipt> "; <br>html=$("#x").text(html).html(); <br>$("#content").append("<div>" html "</div> "); <br></script>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
