HTML处理 |
stripTags | escapeHTML | unescapeHTML |
|
|
JSON处理 |
unfilterJSON | isJSON | evalJSON | parseJSON |
脚本处理 |
stripScripts | extractScripts | evalScripts |
Now, the String part is transferred to the specific associated application, corresponding to
HTML string, JSON string and script string in HTML.
[In a random sentence, for something about JSON, you can check out http://www.cnblogs.com/TomXu/archive/2012/01/11/2311956.html]
The following are described separately:
1. HTML string
stripTags: Remove all HTML tags in the string.
escapeHTML: Convert HTML special characters to their equivalent entities. (&corresponds
corresponds> )
unescapeHTML: Removes tags from a string and converts HTML special characters represented by entities to their normal form. (The reverse operation of escapeHTML)
A regular section in stripTags/]) )?>|< /w >/gi is used to match the content in the tag. Be careful not to wrap the line, but if you do, there will be a syntax error.
[The only thing to note about this method is that stripTags will remove the <script> tag. However, the content inside will not be removed, so the content inside <script> may be exposed and affect the page structure] <br>2. Script string <br>stripScripts: Remove all HTML script blocks in the string. Make up for the shortcomings of the stripTags method for script tags <br>extractScripts: extract the contents of all scripts contained in the string and return it as a string array <br>evalScripts: execute all script blocks contained in the string. Content. Returns an array containing the value returned after each script is executed. The regular expression in stripScripts is a development of the regular expression in stripTags. <br><br><div class="codetitle">Copy code <span><a style="CURSOR: pointer" data="10424" class="copybut" id="copybut10424" onclick="doCopy('code10424')"><u> The code is as follows: </u></a> </span>function stripScripts() { </div>var pattern = new RegExp('<script[^>]*>([\ S\s]*?)</script>', 'img');//iignore case, mline break,gglobalreturn this.replace(pattern, '');
}
var matchAll = new RegExp('', 'img'), matchOne = new RegExp(' ', 'im');
return (this.match(matchAll) || []). map(function(scriptTag) {
return (scriptTag.match(matchOne) || ['', ''])[1];
});
}
Map is an extension of array. Some browsers have this native method. See "Chrome Native Method Array"
What you get in the end is an array of the internal contents of all script tags, so the approach of evalScripts is very natural. You can think of it - loop through the obtained array, then execute (eval) in sequence, and store the result of each execution.
return this.extractScripts ().map(function(script) { return eval(script) }); }
3. JSON processing
unfilterJSON: remove Ajax JSON or JavaScript response content around Security comment delimiter.
isJSON: Use regular expressions to detect whether the string is a legal JSON format
evalJSON: Execute a JSON format string and return the result object
where isJSON and evalJSON are parseJSON in JSON.js, And the code is similar, see "Parsing JSON from Strings"
By the way, let’s talk about the security annotation delimiter in unfilterJSON. This is a security mechanism. For your own data, you can add special characters at both ends of the return value. characters (delimiters) to indicate the source of the data. When parsing, the client uses unfilterJSON to process the added delimiters, which can reduce some XSS attacks to a certain extent.
The default form in Prototype is:
'/*-secure-n{"name": "小西山子","age": 24}n*/'
The delimiting symbol is /* -secure-n' and 'n*/'