jQuery的:解析/不执行脚本操作HTML脚本、操作、jQuery、HTML
我通过Ajax加载这个格式的一些HTML代码:
I'm loading some HTML via Ajax with this format:
<div id="div1">
... some content ...
</div>
<div id="div2">
...some content...
</div>
... etc.
我需要遍历响应中的每个div并单独处理。具有用于每个HTML内容的单独串div的映射到的ID将满足我的要求。然而,申报单可以包含脚本标记,这是我需要preserve但不执行(他们稍后将执行的时候我坚持HTML到该文件,所以在分析过程中执行会很糟糕)。我首先想到的是做这样的事情:
I need to iterate over each div in the response and handle it separately. Having a separate string for the HTML content of each div mapped to the id would satisfy my requirements. However, the divs may contain script tags, which I need to preserve but not execute (they'll execute later when I stick the HTML into the document, so executing during parsing would be bad). My first thought was to do something like this:
// data being the result from $.get
var clean = data.replace(/<script.*?</script>/,function() {
// insert some unique token, save the tag, put it back while I'm processing
});
$('<div/>').html(clean).children().each( /* ... process here ... */);
不过,我担心一些愚蠢的开发将要到来,并把这样的事情在的div之一:
But I worry that some stupid dev is going to come along and put something like this in one of the divs:
<script> var foo = '</script>'; // ... </script>
这将螺丝这一切。更何况,整个事情感觉就像一个黑客开始。有谁知道一个更好的办法?
Which would screw it all up. Not to mention, the whole thing feels like a hack to begin with. Does anyone know a better way?
编辑:这是我想出了解决办法:
Here's the solution I've come up with:
var divSplitRegex = /(?:^|<\/div>)\s*<div\s+id="prefix-(.+?)">/g,
idReplacement = preDelimeter+'$1'+postDelimeter;
var r = data.replace(<\/div>\s*$/,'').
replace(divSplitRegex,idReplacement).split(preDelimeter);
$.each(r,function() {
var content;
if(this) {
callback.apply(null,this.split(postDelimeter));
}
});
其中preDelimiter和postDelimeter像刚刚唯一字符串###我要成为一个白痴嵌入此字符串在我的内容转义,因为这将打破一切###',以及回调函数期待DIV ID和DIV的内容。这只是工作,因为我知道的div将只有一个id属性附加伤害,而id将有一个特殊的preFIX。我想有人可以把一个div中的内容与一个id具有相同preFIX,它会搞砸了。
Where preDelimiter and postDelimeter are just unique strings like "###I'd have to be an idiot to embed this string in my content unescaped because it would break everything###', and callback is a function expecting the div id and the div content. This only works because I know that the divs will have only an id atribute, and the id will have a special prefix. I suppose someone could put a div in their content with an id having the same prefix and it would screw things up too.
所以,我还是不喜欢这个解决方案。任何人有一个更好的?
So, I still don't love this solution. Anyone have a better one?
推荐答案
仅供参考,在任何JavaScript脚本中使用转义在浏览器中会导致此问题。开发商无论如何也要逃出它,没有任何借口。所以,你可以信任,将在任何情况下打破。
FYI, Using unescaped in any JavaScript script causes this issue in a browser. Developers have to escape it anyway so there is no excuse. So you can "trust" that would break in any case.
<body>
<div>
<script>
alert('<script> tags </script> are not '+
'valid in regular old HTML without being escaped.');
</script>
</body>
请参阅
http://jsbin.com/itevu
要看到它打破。 :)
