Javascript 设置 iframe src - 正确的格式
Javascript setting iframe src - proper format
我已经阅读了帖子 here and here,但无法正确编码。
在 javascript 中,我将 link 写入 <input>,然后用 document.getElementById('downloadlink').value 读取并放入要执行的 iframe src。
代码在我的本地主机上运行良好,但在实时服务器上运行良好,由于名称无效,文件从未加载(注意:HTTP 302 临时移动是由于无效文件请求导致的 .htaccess 重定向) .我确定这是编码&符号的问题。我的理解是 input 需要对符号(和其他 html 实体)进行编码。为此,我正在使用 php.js 等价于 htmlspecialchars() 和 htmlspecialchars_decode()(这同样适用于本地主机)。
对于 img.src,我的理解是我希望将 & 符号编码为 & 但是在我的本地主机上,它在没有它们的情况下工作,但在编码的情况下不起作用。在我的实时网站上,这两种方式都不起作用。
为了对它们进行编码,我尝试过:
url = url.replace(/&/g, "&");
是时候停止撕扯我的头发并寻求帮助了。有人吗?
iframe(使用来自 js htmlspecialchars 的编码)注意:我无法让 & 保持编码以显示 - 它们在保存时被替换。
<iframe src="www.waldorfteacherresources.com/getfile.php?file=g2-saints-martin-009.jpg&mode=download&hv=4443f86959bf104e1df0eac204b8aaf226ae533b&wtrpath=docs " id="iframe" height="0" width="0" hidden=""></iframe>
密码
function downloadfile() {
if (document.getElementById("downloadlink")) {
var div = document.getElementById('datadiv');
var url = hx(document.getElementById('downloadlink').value);
var ifrm = document.createElement("iframe");
ifrm.setAttribute("src", url);
ifrm.setAttribute("id", "iframe");
ifrm.height = 0;
ifrm.width = 0;
ifrm.hidden = true;
div.appendChild(ifrm);
}
}
// support functions to encode / decode
// encodes output - equivalent of php hx function
// hx notation is a shortcut for htmlspecialchars() with all options set
function hx( string, flags, charsetEncoding, double_encode) {
if (typeof flags == "undefined"){
flags = 0;
}
if (typeof charsetEncoding == "undefined" ){
charsetEncoding = "UTF-8";
}
if (typeof double_encode == "undefined"){
double_encode = true;
}
// constants not valid until php v 5.4
var ENT_HTML401 = 0;
var ENT_HTML5 = (16 | 32);
var ENT_COMPAT = 2;
if ( flags == 0) {
flags = ENT_COMPAT | ENT_HTML401;
}
string = htmlspecialchars( string, flags, charsetEncoding, double_encode);
return string;
}
// decodes output of hx() / htmlspecialchars() - shortcut notation for htmlspecialchars_decode()
function hdx(string) {
return htmlspecialchars_decode(string);
}
function htmlspecialchars(string, quote_style, charset, double_encode) {
// discuss at: http://phpjs.org/functions/htmlspecialchars/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined' || quote_style === null) {
quote_style = 2;
}
string = string.toString();
if (double_encode !== false) { // Put this first to avoid double-encoding
string = string.replace(/&/g, '&');
}
string = string.replace(/</g, '<')
.replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'ENT_IGNORE' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, ''');
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
return string;
}
function htmlspecialchars_decode(string, quote_style) {
// discuss at: http://phpjs.org/functions/htmlspecialchars_decode/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined') {
quote_style = 2;
}
string = string.toString().replace(/</g, '<').replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, "'");
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
// Put this in last place to avoid escape being double-decoded
string = string.replace(/&/g, '&');
return string;
}
The request headers
GET /www.example.com/getfile.php?file=myfile.jpg&mode=download&hv=939afca0cdaafd55a1e1471da7463be9acbf5478&wtrpath=docs HTTP/1.1
Host: www.example.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Referer: http://www.waldorfteacherresources.com/index.php?grade=2&page=Saints
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: id=XXX;
PHPSESSID=.... session info here
The response
HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Feb 2016 21:16:05 GMT
Server: Apache
X-Powered-By: PHP/5.5.32
**** this is an .htaccess redirect due to an invalid file request
Location: /index.php
Cache-Control: max-age=86400
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
事实证明,它根本不是和号,而是 url 格式。 www.example.com 不适用于 src - 而 http://www. 有效。 www. 仅对我的站点有效 - 不知道与服务器的通信与 src 与浏览器命令栏的通信为何或如何不同。但确实如此。
我已经阅读了帖子 here and here,但无法正确编码。
在 javascript 中,我将 link 写入 <input>,然后用 document.getElementById('downloadlink').value 读取并放入要执行的 iframe src。
代码在我的本地主机上运行良好,但在实时服务器上运行良好,由于名称无效,文件从未加载(注意:HTTP 302 临时移动是由于无效文件请求导致的 .htaccess 重定向) .我确定这是编码&符号的问题。我的理解是 input 需要对符号(和其他 html 实体)进行编码。为此,我正在使用 php.js 等价于 htmlspecialchars() 和 htmlspecialchars_decode()(这同样适用于本地主机)。
对于 img.src,我的理解是我希望将 & 符号编码为 & 但是在我的本地主机上,它在没有它们的情况下工作,但在编码的情况下不起作用。在我的实时网站上,这两种方式都不起作用。
为了对它们进行编码,我尝试过:
url = url.replace(/&/g, "&");
是时候停止撕扯我的头发并寻求帮助了。有人吗?
iframe(使用来自 js htmlspecialchars 的编码)注意:我无法让 & 保持编码以显示 - 它们在保存时被替换。
<iframe src="www.waldorfteacherresources.com/getfile.php?file=g2-saints-martin-009.jpg&mode=download&hv=4443f86959bf104e1df0eac204b8aaf226ae533b&wtrpath=docs " id="iframe" height="0" width="0" hidden=""></iframe>
密码
function downloadfile() {
if (document.getElementById("downloadlink")) {
var div = document.getElementById('datadiv');
var url = hx(document.getElementById('downloadlink').value);
var ifrm = document.createElement("iframe");
ifrm.setAttribute("src", url);
ifrm.setAttribute("id", "iframe");
ifrm.height = 0;
ifrm.width = 0;
ifrm.hidden = true;
div.appendChild(ifrm);
}
}
// support functions to encode / decode
// encodes output - equivalent of php hx function
// hx notation is a shortcut for htmlspecialchars() with all options set
function hx( string, flags, charsetEncoding, double_encode) {
if (typeof flags == "undefined"){
flags = 0;
}
if (typeof charsetEncoding == "undefined" ){
charsetEncoding = "UTF-8";
}
if (typeof double_encode == "undefined"){
double_encode = true;
}
// constants not valid until php v 5.4
var ENT_HTML401 = 0;
var ENT_HTML5 = (16 | 32);
var ENT_COMPAT = 2;
if ( flags == 0) {
flags = ENT_COMPAT | ENT_HTML401;
}
string = htmlspecialchars( string, flags, charsetEncoding, double_encode);
return string;
}
// decodes output of hx() / htmlspecialchars() - shortcut notation for htmlspecialchars_decode()
function hdx(string) {
return htmlspecialchars_decode(string);
}
function htmlspecialchars(string, quote_style, charset, double_encode) {
// discuss at: http://phpjs.org/functions/htmlspecialchars/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined' || quote_style === null) {
quote_style = 2;
}
string = string.toString();
if (double_encode !== false) { // Put this first to avoid double-encoding
string = string.replace(/&/g, '&');
}
string = string.replace(/</g, '<')
.replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'ENT_IGNORE' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, ''');
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
return string;
}
function htmlspecialchars_decode(string, quote_style) {
// discuss at: http://phpjs.org/functions/htmlspecialchars_decode/
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined') {
quote_style = 2;
}
string = string.toString().replace(/</g, '<').replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true;
}
if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
// Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4
if (OPTS[quote_style[i]] === 0) {
noquotes = true;
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]];
}
}
quote_style = optTemp;
}
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, "'");
}
if (!noquotes) {
string = string.replace(/"/g, '"');
}
// Put this in last place to avoid escape being double-decoded
string = string.replace(/&/g, '&');
return string;
}
The request headers
GET /www.example.com/getfile.php?file=myfile.jpg&mode=download&hv=939afca0cdaafd55a1e1471da7463be9acbf5478&wtrpath=docs HTTP/1.1
Host: www.example.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Referer: http://www.waldorfteacherresources.com/index.php?grade=2&page=Saints
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: id=XXX;
PHPSESSID=.... session info here
The response
HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Feb 2016 21:16:05 GMT
Server: Apache
X-Powered-By: PHP/5.5.32
**** this is an .htaccess redirect due to an invalid file request
Location: /index.php
Cache-Control: max-age=86400
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
事实证明,它根本不是和号,而是 url 格式。 www.example.com 不适用于 src - 而 http://www. 有效。 www. 仅对我的站点有效 - 不知道与服务器的通信与 src 与浏览器命令栏的通信为何或如何不同。但确实如此。