Closure Compiler 将 < 替换为 \x3c
Closure Compiler replaces < with \x3c
我想将闭包编译器集成到大型 java 应用程序中。
我有问题。闭包编译器将 <
替换为 \x3c
并将 >
替换为 \x3e
我要编译的脚本是
$('#something').append($('<div></div>').text('hi'));
和闭包编译器returns
$("#something").append($("\x3cdiv\x3e\x3c/div\x3e").text("hi"));
然而,当我在官方演示网站上测试闭包编译器时:https://closure-compiler.appspot.com/home < 和 > 字符没有改变。
是否有禁用它的选项?
这是我的 java 代码:
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import com.google.javascript.jscomp.CheckLevel;
import com.google.javascript.jscomp.CompilationLevel;
import com.google.javascript.jscomp.Compiler;
import com.google.javascript.jscomp.CompilerOptions;
import com.google.javascript.jscomp.PropertyRenamingPolicy;
import com.google.javascript.jscomp.SourceFile;
import com.google.javascript.jscomp.VariableRenamingPolicy;
import com.google.javascript.jscomp.WarningLevel;
public class ClosureCompiler {
public static void main(String args[]) {
String code = "$('#something').append($('<div></div>').text('hi'));";
String outputFilename = "a.txt";
Compiler.setLoggingLevel(Level.OFF);
Compiler compiler = new Compiler();
CompilerOptions compilerOptions = new CompilerOptions();
compilerOptions.checkGlobalThisLevel = CheckLevel.OFF;
compilerOptions.closurePass = false;
compilerOptions.coalesceVariableNames = true;
compilerOptions.collapseVariableDeclarations = true;
compilerOptions.convertToDottedProperties = true;
compilerOptions.deadAssignmentElimination = true;
compilerOptions.flowSensitiveInlineVariables = true;
compilerOptions.foldConstants = true;
compilerOptions.labelRenaming = true;
compilerOptions.removeDeadCode = true;
compilerOptions.optimizeArgumentsArray = true;
compilerOptions.setAssumeClosuresOnlyCaptureReferences(false);
compilerOptions.setInlineFunctions(CompilerOptions.Reach.LOCAL_ONLY);
compilerOptions.setInlineVariables(CompilerOptions.Reach.LOCAL_ONLY);
compilerOptions.setRenamingPolicy(VariableRenamingPolicy.LOCAL, PropertyRenamingPolicy.OFF);
compilerOptions.setRemoveUnusedVariables(CompilerOptions.Reach.LOCAL_ONLY);
System.out.println(compilerOptions.convertToDottedProperties);
CompilationLevel.SIMPLE_OPTIMIZATIONS.setOptionsForCompilationLevel(compilerOptions);
WarningLevel.DEFAULT.setOptionsForWarningLevel(compilerOptions);
List<SourceFile> primaryJavascriptFiles = new ArrayList<SourceFile>();
primaryJavascriptFiles.add(SourceFile.fromCode(outputFilename, code));
compiler.compile(new ArrayList<SourceFile>(), primaryJavascriptFiles, compilerOptions);
System.out.println(compiler.toSource());
}
}
谢谢
此选项由 CompilerOptions#setTrustedStrings
控制。这默认为 "false" 但由命令行运行程序设置为 "true"。当编译器使用 "on the fly" 不受控制的输入时,此选项很有用,恶意代理可能会注入脚本标记,从而使他们能够控制页面。那就是将用户数据注入 javascript。如果不是这种情况,您可以设置受信任的字符串。
我想将闭包编译器集成到大型 java 应用程序中。
我有问题。闭包编译器将 <
替换为 \x3c
并将 >
替换为 \x3e
我要编译的脚本是
$('#something').append($('<div></div>').text('hi'));
和闭包编译器returns
$("#something").append($("\x3cdiv\x3e\x3c/div\x3e").text("hi"));
然而,当我在官方演示网站上测试闭包编译器时:https://closure-compiler.appspot.com/home < 和 > 字符没有改变。
是否有禁用它的选项?
这是我的 java 代码:
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import com.google.javascript.jscomp.CheckLevel;
import com.google.javascript.jscomp.CompilationLevel;
import com.google.javascript.jscomp.Compiler;
import com.google.javascript.jscomp.CompilerOptions;
import com.google.javascript.jscomp.PropertyRenamingPolicy;
import com.google.javascript.jscomp.SourceFile;
import com.google.javascript.jscomp.VariableRenamingPolicy;
import com.google.javascript.jscomp.WarningLevel;
public class ClosureCompiler {
public static void main(String args[]) {
String code = "$('#something').append($('<div></div>').text('hi'));";
String outputFilename = "a.txt";
Compiler.setLoggingLevel(Level.OFF);
Compiler compiler = new Compiler();
CompilerOptions compilerOptions = new CompilerOptions();
compilerOptions.checkGlobalThisLevel = CheckLevel.OFF;
compilerOptions.closurePass = false;
compilerOptions.coalesceVariableNames = true;
compilerOptions.collapseVariableDeclarations = true;
compilerOptions.convertToDottedProperties = true;
compilerOptions.deadAssignmentElimination = true;
compilerOptions.flowSensitiveInlineVariables = true;
compilerOptions.foldConstants = true;
compilerOptions.labelRenaming = true;
compilerOptions.removeDeadCode = true;
compilerOptions.optimizeArgumentsArray = true;
compilerOptions.setAssumeClosuresOnlyCaptureReferences(false);
compilerOptions.setInlineFunctions(CompilerOptions.Reach.LOCAL_ONLY);
compilerOptions.setInlineVariables(CompilerOptions.Reach.LOCAL_ONLY);
compilerOptions.setRenamingPolicy(VariableRenamingPolicy.LOCAL, PropertyRenamingPolicy.OFF);
compilerOptions.setRemoveUnusedVariables(CompilerOptions.Reach.LOCAL_ONLY);
System.out.println(compilerOptions.convertToDottedProperties);
CompilationLevel.SIMPLE_OPTIMIZATIONS.setOptionsForCompilationLevel(compilerOptions);
WarningLevel.DEFAULT.setOptionsForWarningLevel(compilerOptions);
List<SourceFile> primaryJavascriptFiles = new ArrayList<SourceFile>();
primaryJavascriptFiles.add(SourceFile.fromCode(outputFilename, code));
compiler.compile(new ArrayList<SourceFile>(), primaryJavascriptFiles, compilerOptions);
System.out.println(compiler.toSource());
}
}
谢谢
此选项由 CompilerOptions#setTrustedStrings
控制。这默认为 "false" 但由命令行运行程序设置为 "true"。当编译器使用 "on the fly" 不受控制的输入时,此选项很有用,恶意代理可能会注入脚本标记,从而使他们能够控制页面。那就是将用户数据注入 javascript。如果不是这种情况,您可以设置受信任的字符串。