以前luoluo和我讲这几个函数经常被用错,我自己也在anehta里用错过这几个函数。后来百度果真有个跨站就是因为用错了这几个函数导致的。我也在其他的大型网站上找到过类似的例子。写以下的script对比一下结果:dd = document.createElement("div");dd.innerHTML = "escape() output: " + escape("`!@#$%^&*().\/<>,.;:'[]{}|\"=-+?") + "\n\nencodeURI output: " + encodeURI("`!@#$%^&*().\/<>,.;:'[]{}|\"=-+?") + "\n\nencodeURIComponent output: " + encodeURIComponent("`!@#$%^&*().\/<>,.;:'[]{}|\"=-+?");document.body.appendChild(dd);输入值: `!@#$%^&*().\/<>,.;:'[]{}|"=-+?分别经过这个三个函数后编码为:Firefox:escape() output: %60%21@%23%24%25%5E%26*%28%29./%3C%3E%2C.%3B%3A%27%5B%5D%7B%7D%7C%22%3D-+%3FencodeURI() output: %60!@#$%25%5E&*()./%3C%3E,.;:'%5B%5D%7B%7D%7C%22=-+? encodeURIComponent() output: %60!%40%23%24%25%5E%26*().%2F%3C%3E%2C.%3B%3A'%5B%5D%7B%7D%7C%22%3D-%2B%3FIE:escape() output: %60%21@%23%24%25%5E%26*%28%29./%3C%3E%2C.%3B%3A%27%5B%5D%7B%7D%7C%22%3D-+%3F
encodeURI() output: %60!@#$%25%5E&*()./%3C%3E,.;:'%5B%5D%7B%7D%7C%22=-+?
encodeURIComponent() output: %60!%40%23%24%25%5E%26*().%2F%3C%3E%2C.%3B%3A'%5B%5D%7B%7D%7C%22%3D-%2B%3F
阅读(4556) | 评论(0) | 转发(0) |