This might be something I can't do but...
这可能是我做不到的事情......
parent.document.getElementById('<?php echo $_GET['song']; ?>')
.innerHTML = '<img src="heart.png" onmouseover="heartOver('');" >';
The onmouseover="heartOver(''); portion breaks my JavaScript. Is there a way to escape the quotes so I can do this?
onmouseover =“heartOver('');部分打破了我的JavaScript。有没有办法逃避引号,所以我可以这样做?
3 个解决方案
#1
Escape nested quotes with a backslash: \'
使用反斜杠转义嵌套引号:\'
Also, never echo user data without validating or sanitizing it:
此外,永远不要回应用户数据而不验证或消毒它:
$song = $_GET['song'];
// Validate HTML id (http://www.w3.org/TR/REC-html40/types.html#type-name)
if(!preg_match('/^[a-z][-a-z0-9_:\.]*$/', $song) {
// Display error because $song is invalid
}
OR
// Sanitize
$song = preg_replace('/(^[^a-z]*|[^-a-z0-9_:\.])/', '', $song);
#2
It's all just a matter of escaping the quotes properly.
这只是一个正确逃避报价的问题。
parent.document.getElementById('<?php echo $_GET['song']; ?>').innerHTML =
'<a href="heart.php?action=unlove&song=<?php echo $song; ?>" target="hiddenframe">'
+ '<img src="images/heart.png" alt="Love!" onmouseover="heartOver(\'\');" width="16" height="16" border="0"></a>';
Also you're missing and end quote for the alt attribute.
您也缺少alt属性的结束报价。
#3
Your issue is with escaping quotes. You can escape either a single or double quote by replacing ' or " with \' or '".
你的问题是逃避报价。您可以通过将'或'替换为''或'“来转义单引号或双引号。
So your code would be:
所以你的代码是:
parent.document.getElementById('<?php echo $_GET['song']; ?>').innerHTML = '<a href="heart.php?action=unlove&song=<?php echo $song; ?>" target="hiddenframe"><img src="images/heart.png" alt="Love! onmouseover="heartOver(\'\');" width="16" height="16" border="0"></a>';
parent.document.getElementById(' ')。innerHTML ='
#1
Escape nested quotes with a backslash: \'
使用反斜杠转义嵌套引号:\'
Also, never echo user data without validating or sanitizing it:
此外,永远不要回应用户数据而不验证或消毒它:
$song = $_GET['song'];
// Validate HTML id (http://www.w3.org/TR/REC-html40/types.html#type-name)
if(!preg_match('/^[a-z][-a-z0-9_:\.]*$/', $song) {
// Display error because $song is invalid
}
OR
// Sanitize
$song = preg_replace('/(^[^a-z]*|[^-a-z0-9_:\.])/', '', $song);
#2
It's all just a matter of escaping the quotes properly.
这只是一个正确逃避报价的问题。
parent.document.getElementById('<?php echo $_GET['song']; ?>').innerHTML =
'<a href="heart.php?action=unlove&song=<?php echo $song; ?>" target="hiddenframe">'
+ '<img src="images/heart.png" alt="Love!" onmouseover="heartOver(\'\');" width="16" height="16" border="0"></a>';
Also you're missing and end quote for the alt attribute.
您也缺少alt属性的结束报价。
#3
Your issue is with escaping quotes. You can escape either a single or double quote by replacing ' or " with \' or '".
你的问题是逃避报价。您可以通过将'或'替换为''或'“来转义单引号或双引号。
So your code would be:
所以你的代码是:
parent.document.getElementById('<?php echo $_GET['song']; ?>').innerHTML = '<a href="heart.php?action=unlove&song=<?php echo $song; ?>" target="hiddenframe"><img src="images/heart.png" alt="Love! onmouseover="heartOver(\'\');" width="16" height="16" border="0"></a>';
parent.document.getElementById(' ')。innerHTML ='