function escape(s) { function htmlEscape(s) { return s.replace(/./g, function(x) { return { ‘<‘: ‘&lt;‘, ‘>‘: ‘&gt;‘, ‘&‘: ‘&amp;‘, ‘"‘: ‘&quot;‘, "‘": ‘&#39;‘ }[x] || x; }); } function expandTemplate(template, args) { return template.replace( /{(\w+)}/g, function(_, n) { return htmlEscape(args[n]); }); } return expandTemplate( " \n <h2>Hello, <span id=name></span>!</h2> \n <script> \n var v = document.getElementById(‘name‘); \n v.innerHTML = ‘<a href=#>{name}</a>‘; \n <\/script> \n ", { name : s } ); }

测验考试：<img src=# onerror=alert(1)>

"<"、">" 被编码。输出后的内容，其上下文环境是 javascript ，，js编码即可，16进制、8进制或unicode。