js html程式碼轉譯防xss攻擊
阿新 • • 發佈:2019-02-05
function safeHtml(a){//轉譯html程式碼 var s=""; for(var i=0;i<a.length;i++){ var arg=String(a); s=arg.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">"); console.log(s); } return s; } window.onload=function(){ var txt=document.getElementById("txt"); var btn=document.getElementById("btn"); btn.onclick=function(){ var ss=txt.value; var xx=safeHtml(ss); var div = document.getElementById('div'); div.innerHTML=xx; } }