標籤模版-過濾 HTML 字串
阿新 • • 發佈:2019-01-12
function SaferHTML(templateData) { let s = templateData[0]; for (let i = 1; i < arguments.length; i++) { let arg = String(arguments[i]); s += arg.replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">"); s += templateData[i] } return s } let sender = '<a>alert("abc")</a>'; let message = SaferHTML`<p>${sender} has sent you a message.</p>`; message //<p><a>alert("abc")</a> has sent you a message.</p>
function SaferHTML(templateData) { let s = []; for (let i = 1; i < arguments.length; i++) { let arg = String(arguments[i]); s[i-1] = arg.replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">"); } return String.raw({ raw: templateData }, ...s); } let sender = '<a>alert("abc")</a>'; let message = SaferHTML`<p>${sender} has sent you a message.</p>`; message //<p><a>alert("abc")</a> has sent you a message.</p>