Skip to content

escape

js
_.escape([string=''])

string 中的字符 "&"、"&lt"、">"、'"' 和 "'" 转换为其相应的 HTML 实体。

¥Converts the characters "&", "&lt", ">", '"', and "'" in string to their corresponding HTML entities.

注意:没有其他字符被转义。要转义其他字符,请使用 he 等第三方库。

¥Note: No other characters are escaped. To escape additional characters use a third-party library like he.

虽然 ">" 字符出于对称性而进行了转义,但 ">" 和 "/" 等字符在 HTML 中不需要转义,并且没有特殊含义,除非它们是标签或未加引号的属性值的一部分。有关更多详细信息,请参阅 Mathias Bynens 的文章("半相关趣闻" 下)。

¥Though the ">" character is escaped for symmetry, characters like ">" and "/" don't need escaping in HTML and have no special meaning unless they're part of a tag or unquoted attribute value. See Mathias Bynens's article(under "semi-related fun fact") for more details.

使用 HTML 时,你应该始终使用 quote 属性值 来减少 XSS 向量。

¥When working with HTML you should always quote attribute values to reduce XSS vectors.

新增于

¥Since

0.1.0

参数

¥Arguments

  1. [string=''] (字符串):要转义的字符串。

    ¥[string=''] (string): The string to escape.

返回

¥Returns

(字符串):返回转义后的字符串。

¥(string): Returns the escaped string.

示例

¥Example

js
_.escape('fred, barney, & pebbles');
// => 'fred, barney, & pebbles'

Lodash v4.17 中文网 - 粤ICP备13048890号