主题
escape
js
_.escape([string=''])将 string 中的字符 "&"、"<"、">"、'"' 和 "'" 转换为其相应的 HTML 实体。
¥Converts the characters "&", "<", ">", '"', and "'" in string to their corresponding HTML entities.
注意:没有其他字符被转义。要转义其他字符,请使用 he 等第三方库。
¥Note: No other characters are escaped. To escape additional characters use a third-party library like he.
虽然 ">" 字符出于对称性而进行了转义,但 ">" 和 "/" 等字符在 HTML 中不需要转义,并且没有特殊含义,除非它们是标签或未加引号的属性值的一部分。有关更多详细信息,请参阅 Mathias Bynens 的文章("半相关趣闻" 下)。
¥Though the ">" character is escaped for symmetry, characters like ">" and "/" don't need escaping in HTML and have no special meaning unless they're part of a tag or unquoted attribute value. See Mathias Bynens's article(under "semi-related fun fact") for more details.
使用 HTML 时,你应该始终使用 quote 属性值 来减少 XSS 向量。
¥When working with HTML you should always quote attribute values to reduce XSS vectors.
新增于
¥Since
0.1.0
参数
¥Arguments
[string=''](字符串):要转义的字符串。¥
[string=''](string): The string to escape.
返回
¥Returns
(字符串):返回转义后的字符串。
¥(string): Returns the escaped string.
示例
¥Example
js
_.escape('fred, barney, & pebbles');
// => 'fred, barney, & pebbles'