无意中看到一个网站的页面是用js编码再解码输出到客户端,于是我想看看它的源代码。
该字符串采用Javascript escape() 函数编码,该方法不会对 ASCII 字母和数字进行编码,也不会对下面这些 ASCII 标点符号进行编码: - _ . ! ~ * ' ( ) 。其他所有的字符都会被替换成了十六进制的转义序列。
它对应的解码函数则是unescape(),可以参考:http://www.w3school.com.cn/js/jsref_escape.asp
解码过后我想把它的HTML实体输出到HTML页面,一般输出的话会被解析,所以我们可以用这两种标签:
1.<textarea></textarea>
2.<xmp></xmp>
Code:
1
<
HTML
>
2 < HEAD >
3 < SCRIPT LANGUAGE ="Javascript" >
4 <!--
5 var Words ="%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3ETest%3C/title%3E%0A%3C/head%3E%0A%3
6
7 Cbody%3E%0Ahello%2C%20world%0A%3C/body%3E%0A%3C/html%3E";
8 function OutWord(){
9 var NewWords;
10 NewWords = unescape(Words);
11 document.getElementById("txtContent").innerHTML=NewWords;
12 // document.write(NewWords);
13 }
14 // -->
15 </ SCRIPT >
16 </ HEAD >
17 < body onload ="OutWord();" >
18 < textarea id ="txtContent" name = "textarea " cols ="500" rows ="20" style = "BORDER
19
20 -BOTTOM: 0px solid; BORDER-LEFT: 0px solid; BORDER-RIGHT: 0px solid;
21
22 BORDER-TOP: 0px solid; " > </ textarea >
23 < xmp id ="xmpContent" ></ xmp >
24 </ body >
25 </ HTML >
2 < HEAD >
3 < SCRIPT LANGUAGE ="Javascript" >
4 <!--
5 var Words ="%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3ETest%3C/title%3E%0A%3C/head%3E%0A%3
6
7 Cbody%3E%0Ahello%2C%20world%0A%3C/body%3E%0A%3C/html%3E";
8 function OutWord(){
9 var NewWords;
10 NewWords = unescape(Words);
11 document.getElementById("txtContent").innerHTML=NewWords;
12 // document.write(NewWords);
13 }
14 // -->
15 </ SCRIPT >
16 </ HEAD >
17 < body onload ="OutWord();" >
18 < textarea id ="txtContent" name = "textarea " cols ="500" rows ="20" style = "BORDER
19
20 -BOTTOM: 0px solid; BORDER-LEFT: 0px solid; BORDER-RIGHT: 0px solid;
21
22 BORDER-TOP: 0px solid; " > </ textarea >
23 < xmp id ="xmpContent" ></ xmp >
24 </ body >
25 </ HTML >