無意中看到一個網站的頁面是用js編碼再解碼輸出到客戶端,於是我想看看它的源代碼。
該字符串采用Javascript escape() 函數編碼,該方法不會對 ASCII 字母和數字進行編碼,也不會對下面這些 ASCII 標點符號進行編碼: - _ . ! ~ * ' ( ) 。其他所有的字符都會被替換成了十六進制的轉義序列。
它對應的解碼函數則是unescape(),可以參考:http://www.w3school.com.cn/js/jsref_escape.asp
解碼過后我想把它的HTML實體輸出到HTML頁面,一般輸出的話會被解析,所以我們可以用這兩種標簽:
1.<textarea></textarea>
2.<xmp></xmp>
Code:
1
<
HTML
>
2 < HEAD >
3 < SCRIPT LANGUAGE ="Javascript" >
4 <!--
5 var Words ="%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3ETest%3C/title%3E%0A%3C/head%3E%0A%3
6
7 Cbody%3E%0Ahello%2C%20world%0A%3C/body%3E%0A%3C/html%3E";
8 function OutWord(){
9 var NewWords;
10 NewWords = unescape(Words);
11 document.getElementById("txtContent").innerHTML=NewWords;
12 // document.write(NewWords);
13 }
14 // -->
15 </ SCRIPT >
16 </ HEAD >
17 < body onload ="OutWord();" >
18 < textarea id ="txtContent" name = "textarea " cols ="500" rows ="20" style = "BORDER
19
20 -BOTTOM: 0px solid; BORDER-LEFT: 0px solid; BORDER-RIGHT: 0px solid;
21
22 BORDER-TOP: 0px solid; " > </ textarea >
23 < xmp id ="xmpContent" ></ xmp >
24 </ body >
25 </ HTML >
2 < HEAD >
3 < SCRIPT LANGUAGE ="Javascript" >
4 <!--
5 var Words ="%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3ETest%3C/title%3E%0A%3C/head%3E%0A%3
6
7 Cbody%3E%0Ahello%2C%20world%0A%3C/body%3E%0A%3C/html%3E";
8 function OutWord(){
9 var NewWords;
10 NewWords = unescape(Words);
11 document.getElementById("txtContent").innerHTML=NewWords;
12 // document.write(NewWords);
13 }
14 // -->
15 </ SCRIPT >
16 </ HEAD >
17 < body onload ="OutWord();" >
18 < textarea id ="txtContent" name = "textarea " cols ="500" rows ="20" style = "BORDER
19
20 -BOTTOM: 0px solid; BORDER-LEFT: 0px solid; BORDER-RIGHT: 0px solid;
21
22 BORDER-TOP: 0px solid; " > </ textarea >
23 < xmp id ="xmpContent" ></ xmp >
24 </ body >
25 </ HTML >