I'm stuck with this problem:
我遇到了这个问题:
<body onload="document.body.innerHTML="<script>alert('hi')</script>"">
The problem is that i cant use quotes within quotes within quotes. Any ideas?
问题是我不能在引号内的引号内使用引号。有任何想法吗?
3 个解决方案
#1
21
To represent a " character inside an HTML attribute delimited by " characters, use the entity "
要表示“由”字符分隔的HTML属性中的“字符”,请使用实体“
I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.
我建议使用JavaScript附加事件监听器,而不是使用内部事件属性。它极大地简化了事情。
Note however, that browsers will not execute JavaScript added to the document with innerHTML. If you want to add a script programatically, the use createElement / appendChild et al.
但请注意,浏览器不会使用innerHTML执行添加到文档中的JavaScript。如果要以编程方式添加脚本,请使用createElement / appendChild等。
#2
4
<body onload='document.body.innerHTML="<script>alert(\"hi\")</script>"'>
or
<body onload="document.body.innerHTML='<script>alert(\'hi\')</script>'">
It does work, but the script doesn't get executed because it is added after the browser parsed your code.
它确实有效,但脚本没有执行,因为它是在浏览器解析代码后添加的。
Note that if you wanted quotes within quotes within quotes within quotes you would have done: <body onload="document.body.innerHTML='<script>alert(\'\\\'hi\\\'\')</script>'" >
请注意,如果您希望引号内的引号在引号内引号,那么您将完成: alert(\'\\\'hi \\\'\')'“>
What is really impossible (i think) without " is putting " and ' in the alert.
什么是真的不可能(我认为)没有“将“和”置于警戒状态。
#3
1
Gah! First off, don't do it that way. :D
尔加!首先,不要这样做。 :d
Something like:
<body></body>
<script>
window.onload = function () {
document.body.innerHTML = "<script>alert('hi')</script>";
}
</script>
. . . would be better. Consider some JQuery solutions, as well.
。 。 。会更好。考虑一些JQuery解决方案。
Even that specific approach, I wouldn't recommend, but I suspect that you are simply testing out how to add content to the body of your HTML after the page is loaded, rather than actually wanting to use the alert(). ;) If that's the case, try something like this:
即使是那种特定的方法,我也不建议,但我怀疑你只是在加载页面后测试如何在HTML主体中添加内容,而不是真正想要使用alert()。 ;)如果是这种情况,尝试这样的事情:
<body></body>
<script>
window.onload = function () {
document.body.innerHTML = "some text";
alert('hi'); // if you really want to test that the JS is working after load.
}
</script>
#1
21
To represent a " character inside an HTML attribute delimited by " characters, use the entity "
要表示“由”字符分隔的HTML属性中的“字符”,请使用实体“
I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.
我建议使用JavaScript附加事件监听器,而不是使用内部事件属性。它极大地简化了事情。
Note however, that browsers will not execute JavaScript added to the document with innerHTML. If you want to add a script programatically, the use createElement / appendChild et al.
但请注意,浏览器不会使用innerHTML执行添加到文档中的JavaScript。如果要以编程方式添加脚本,请使用createElement / appendChild等。
#2
4
<body onload='document.body.innerHTML="<script>alert(\"hi\")</script>"'>
or
<body onload="document.body.innerHTML='<script>alert(\'hi\')</script>'">
It does work, but the script doesn't get executed because it is added after the browser parsed your code.
它确实有效,但脚本没有执行,因为它是在浏览器解析代码后添加的。
Note that if you wanted quotes within quotes within quotes within quotes you would have done: <body onload="document.body.innerHTML='<script>alert(\'\\\'hi\\\'\')</script>'" >
请注意,如果您希望引号内的引号在引号内引号,那么您将完成: alert(\'\\\'hi \\\'\')'“>
What is really impossible (i think) without " is putting " and ' in the alert.
什么是真的不可能(我认为)没有“将“和”置于警戒状态。
#3
1
Gah! First off, don't do it that way. :D
尔加!首先,不要这样做。 :d
Something like:
<body></body>
<script>
window.onload = function () {
document.body.innerHTML = "<script>alert('hi')</script>";
}
</script>
. . . would be better. Consider some JQuery solutions, as well.
。 。 。会更好。考虑一些JQuery解决方案。
Even that specific approach, I wouldn't recommend, but I suspect that you are simply testing out how to add content to the body of your HTML after the page is loaded, rather than actually wanting to use the alert(). ;) If that's the case, try something like this:
即使是那种特定的方法,我也不建议,但我怀疑你只是在加载页面后测试如何在HTML主体中添加内容,而不是真正想要使用alert()。 ;)如果是这种情况,尝试这样的事情:
<body></body>
<script>
window.onload = function () {
document.body.innerHTML = "some text";
alert('hi'); // if you really want to test that the JS is working after load.
}
</script>