比如回复<script>alert('hello')</script>,还是显示这个而不执行脚本,求具体的处理办法或者函数
------解决方案--------------------
将 < > 这些符号 转为实体
http://www.w3school.com.cn/html/html_entities.asp
------解决方案--------------------
使用replace 字符串替换函数
http://qingxinxz.tk/newindex/content.asp?id=31
例如:
<%
function transfer(x)
x=replace(x,chr(13),"")
x=replace(x,chr(10)&chr(10),"<br ><br>")
x=replace(x,chr(10),"<br>")
x=replace(x,"<%" ,"<%")
x=replace(x,"<","<")
transfer=x
end function
%>
------解决方案--------------------
- VBScript code
Function switchHtml(Strings, Mark)
If Mark = 1 Then '//标签 转换成 HTML符号
Strings = Replace(Strings, "<", "<")
Strings = Replace(Strings, ">", ">")
Strings = Replace(Strings, Chr(39), "¤")
Strings = Replace(Strings, "'", "¤")
Strings = Replace(Strings, "´", "¤")
Strings = Replace(Strings, Chr(34), """)
switchHtml = Strings
ElseIf Mark = 2 Then '//HTML符号 转换成 标签
Strings = Replace(Strings, "<", "<")
Strings = Replace(Strings, ">", ">")
Strings = Replace(Strings, "¤", "'")
Strings = Replace(Strings, """, Chr(34))
switchHtml = Strings
End If
End Function