Cross-site scripting (XSS) is a type of computer securityvulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. 复制代码 代码如下: 复制代码 代码如下: 复制代码 代码如下: 复制代码 代码如下: 复制代码 代码如下: 复制代码 代码如下: 复制代码 代码如下:
var person = '{ "name": "Violet", "occupation": "character" }'.evalJSON();
person.name;
//-> "Violet"
person = 'grabUserPassword()'.evalJSON(true);
//-> SyntaxError: Badly formed JSON string: 'grabUserPassword()'
person = '/*-secure-\n{"name": "Violet", "occupation": "character"}\n*/'.evalJSON()
person.name;
//-> "Violet"
'lorem... <script type="text/javascript"><!--
2 + 2
// --></script>'.evalScripts();
// -> [4]
'<script type="text/javascript"><!--
2 + 2
// --></script><script type="text/javascript"><!--
alert("hello world!")
// --></script>'.evalScripts();
// -> [4, undefined] (and displays 'hello world!' in the alert dialog)
gsub() /sub() :
var mouseEvents = 'click dblclick mousedown mouseup mouseover mousemove mouseout'; mouseEvents.gsub(' ', ', ');
// -> 'click, dblclick, mousedown, mouseup, mouseover, mousemove, mouseout'
mouseEvents.gsub(/\w+/, function(match){return 'on' + match[0].capitalize()});
// -> 'onClick onDblclick onMousedown onMouseup onMouseover onMousemove onMouseout'
var markdown = ' ';
markdown.gsub(/!\[(.*?)\]\((.*?)\)/, function(match){ return '<img alt="' + match[1] + '" src="' + match[2] + '" src="' + match[2] + '" />'; });
// -> '<img alt="a pear" src="https://www.jb51.net/img/pear.jpg" src="https://www.jb51.net/img/pear.jpg" /> <img alt="an orange" src="https://www.jb51.net/img/orange.jpg" src="https://www.jb51.net/img/orange.jpg" />'
//==================================================
var fruits = 'apple pear orange';
fruits.sub(' ', ', '); // -> 'apple, pear orange'
fruits.sub(' ', ', ', 1); // -> 'apple, pear orange'
fruits.sub(' ', ', ', 2); // -> 'apple, pear, orange'
fruits.sub(/\w+/, function(match){return match[0].capitalize() + ','}, 2);
// -> 'Apple, Pear, orange'
var markdown = ' ';
markdown.sub(/!\[(.*?)\]\((.*?)\)/, function(match){ return '<img alt="' + match[1] + '" src="' + match[2] + '" src="' + match[2] + '" />'; });
// -> '<img alt="a pear" src="https://www.jb51.net/img/pear.jpg" src="https://www.jb51.net/img/pear.jpg" /> '
markdown.sub(/!\[(.*?)\]\((.*?)\)/, '<img alt="#{1}" src="#{2}" src="#{2}" />');
// -> '<img alt="a pear" src="https://www.jb51.net/img/pear.jpg" src="https://www.jb51.net/img/pear.jpg" /> '
interpolate() :
"#{animals} on a #{transport}".interpolate({ animals: "Pigs", transport: "Surfboard" });
//-> "Pigs on a Surfboard"
scan() :
var fruits = [];
'apple, pear & orange'.scan(/\w+/, function(match){ fruits.push(match[0])}); fruits.inspect()
// -> ['apple', 'pear', 'orange']
times() :
"echo ".times(3); //-> "echo echo echo "
toQueryParams():
'section=blog&id=45'.toQueryParams();
// -> {section: 'blog', id: '45'}
'section=blog;id=45'.toQueryParams();
// -> {section: 'blog', id: '45'}
'http://www.example.com?section=blog&id=45#comments'.toQueryParams();
// -> {section: 'blog', id: '45'}
'section=blog&tag=javascript&tag=prototype&tag=doc'.toQueryParams();
// -> {section: 'blog', tag:['javascript', 'prototype', 'doc']}
'tag=ruby%20on%20rails'.toQueryParams();
// -> {tag: 'ruby on rails'}
'id=45&raw'.toQueryParams();
// -> {id: '45', raw: undefined}
Prototype String对象 学习(3)
内容版权声明:除非注明,否则皆为本站原创文章。