javascript - 什么时候应该使用转义而不是encodeURI / encodeURIComponent？(When are you supposed to use escape instead of encodeURI / encodeURIComponent?)

Question

When encoding a query string to be sent to a web server - when do you use escape() and when do you use encodeURI() or encodeURIComponent() :

(在对要发送到Web服务器的查询字符串进行编码时-什么时候使用escape()以及什么时候使用encodeURI()或encodeURIComponent() ：)

Use escape:

(使用转义：)

escape("% +&=");

OR

(要么)

use encodeURI() / encodeURIComponent()

(使用encodeURI（）/ encodeURIComponent（）)

encodeURI("http://www.google.com?var1=value1&var2=value2");

encodeURIComponent("var1=value1&var2=value2");

  ask by Adam translate from so

Answer 1

escape()(逃逸（）)

Don't use it!

(不要使用它！)

escape() is defined in section B.2.1.2 escape and the introduction text of Annex B says:

(escape()在B.2.1.2节Escape中定义，附件B的引言文本说：)

... All of the language features and behaviours specified in this annex have one or more undesirable characteristics and in the absence of legacy usage would be removed from this specification.

(...本附件中指定的所有语言功能和行为均具有一个或多个不良特征，在没有遗留用法的情况下，将从本规范中删除。)

...

(...)

... Programmers should not use or assume the existence of these features and behaviours when writing new ECMAScript code....

(在编写新的ECMAScript代码时，程序员不应使用或假定这些功能和行为的存在。)

Behaviour:

(行为：)

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/escape

(https://developer.mozilla.org/zh-CN/docs/Web/JavaScript/Reference/Global_Objects/escape)

Special characters are encoded with the exception of: @*_+-./

(特殊字符的编码除外：@ * _ +-。/)

The hexadecimal form for characters, whose code unit value is 0xFF or less, is a two-digit escape sequence: %xx .

(字符的十六进制形式（其代码单位值为0xFF或更小）是两位数字的转义序列： %xx 。)

For characters with a greater code unit, the four-digit format %uxxxx is used.

(对于具有较大代码单位的字符，将使用四位数格式%uxxxx 。)

This is not allowed within a query string (as defined in RFC3986 ):

(查询字符串（如RFC3986所定义）中不允许这样做 ：)

query       = *( pchar / "/" / "?" )
pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded   = "%" HEXDIG HEXDIG
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

A percent sign is only allowed if it is directly followed by two hexdigits, percent followed by u is not allowed.

(仅当百分号后接两个十六进制数字时才允许使用百分号，而百分号后接u是不允许的。)

encodeURI()(encodeURI（）)

Use encodeURI when you want a working URL.

(需要有效的URL时，请使用encodeURI。)

Make this call:

(拨打电话：)

encodeURI("http://www.example.org/a file with spaces.html")

to get:

(要得到：)

http://www.example.org/a%20file%20with%20spaces.html

Don't call encodeURIComponent since it would destroy the URL and return

(不要调用encodeURIComponent，因为它会破坏URL并返回)

http%3A%2F%2Fwww.example.org%2Fa%20file%20with%20spaces.html

encodeURIComponent()(encodeURIComponent（）)

Use encodeURIComponent when you want to encode the value of a URL parameter.

(当您想对URL参数的值进行编码时，请使用encodeURIComponent。)

var p1 = encodeURIComponent("http://example.org/?a=12&b=55")

Then you may create the URL you need:

(然后，您可以创建所需的URL：)

var url = "http://example.net/?param1=" + p1 + "&param2=99";

And you will get this complete URL:

(您将获得以下完整的URL：)

http://example.net/?param1=http%3A%2F%2Fexample.org%2F%Ffa%3D12%26b%3D55&param2=99

Note that encodeURIComponent does not escape the ' character.

(请注意，encodeURIComponent不会转义'字符。)

A common bug is to use it to create html attributes such as href='MyUrl' , which could suffer an injection bug.

(一个常见的错误是使用它来创建html属性，例如href='MyUrl' ，这可能会遇到注入错误。)

If you are constructing html from strings, either use " instead of ' for attribute quotes, or add an extra layer of encoding ( ' can be encoded as %27).

(如果要从字符串构造html，请在属性引号中使用"代替' ，或添加额外的编码层（ '可以编码为％27”）。)

For more information on this type of encoding you can check: http://en.wikipedia.org/wiki/Percent-encoding

(有关此类型编码的更多信息，请检查： http : //en.wikipedia.org/wiki/Percent-encoding)