Article From:https://segmentfault.com/q/1010000011709552
Question:
// A simple way to check for HTML strings
// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
// Strict HTML recognition (#11290: must start with <)

rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,

This is a matching HTML tag. I don’t understand it.[^>]*,Why do we need to add this to solve the problem?

/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/.test('<a>>').test('<a>>'); // true

Answer 0:

// A simple way to check for HTML strings
No
// A simple way to check for HTML tag

  • Part one:(<[\w\W]+>) Used to match HTML tag
  • The second part:[^>]* Used to match strings behind HTML tag

The parentheses are grouped in front, so the regular expression can extract the tag.

Only the first part and the second part can be combined to match a row of HTML code. The second part represents the middle of the HTML start tag and end tag and the end tag, but the second part can’t.

For example:

<img src="" alt="">            // Only the first part, without second parts.The first part is: & lt; a href ="& gt; XXXX & lt; / A & gt; / / the first part is: & lt; a href =" & gt; / the second part is: xxxxx & lt; /A>

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *