标签：

escape()

Don‘t use it, as it has been deprecated since ECMAScript v3.

encodeURI()

Use encodeURI when you want a working URL. Make this call:

encodeURI("http://www.google.com/a file with spaces.html")

to get:

http://www.google.com/a%20file%20with%20spaces.html

Don‘t call encodeURIComponent since it would destroy the URL and return

http%3A%2F%2Fwww.google.com%2Fa%20file%20with%20spaces.html

encodeURIComponent()

Use encodeURIComponent when you want to encode a URL parameter.

param1 = encodeURIComponent("http://xyz.com/?a=12&b=55")

Then you may create the URL you need:

url = "http://domain.com/?param1=" + param1 + "&param2=99";

And you will get this complete URL:

http://www.domain.com/?param1=http%3A%2F%2Fxyz.com%2F%Ffa%3D12%26b%3D55&param2=99

Note that encodeURIComponent does not escape the ‘ character. A common bug is to use it to create html attributes such as href=‘MyUrl‘, which could suffer an injection bug. If you are constructing html from strings, either use " instead of ‘ for attribute quotes, or add an extra layer of encoding (‘ can be encoded as %27).

For more information on this type of encoding you can check: http://en.wikipedia.org/wiki/Percent-encoding

Best practice: escape, or encodeURI / encodeURIComponent

标签：

原文地址：http://www.cnblogs.com/yuyutianxia/p/4981625.html