gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d03c71b9905a43c8a3a7ffe14c2a14bcc3e0b51f
freeCodeCamp/guide/chinese/javascript/html-dom-innerhtml-property/index.md
Mrugesh Mohapatra da0df12ab7 fix(guide): simplify directory structure
2018-10-16 21:32:40 +05:30

60 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: HTML Dom Innerhtml Property
localeTitle: HTML Dom Innerhtml属性
---
## HTML Dom Innerhtml属性
`innerHTML` prop返回所选元素中的HTML内容并允许您定义新的HTML内容。
**_获取元素内容_**
```html
<div id="demo">
<p>Demo</p>
</div>
```
```javascript
var element = document.getElementById("demo");
console.log(element.innerHTML) //logs <p>Demo</p>
```
**_设置元素内容_**
```html
<div id="demo"></div>
```
```javascript
var element = document.getElementById("demo");
element.innerHTML = "<div>Demo</div>";
```
HTML现在就像
```html
<div id="demo">
<div>Demo</div>
</div>
```
**_安全考虑_**
设置为`innerHTML`的值应该来自可靠来源因为Javascript会将任何内容放在该元素中并且它将作为纯HTML运行。
例:
设置“ `<script>alert();</script>` ”值将导致Javascript“alert”函数被触发
```javascript
var element = document.getElementById("demo");
element.innerHTML = "<script>alert();</script>";
```
这种类型的攻击称为[Cross Site Scripting简称XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) 。
这是提交XSS攻击的最常见方式之一。如果您想学习更多知识并学会防范它 [请查看此资源](https://xss-game.appspot.com/)
Reference in New Issue View Git Blame Copy Permalink