比如字符串 <script type="text/javascript">alert(‘跨站攻击鸟‘)</script>
1.html encode
<script type="text/javascript">alert(‘跨站攻击鸟‘)</script>
2. html urlencode
%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert(‘%E8%B7%A8%E7%AB%99%E6%94%BB%E5%87%BB%E9%B8%9F‘)%3C%2Fscript%3E
3.To js string
<script type=\"text/javascript\">alert(‘\u8DE8\u7AD9\u653B\u51FB\u9E1F‘)</script>