在帕格朗无法逃脱

Question

因此，我使用QuillJS (wysiwyg编辑器)生成了一些用户定义的HTML。就显示/编辑编辑器内的文本而言，它工作得很好，但是当我试图在一个页面上使用!{var}显示相同的数据时，它会显示为字符串"....my HTML代码这里.“。

 "<h1 class=\"ql-align-center\">Essential things to think about before starting a blog</h1><p><br></p><h2 class=\"ql-align-center\">​It takes several ingredients to create a delicious blog&l
    t;/h2><p><br></p><p class=\"ql-align-justify\">It has been exactly 3 years since I wrote my first blog series entitled “Flavorful Tuscany”, but starting it was definitely not easy. Back then, I didn’t know much about blogging, let alone think that one day it could become <strong>my full-time job</strong>. Even though I had many recipes and food-related stories to tell, it never crossed my mind that I could be sharing them with the whole world.</p><p class=\"ql-align-justify\">I am now a <strong>full-time blogger</strong> and the curator of the <a href=\"https://ckeditor.com/ckeditor-4/#\" target=\"_blank\">Simply delicious newsletter</a>, sharing stories about traveling and cooking, as well as tips on how to run a successful blog.</p><p class=\"ql-align-justify\">If you are tempted by the idea of creating your own blog, please think about the
    following:</p><ul><li class=\"ql-align-justify\">Your story
    (what do you want to tell your audience)</li><li class=\"ql-align-justify\">Your audience (who do you write for)</li><li class=\"ql-align-justify\">Your blog name and design</li></ul>"

<div class="text-justify" id="description">
&lt;h1 class="ql-align-center"&gt;Essential things to think about before starting a blog&lt;/h1&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;h2 class="ql-align-center"&gt;​It takes several ingredients to create a delicious blog&lt;/h2&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p class="ql-align-justify"&gt;It has been exactly 3 years since I wrote my first blog series entitled “Flavorful Tuscany”, but starting it was definitely not easy. Back then, I didn’t know much about blogging, let alone think that one day it could become &lt;strong&gt;my full-time job&lt;/strong&gt;. Even though I had many recipes and food-related stories to tell, it never crossed my mind that I could be sharing them with the whole world.&lt;/p&gt;&lt;p class="ql-align-justify"&gt;I am now a &lt;strong&gt;full-time blogger&lt;/strong&gt; and the curator of the &lt;a href="https://ckeditor.com/ckeditor-4/#" target="_blank"&gt;Simply delicious newsletter&lt;/a&gt;, sharing stories about traveling and cooking, as well as tips on how to run a successful blog.&lt;/p&gt;&lt;p class="ql-align-justify"&gt;If you are tempted by the idea of creating your own blog, please think about the following:&lt;/p&gt;&lt;ul&gt;&lt;li class="ql-align-justify"&gt;Your story (what do you want to tell your audience)&lt;/li&gt;&lt;li class="ql-align-justify"&gt;Your audience (who do you write for)&lt;/li&gt;&lt;li class="ql-align-justify"&gt;Your blog name and design&lt;/li&gt;&lt;/ul&gt;  
</div>

我做错什么了.

1. 我尝试将它保存到一个新的var中，并将它分别传递给模板。
2. ，我尝试了通过google.

获得的字符串插值方法的替代方法。

Answer 1

@sean是对的，代码是转义的，但不是在数据库中，而是在转到db之前，一个插件‘xss’正在将标记转换为HTML 。

以下是这个值的示例，它甚至可以在问题中看到：

<h1 class=\"ql-align-center\">

那个插件被禁用后，无法逃脱的部分就开始工作了。

我强烈建议其他可能面临同样问题的人，检查这样小的anamolies，并将其作为调试过程中的一个步骤处理。

PS:我从Xss-干净切换到头盔，以及替代Xss-干净.