Yes, both quotes are allowed in attribute values, but you must HTML-escape the quote you're using as an attribute value delimiter, as well as other HTML-special characters like <
and &
:
function encodeHTML(s) {
return s.split('&').join('&').split('<').join('<').split('"').join('"').split("'").join(''');
}
var html= '<label my_attr="'+encodeHTML(attr_value)+'">Text</label>';
However, you are usually much better off not trying to hack a document together from HTML strings. You risk bugs and HTML-injection (leading to cross-site-scripting security holes) every time you forget to escape. Instead, use DOM-style methods like attr()
, text()
and the construction shortcut:
$('body').append(
$('<label>', {my_attr: attr_value, text: 'Text'})
);
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…