因此,如果你将他们作为URL的一部分,并且没有进行转义处理,将会存在一定的风险。
What it really means is you should always escape these characters if a part of your URL (i. e. like a query param) is likely to contain them.
如果一个URL的某一部分(如查询参数的一部分)可能包含这些字符之一,则应该在放入URL之前对其进行转义处理。
If a part of a URL (such as a query parameter), is likely to contain one of these characters, it should be escaped before being included in the URL.
如果使用处理管道,那么关键就是建立管道输入和输出的契约,无论数据是否转义。
If you're using processing pipelines, then the key is in establishing contracts for pipeline inputs and outputs as to whether the data is escaped.
应用推荐