(十万火急)关于过滤HTML字符的问题

str.replace("<","&lt");
str.replace(">","&gt");
.......................

用struts标签比较简单些<bean:write>提供了filter属性用来过滤html特殊字符
asp可以在server端转：server.HTMLEncode(str)
PHP也可以在server端转：htmlspecialchars
你可以先在客户端对其内容进行轮换:
<script language=javascript>
function coder(str)
{
   var s = "";
   if (str.length == 0) return "";
   s = str.replace(/&/g, ">");
   s = s.replace(/</g,   "<");
   s = s.replace(/>/g,   ">");
   s = s.replace(/ /g,   " ");
   s = s.replace(/\'/g,  "'");
   s = s.replace(/\"/g,  """);
   s = s.replace(/\n/g,  "<br>");
   return s;
}
</script>
或者提交到后台入库前进行转换:<%
Function coder(str)
  Dim i
  If IsNull(str) Then : coder="" : Exit Function : End If
  For i = 1 to Len(str)
    Select case mid(str,i,1)
      Case "<"     : coder = coder &"<"
      Case ">"     : coder = coder &">"
      Case "&"     : coder = coder &"&"
      Case chr(9)  : coder = coder &"    "
      Case chr(13) : coder = coder &"<br>"
      Case chr(32) : coder = coder &" "
      Case chr(34) : coder = coder &"""
      Case chr(39) : coder = coder &"'"
      Case Else    : coder = coder & mid(str,i,1)
    End Select
  Next
End Function
%>
<input type="text" onKeyDown="javascript:if(this.value.replace('<','')!=this.value) this.value.replace('><','><')">
<input type="text" onKeyDown="javascript:if(this.value.replace('><','')!=this.value) this.value.replace('><','><')">