后端开发接收数据时将<script type="text/javascript">alert(1)</script>js语法转换为html实体编码;
function htmlspecialchars(str){
//转换所有的html标签
str = str.replace(/</g, '<');
str = str.replace(/>/gi,'>');
//只转换js的script标签
str = str.replace(/<script/g, '<script');
str = str.replace(/</script>/gi,'</script>');
return str;
}