Javascript set iframe src - 正确的格式

我已经阅读了这里和这里的帖子，但无法正确编码。

在javascript中，我正在编写一个指向<input>的链接，然后使用document.getElementById（'downloadlink'）.value读取该链接，并将其放入iframe src中执行。

该代码在我的本地主机上工作正常，但不能在实时服务器上工作，由于名称无效，文件永远不会加载（注意：http 302 暂时移动是由于无效文件请求导致的 .htaccess 重定向）。我确信这是编码与号的问题。我的理解是input需要对与号（和其他 html 实体）进行编码。我为此使用了 php.js 等效的 htmlspecialchars() 和 htmlspecialchars_decode()（这同样适用于本地主机）。

对于img.src，我的理解是我希望将 & 符号编码为 & 但是在我的本地主机上，它可以在没有它们的情况下工作，但不能与它们一起编码。在我的实时网站上，它无论哪种方式都不起作用。

为了对它们进行编码，我尝试了：

url = url.replace(/&/g, "&"); 

是时候停止撕扯我的头发并寻求帮助了。任何人？

iframe（使用来自js htmlspecialchars的编码）注意：我无法让&保持显示编码 - 它们在保存时被替换。

<iframe src="www.waldorfteacherresources.com/getfile.php?file=g2-saints-martin-009.jpg&amp;mode=download&amp;hv=4443f86959bf104e1df0eac204b8aaf226ae533b&amp;wtrpath=docs " id="iframe" height="0" width="0" hidden=""></iframe>

代码

function downloadfile() {
    if (document.getElementById("downloadlink")) {
    var div = document.getElementById('datadiv');
    var url = hx(document.getElementById('downloadlink').value);
    var ifrm = document.createElement("iframe");
    ifrm.setAttribute("src", url);
    ifrm.setAttribute("id", "iframe");
    ifrm.height = 0;
    ifrm.width = 0;
    ifrm.hidden = true;
    div.appendChild(ifrm);
    }
}
// support functions to encode / decode 
// encodes output - equivalent of php hx function
// hx notation is a shortcut for htmlspecialchars() with all options set
function hx( string,  flags,  charsetEncoding,  double_encode) {
    if (typeof flags == "undefined"){
        flags = 0;
    }
    if (typeof charsetEncoding == "undefined" ){
    charsetEncoding = "UTF-8";
    }    
    if (typeof double_encode == "undefined"){
        double_encode = true;
    }
    // constants not valid until php v 5.4
    var ENT_HTML401 = 0;
    var ENT_HTML5 = (16 | 32);
    var ENT_COMPAT = 2;
    if ( flags == 0) {
     flags = ENT_COMPAT |  ENT_HTML401;
    }
     string = htmlspecialchars( string,  flags,  charsetEncoding,  double_encode);
    return  string;
}
// decodes output of hx() / htmlspecialchars() - shortcut notation for htmlspecialchars_decode()
function hdx(string) {
    return htmlspecialchars_decode(string);
}
function htmlspecialchars(string, quote_style, charset, double_encode) {
  //       discuss at: http://phpjs.org/functions/htmlspecialchars/
  var optTemp = 0,
    i = 0,
    noquotes = false;
  if (typeof quote_style === 'undefined' || quote_style === null) {
    quote_style = 2;
  }
  string = string.toString();
  if (double_encode !== false) { // Put this first to avoid double-encoding
    string = string.replace(/&/g, '&');
  }
  string = string.replace(/</g, '&lt;')
    .replace(/>/g, '&gt;');
  var OPTS = {
    'ENT_NOQUOTES': 0,
    'ENT_HTML_QUOTE_SINGLE': 1,
    'ENT_HTML_QUOTE_DOUBLE': 2,
    'ENT_COMPAT': 2,
    'ENT_QUOTES': 3,
    'ENT_IGNORE': 4
  };
  if (quote_style === 0) {
    noquotes = true;
  }
  if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
    quote_style = [].concat(quote_style);
    for (i = 0; i < quote_style.length; i++) {
      // Resolve string input to bitwise e.g. 'ENT_IGNORE' becomes 4
      if (OPTS[quote_style[i]] === 0) {
        noquotes = true;
      } else if (OPTS[quote_style[i]]) {
        optTemp = optTemp | OPTS[quote_style[i]];
      }
    }
    quote_style = optTemp;
  }
  if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
    string = string.replace(/'/g, '&#039;');
  }
  if (!noquotes) {
    string = string.replace(/"/g, '&quot;');
  }
  return string;
}
function htmlspecialchars_decode(string, quote_style) {
    //       discuss at: http://phpjs.org/functions/htmlspecialchars_decode/
    var optTemp = 0,
        i = 0,
        noquotes = false;
    if (typeof quote_style === 'undefined') {
    quote_style = 2;
    }
    string = string.toString().replace(/&lt;/g, '<').replace(/&gt;/g, '>');
    var OPTS = {
    'ENT_NOQUOTES': 0,
    'ENT_HTML_QUOTE_SINGLE': 1,
    'ENT_HTML_QUOTE_DOUBLE': 2,
    'ENT_COMPAT': 2,
    'ENT_QUOTES': 3,
    'ENT_IGNORE': 4
    };
    if (quote_style === 0) {
    noquotes = true;
    }
    if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags
    quote_style = [].concat(quote_style);
    for (i = 0; i < quote_style.length; i++) {
        // Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4
        if (OPTS[quote_style[i]] === 0) {
        noquotes = true;
        } else if (OPTS[quote_style[i]]) {
        optTemp = optTemp | OPTS[quote_style[i]];
        }
    }
    quote_style = optTemp;
    }
    if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
    string = string.replace(/&#039;/g, "'");
    }
    if (!noquotes) {
    string = string.replace(/&quot;/g, '"');
    }
    // Put this in last place to avoid escape being double-decoded
    string = string.replace(/&amp;/g, '&');
    return string;
}

The request headers
    GET /www.example.com/getfile.php?file=myfile.jpg&mode=download&hv=939afca0cdaafd55a1e1471da7463be9acbf5478&wtrpath=docs HTTP/1.1
    Host: www.example.com
    Connection: keep-alive
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
    Referer: http://www.waldorfteacherresources.com/index.php?grade=2&page=Saints
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    Cookie: id=XXX;
    PHPSESSID=.... session info here
The response
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 21 Feb 2016 21:16:05 GMT
    Server: Apache
    X-Powered-By: PHP/5.5.32
    **** this is an .htaccess redirect due to an invalid file request
    Location: /index.php
    Cache-Control: max-age=86400
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 767
    Keep-Alive: timeout=3, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8