Search Results

Search found 390 results on 16 pages for 'escaping'.

Page 1/16 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • XSLT disable output escaping when disable-output-escaping is not supported

    - by Moose Morals
    Hi folks, Since disable-output-escaping doesn't work on firefox (and isn't going to), whats the next best way of including raw markup in the output of an XSTL transform? (Background: I've got raw HTML in a database that I want to wrap in XML to send to a browser to render. I've got control of both the XML and the stylesheet, but no control of the HTML, which may be badly formed (even for HTML!)) Thanks

    Read the article

  • Escaping Strings in JavaScript

    - by Steve Harrison
    Hello, Does JavaScript have a built-in function like PHP's addslashes (or addcslashes) function to add backslashes to characters that need escaping in a string? For example, this: This is a demo string with 'single-quotes' and "double-quotes". ...would become: This is a demo string with \'single-quotes\' and \"double-quotes\". Thanks, Steve

    Read the article

  • How to XML escaping with Apache Velocity?

    - by Jan Algermissen
    I am generating XML using Apache Velocity. What is the best (most straight-forward) way to XML-escape the output? (I saw there is an escape tool, but could not figure out it's dev state. I also think that XML escaping is something that is very likely supported by Velocity directly.)

    Read the article

  • Safely escaping and reading back a file path in ruby

    - by user336851
    I need to save a few informations about some files. Nothing too fancy so I thought I would go with a simple one line per item text file. Something like this : # write io.print "%i %s %s\n" % [File.mtime(fname), fname, Digest::SHA1.file(fname).hexdigest] # read io.each do |line| mtime, name, hash = line.scanf "%i %s %s" end Of course this doesn't work because a file name can contain spaces (breaking scanf) and line breaks (breaking IO#each). The line break problem can be avoided by dropping the use of each and going with a bunch of gets(' ') while not io.eof? mtime = Time.at(io.gets(" ").to_i) name = io.gets " " hash = io.gets "\n" end Dealing with spaces in the names is another matter. Now we need to do some escaping. note : I like space as a record delimiter but I'd have no issue changing it for one easier to use. In the case of filenames though, the only one that could help is ascii nul "\0" but a nul delimited file isn't really a text file anymore... I initially had a wall of text detailing the iterations of my struggle to make a correct escaping function and its reciprocal but it was just boring and not really useful. I'll just give you the final result: def write_name(io, val) io << val.gsub(/([\\ ])/, "\\\\\\1") # yes that' 6 backslashes ! end def read_name(io) name, continued = "", true while continued continued = false name += io.gets(' ').gsub(/\\(.)/) do |c| if c=="\\\\" "\\" elsif c=="\\ " continued=true " " else raise "unexpected backslash escape : %p (%s %i)" % [c, io.path, io.pos] end end end return name.chomp(' ') end I'm not happy at all with read_name. Way too long and akward, I feel it shouldn't be that hard. While trying to make this work I tried to come up with other ways : the bittorrent encoded / php serialize way : prefix the file name with the length of the name then just io.read(name_len.to_i). It works but it's a real pita to edit the file by hand. At this point we're halfway to a binary format. String#inspect : This one looks expressly made for that purpose ! Except it seems like the only way to get the value back is through eval. I hate the idea of eval-ing a string I didn't generate from trusted data. So. Opinions ? Isn't there some lib which can do all this ? Am I missing something obvious ? How would you do that ?

    Read the article

  • Escaping ampersands in URLs for HttpClient requests

    - by jpatokal
    So I've got some Java code that uses Jakarta HttpClient like this: URI aURI = new URI( "http://host/index.php?title=" + title + "&action=edit" ); GetMethod aRequest = new GetMethod( aURI.getEscapedPathQuery()); The problem is that if title includes any ampersands (&), they're considered parameter delimiters and the request goes screwy... and if I replace them with the URL-escaped equivalent %26, then this gets double-escaped by getEscapedPathQuery() into %2526. I'm currently working around this by basically repairing the damage afterward: URI aURI = new URI( "http://host/index.php?title=" + title.replace("&", "%26") + "&action=edit" ); GetMethod aRequest = new GetMethod( aURI.getEscapedPathQuery().replace("%2526", "%26")); But there has to be a nicer way to do this, right? Note that the title can contain any number of unpredictable UTF-8 chars etc, so escaping everything else is a requirement.

    Read the article

  • XSL transformation and special XML entities escaping

    - by Tomas R
    I have an XML file which is transformed with XSL. Some elements have to be changed, some have to be left as is - specifically, text with entities &quot;, &amp;, &apos;, &lt;, &gt; should be left as is, and in my case &quot; and &apos; are changed to " and ' accordingly. Test XML: <?xml version="1.0" encoding="UTF-8" ?> <root> <element> &quot; &amp; &apos; &lt; &gt; </element> </root> transformation file: <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <xsl:output method="xml" encoding="UTF-8" omit-xml-declaration="no" indent="no" /> <xsl:template match="element"> <xsl:copy> <xsl:value-of disable-output-escaping="no" select="." /> </xsl:copy> </xsl:template> </xsl:stylesheet> result: <?xml version="1.0" encoding="UTF-8"?> <element> " &amp; ' &lt; &gt; </element> desired result: <?xml version="1.0" encoding="UTF-8"?> <element> &quot; &amp; &apos; &lt; &gt; </element> I have 2 questions: why does some of those entities are transformed and other not? how can I get a desired result?

    Read the article

  • Escaping escape Characters

    - by Alix Axel
    I'm trying to mimic the json_encode bitmask flags implemented in PHP 5.3.0, here is the string I have: $s = addslashes('O\'Rei"lly'); // O\'Rei\"lly Doing json_encode($str, JSON_HEX_APOS | JSON_HEX_QUOT) outputs the following: "O\\\u0027Rei\\\u0022lly" And I'm currently doing this in PHP versions older than 5.3.0: str_replace(array('\\"', "\\'"), array('\\u0022', '\\\u0027'), json_encode($s)) or str_replace(array('\\"', '\\\''), array('\\u0022', '\\\u0027'), json_encode($s)) Which correctly outputs the same result: "O\\\u0027Rei\\\u0022lly" I'm having trouble understanding why do I need to replace single quotes ('\\\'' or even "\\'" [surrounding quotes excluded]) with '\\\u0027' and not just '\\u0027'.

    Read the article

  • Escaping colons in hibernate createSQLQuery

    - by Stratosgear
    I am confused on how I can create an SQL statement containing colons. I am trying to create a view and I am using (notice the double colons): create view MyView as ( SELECT tableA.colA as colA, tableB.colB as colB, round(tableB.colD / 1024)::numeric, 2) as calcValue, FROM tableA, tableB WHERE tableA.colC = 'someValue' ); This is a postgres query and I am forced to use the double colons (::) in order to correctly run the statement. I then pass the above statement through: s.createSQLQuery(myQuery).executeUpdate(); and I get a: Exception in thread "main" org.hibernate.exception.DataException: \ could not execute native bulk manipulation query at org.hibernate.exception.SQLStateConverter.convert(\ SQLStateConverter.java:102) ... more stacktrace... with an output of my above statement changed as (notice the question mark): create view MyView as ( SELECT tableA.colA as colA, tableB.colB as colB, round(tableB.colD / 1024)?, 2) as calcValue, FROM tableA, tableB WHERE tableA.colC = 'someValue' ); Obviously, hibernate confuses my colons with named parameters. Is there a way to escape the colons (a google suggestion that mentions that a single colon is escaped as a double colon does NOT work) or another way of running this statement? Thanks.

    Read the article

  • Escaping Code for Different Shells

    - by Jon Purdy
    Question: What characters do I need to escape in a user-entered string to securely pass it into shells on Windows and Unix? What shell differences and version differences should be taken into account? Can I use printf "%q" somehow, and is that reliable across shells? Backstory (a.k.a. Shameless Self-Promotion): I made a little DSL, the Vision Web Template Language, which allows the user to create templates for X(HT)ML documents and fragments, then automatically fill them in with content. It's designed to separate template logic from dynamic content generation, in the same way that CSS is used to separate markup from presentation. In order to generate dynamic content, a Vision script must defer to a program written in a language that can handle the generation logic, such as Perl or Python. (Aside: using PHP is also possible, but Vision is intended to solve some of the very problems that PHP perpetuates.) In order to do this, the script makes use of the @system directive, which executes a shell command and expands to its output. (Platform-specific generation can be handled using @unix or @windows, which only expand on the proper platform.) The problem is obvious, I should think: test.htm: <!-- ... --> <form action="login.vis" method="POST"> <input type="text" name="USERNAME"/> <input type="password" name="PASSWORD"/> </form> <!-- ... --> login.vis: #!/usr/bin/vision # Think USERNAME = ";rm -f;" @system './login.pl' { USERNAME; PASSWORD } One way to safeguard against this kind of attack is to set proper permissions on scripts and directories, but Web developers may not always set things up correctly, and the naive developer should get just as much security as the experienced one. The solution, logically, is to include a @quote directive that produces a properly escaped string for the current platform. @system './login.pl' { @quote : USERNAME; @quote : PASSWORD } But what should @quote actually do? It needs to be both cross-platform and secure, and I don't want to create terrible problems with a naive implementation. Any thoughts?

    Read the article

  • Pros and cons of escaping strategies in symfony

    - by zergu
    I am still not sure in that matter. While turned on we're quite safe but some other problems appear (with passing template variables or counting characters). On the other hand we have magic turned off, everything is clear, but we have to manually escape every variable (that come from untrusted source) in templates. By the way, non-magic solution is used in Ruby-on-Rails. So the question is: when starting a new project in symfony do you disable escaping_strategy and why?

    Read the article

  • PHP Escaping from HTML, faster, cleanner?!

    - by rno
    I've read about it from the php website (http://us3.php.net/manual/en/language.basic-syntax.phpmode.php) Using: echo "<html tag>" is slower and also annoying because you got to escape char like " with \" But what's about using $output = <<< EOF <html code> EOF; Then later on in the code I can use $output .= <<< EOF <some more html code> EOF; then when I want to print it: echo "$output"; I think it's a great idea, but really wonder what you PHP guru think about it. Cheers, rno

    Read the article

  • Escaping textarea content

    - by user198729
    <textarea><?php echo htmlspecialchars($content)?></textarea> Does content inside <textarea need to be converted into HTML entities? Is htmlspecialchars necessary here? I tried with and without it, and both work for the content I used.

    Read the article

  • Escaping and unescaping a string with single and double quotes in Javascript

    - by Reina
    I have a search box that a user can search for any string including single AND double quotes, once they have searched, the backend is passing the keyword back to me so I can put it back in the box. I don't know what the string is so I can't escape quotes myself, below is an example: var keyword = "hello"; $("#selectionkeywords").val(); The issue I am having is that if the user enters "hello" the keyword becomes ""hello"" and I get this error: missing ) after argument list [Break On This Error] jQuery("#selectionkeywords").val(""hello""); The user could also enter single quotes so that rules it out as well. I tried using escape unescape but I still have the same issue e.g. escape(""hello"") I could get the value in an unescaped format e.g. "hello" but I don't know what to do with it, escape doesn't work on it I end up with this %26%23034%3Bhello%26%23034%3B So I'm pretty much stuck at the moment as I can't do anything to the string, any ideas?

    Read the article

  • JQuery selector value escaping

    - by user53794
    I have a dropdown list that contains a series of options: <select id=SomeDropdown> <option value="a'b]&lt;p>">a'b]&lt;p></option> <option value="easy">easy</option> <select> Notice that the option value/text contains some nasty stuff: single quotes closing square bracket escaped html I need to remove the a'b]<p option but I'm having no luck writing the selector. Neither: $("#SomeDropdown >option[value='a''b]&lt;p>']"); or $("#SomeDropdown >option[value='a\'b]&lt;p>']"); are returning the option. What is the correct way to escape values when using the "value=" selector?

    Read the article

  • escaping query string with special characters with python

    - by that_guy
    I got some pretty messy urls that i got via scraping here, problem is that they contain spaces or other special characters in the path and query string, here is some example http://www.example.com/some path/to the/file.html http://www.example.com/some path/?file=path to/file name.png&name=name.me so, is there an easy and robust way to escape the urls so that i can pass them to urlopen? i tried urlib.quote, but it seems to escape the '?', '&', and '=' in the query string as well, and it seems to escape the protocol as well, currently, what i am trying to do is use regex to separate the protocol, path name, and query string and escape them separately, but there are cases where they arent separated properly any advice is appreciated

    Read the article

  • Validate Unicode String and Escape if Unicode is Invalid (C/C++)

    - by vy32
    I have a program that reads arbitrary data from a file system and outputs results in Unicode. The problem I am having is that sometimes filenames are valid Unicode and sometimes they aren't. So I want a function that can validate a string (in C or C++) and tell me if it is a valid UTF-8 encoding. If it is not, I want to have the invalid characters escaped so that it will be a valid UTF-8 encoding. This is different than escaping for XML --- I need to do that also. But first I need to be sure that the Unicode is right. I've seen some code from which I could hack this, but I would rather use some working code if it exists.

    Read the article

  • Double-Escaped Unicode Javascript Issue

    - by Jeffrey Winter
    I am having a problem displaying a Javascript string with embedded Unicode character escape sequences (\uXXXX) where the initial "\" character is itself escaped as "&#92;" What do I need to do to transform the string so that it properly evaluates the escape sequences and produces output with the correct Unicode character? For example, I am dealing with input such as: "this is a &#92;u201ctest&#92;u201d"; attempting to decode the "&#92;" using a regex expression, e.g.: var out = text.replace('/&#92;/g','\'); results in the output text: "this is a \u201ctest\u201d"; that is, the Unicode escape sequences are displayed as actual escape sequences, not the double quote characters I would like.

    Read the article

  • Symfony 1.4: Is it possible to prevent escaping of a redirect URL?

    - by Tom
    Hi, If I do a redirect in action as normal: $this->redirect('@mypage?apple=1&banana=2&orange=3'); ... Symfony produces the correct URL: /something/something?apple=1&banana=2&orange=3 However, the following gets escaped for some bizarre reason: $string = 'apple=1&banana=2&orange=3'; $this->redirect('@mypage?'.$string); ... and the following URL is produced: /something/something?apple=1&amp;banana=2&amp;orange=3 Is there a way to avoid this escaping and have the ampersands appear correctly in the URL? I've tried everything I can think of and it's driving me mad. I need this for a situation where I'm pulling a saved query as a string from the database and would just like to latch it onto the URL. I'm aware that I could generate an array from the string and then generate a brand new URL from the array, but it just seems like a lot of overhead because of this silly escaping. Thanks.

    Read the article

  • XSLT: Disable output escaping in an entire document.

    - by Kragen
    I'm trying to generate some C# code using xslt - its working great until I get to generics and need to output some text like this: MyClass<Type> In this case I've found that the only way to emit this is to do the following: MyClass<xsl:text disable-output-escaping="yes">&lt;</xsl:text>Type<xsl:text disable-output-escaping="yes">&gt;</xsl:text> Where: Often it all needs to go on one line, otherwise you end up with line breaks in the generated code In the above example I technically could have used only 1 <xsl:text />, however usually the type Type is given by some other template, e.g: <xsl:value-of select="@type" /> I don't mind having to write &lt; a lot, but I would like to avoid writing <xsl:text disable-output-escaping="yes">&lt;</xsl:text> for just a single character! Is there any way of doing disable-output-escaping="yes" for the entire document?

    Read the article

  • Escaping Generics with T4 Templates

    - by Gavin Stevens
    I've been doing some work with T4 templates lately and ran into an issue which I couldn't find an answer to anywhere.  I finally figured it out, so I thought I'd share the solution. I was trying to generate a code class with a T4 template which used generics The end result a method like: public IEnumerator GetEnumerator()             {                 return new TableEnumerator<Table>(_page);             } the related section of the T4 template looks like this:  public IEnumerator GetEnumerator()             {                 return new TableEnumerator<#=renderClass.Name#>(_page);             } But this of course is missing the Generic Syntax for < > which T4 complains about because < > are reserved. using syntax like <#<#><#=renderClass.Name#><#=<#> won't work becasue the TextTransformation engine chokes on them.  resulting in : Error 2 The number of opening brackets ('<#') does not match the number of closing brackets ('#>')  even trying to escape the characters won't work: <#\<#><#=renderClass.Name#><#\<#> this results in: Error 4 A Statement cannot appear after the first class feature in the template. Only boilerplate, expressions and other class features are allowed after the first class feature block.  The final solution delcares a few strings to represent the literals like this: <#+    void RenderCollectionEnumerator(RenderCollection renderClass)  {     string open = "<";   string close =">"; #>    public partial class <#=renderClass.Name#> : IEnumerable         {             private readonly PageBase _page;             public <#=renderClass.Name#>(PageBase page)             {                 _page = page;             }             public IEnumerator GetEnumerator()             {                 return new TableEnumerator<#=open#><#=renderClass.Name#><#=close#>(_page);             }         } <#+  }  #> This works, and everyone is happy, resulting in an automatically generated class enumerator, complete with generics! Hopefully this will save someone some time :)

    Read the article

  • Escaping In Expressions

    The expressions language is a C style syntax, so you may need to escape certain characters, for example: "C:\FolderPath\" + @VariableName Should be "C:\\FolderPath\\" + @VariableName Another use of the escape sequence allows you to specify character codes, like this \xNNNN, where NNNN is the Unicode character code that you want. For example the following expression will produce the same result as the previous example as the Unicode character code 005C equals a back slash character: "C:\x005CFolderPath\x005C" + @VariableName For more information about Unicode characters see http://www.unicode.org/charts/ Literals are also supported within expressions, both string literals using the common escape sequence syntax as well as modifiers which influence the handling of numeric values. See the "Literals (SSIS)":http://msdn2.microsoft.com/en-US/library/ms141001(SQL.90).aspx topic. Using the Unicode escaped character sequence you can make up for the lack of a CHAR function or equivalent.

    Read the article

  • How do I stop XElement.Save from escaping characters?

    - by Daniel I-S
    I'm populating an XElement with information and writing it to an xml file using the XElement.Save(path) method. At some point, certain characters in the resulting file are being escaped - for example, > becomes &gt;. This behaviour is unacceptable, since I need to store information in the XML that includes the > character as part of a password. How can I write the 'raw' content of my XElement object to XML without having these escaped?

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >