Search Results

Search found 322 results on 13 pages for 'escaped'.

Page 6/13 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Localizing non-breaking space in Windows 8

    - by Lukas_Skywalker
    I'm trying to localize a Windows 8 Metro style app as described in a guide on MSDN. This worked very well so far, but now I'm trying to localize a string containing a non-breaking space which appears in a XAML file (originally as hexadecimal xml-escaped string: &#x00a0). Just putting the above string into the Resources.resw file does not work, it appears just as &#x00a0. What do I have to do to get a non-breaking space in my localizations?

    Read the article

  • Generating JSON request manually, returned HTML causing issues.

    - by mrblah
    Hi, I am generating my JSON manually, and I even escaped for quotes with a preceding backslash. It is causing me problems. My HTML returned looks something like: <div class="blah"><div class="a2">This is just a test! I hope this work's man!</div></div> string json = "MY HTML HERE"; json = json.Replace(@"""", @"\"""); Is there more to replace than just the double quotes?

    Read the article

  • In php, Prepare string and create XML/RSS Feed

    - by Bill
    I want to create my own RSS/XML feed. I fetch data from the database to display, but keep getting invalid character errors. If the string has an ampersand or other strange characters in it, the XML will be invalid. I tried using urlencode and htmlentities, but these don't capture all possible characters which need to be escaped. Does anyone know of a PHP function which will prepare a string for XML output?

    Read the article

  • Command to escape a string in bash

    - by User1
    I need a bash command that will convert a string to something that is escaped. Here's an example: echo "hello\world"|escape|someprog Where the escape command makes "hello\world" into "hello\\world". Then, someprog can use "hello\world" as it expects. Of course, this is a simplified example of what I will really be doing.

    Read the article

  • How can you print a string using raw_unicode_escape encoding in python 3?

    - by Sorin Sbarnea
    The following code with fail in Python 3.x with TypeError: must be str, not bytes because now encode() returns bytes and print() expects only str. #!/usr/bin/python from __future__ import print_function str2 = "some unicode text" print(str2.encode('raw_unicode_escape')) How can you print a Unicode string escaped representation using print()? I'm looking for a solution that will work with Python 2.6 or newer, including 3.x

    Read the article

  • Django: Serializing models in a nested data structure?

    - by Rosarch
    It's easy to serialize models in an iterable: def _toJSON(models): return serializers.serialize("json", models, ensure_ascii=False) What about when I have something more complicated: [ (Model_A_1, [Model_B_1, Model_B_2, Model_B_3]), (Model_A_2, [Model_B_3, Model_B_4, Model_B_5, Model_B_59]), (Model_A_3, [Model_B_6, Model_B_7]), ] I tried serializing each model as it was added to the structure, then serializing the whole thing with simplejson.dumps, but that causes the JSON defining each model to be escaped. Is there a better way to do this?

    Read the article

  • vi script problem on autocmd

    - by schemacs
    I want to create a template for all my python scripts using this autocmd bufnewfile *.py so ~/.vim/templates/python_skeleton.txt the content of python_sekleton.txt is as simple as this: #!/usr/bin/python # -*- coding: utf-8 -*- print 'Hello World' but vi give error message when i start to edit a new python script: line 2: E488: Trailing characters: # -*- coding: utf-8 -*- line 4: E488: Trailing characters: print 'Hello World' it seems '#' is not escaped,and anyone can work it out?thanks i advance

    Read the article

  • Passing JSON through the URI

    - by Leaf
    I'm trying to create a REST based web service with data encapsulated using JSON. My problem is when I pass the string version of JSON in the URI it turns to something like this: %7B%22coal%22:100,%22ele%22:1500.1%7D. I'm wondering if there are any functions Java for converting between the escaped and unescaped versions so I can parse the string.

    Read the article

  • Java convert JSONObject to URL parameter

    - by Alex Ivasyuv
    What is the elegant way to convert JSONObject to URL parameters. For example, JSONObject: {stat: {123456: {x: 1, y: 2}, 123457: {z: 5, y: 2}}}} this should be like: stat[123456][x]=1&stat[123456][y]=2&stat[123457][z]=5&stat[123457][y]=2 of course with escaped symbols, and of course JSON object could be more complicated.. Maybe there already exist some mechanisms for that? Thanks,

    Read the article

  • Perl ENV variable contains newline and tab

    - by Michael
    Say I have an environment variable myvar myvar=\tapple\n when the following command will print out this variable perl -e 'print "$ENV{myvar}"' I will literally have \tapple\n, however, I want those control chars to be evaluated and not escaped. How would I achieve it? In the real world $ENV residing in substitution, but I hope the answer will cover that.

    Read the article

  • How can I interpolate literal \t and \n in Perl strings?

    - by Michael
    Say I have an environment variable myvar: myvar=\tapple\n When the following command will print out this variable perl -e 'print "$ENV{myvar}"' I will literally have \tapple\n, however, I want those control chars to be evaluated and not escaped. How would I achieve it? In the real world $ENV residing in substitution, but I hope the answer will cover that.

    Read the article

  • Escaping HTML strings with jQuery

    - by Page Brooks
    Does anyone know of an easy way to escape HTML from strings in jQuery? I need to be able to pass an arbitrary string and have it properly escaped for display in an HTML page (preventing JavaScript/HTML injection attacks). I'm sure it's possible to extend jQuery to do this, but I don't know enough about the framework at the moment to accomplish this.

    Read the article

  • HTML in title string of fullcalendar jquery plugin

    - by Chichi
    Hello, i think the fullcalendar jquery-plugin is a really great solution. i saw does the string for the title in the fullcalender plugin is escaped (htmlEscape). But i need to format some strings in the title for example bold text or colors, or small images? the solution with another plugin (for example qTip, like in the examples) will not the right way for me. is there anyway to format the title text? Regards flauschi

    Read the article

  • Read an invalid cookie with Java (jsp)?

    - by jsumners
    I have a cookie that is formatted like partA:partB. The colon is not escaped in any fashion. I need to read this cookie in a JSP script, and request.getCookies() is only returning partA. I can't change the cookie because it is used in multiple applications, and fixing the cookie would break production code. Any ideas how I can read the full value of this cookie?

    Read the article

  • Java split is eating my characters.

    - by Fenris_uy
    Hi, I have a string like this String str = "la$le\$li$lo". I want to split it to get the following output "la","le\$li","lo". The \$ is a $ escaped so it should be left in the output. But when I do str.split("[^\\\\]\\$") y get "l","le\$l","lo". From what I get my regex is matching a$ and i$ and removing then. Any idea of how to get my characters back? Thanks

    Read the article

  • mysql_real_escape more than once

    - by Aran
    I was just wondering whether it makes a difference if I mysql_real_escape data more than once? So if I escaped data in one part of my website, and then again in another part of code. Would this be a problem? Or make a difference?

    Read the article

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • How to escape or remove double quotes in rsyslog template

    - by Evgeny
    I want rsyslog to write log messages in JSON format, which requires to use double-quotes (") around strings. Problem is that values sometime include double-quotes themselves, and those need to be escaped - but I can't figure out how to do that. Currently my rsyslog.conf contains this format that I use (a bit simplified): $template JsonFormat,"{\"msg\":\"%msg%\",\"app-name\":\"%app-name%\"}\n",sql But when a msg arrives that contains double quotes, the JSON is broken, example: user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user="oracle" exe="/bin/su" (hostname=?, addr=?, terminal=? result=Success)' turns into: {"msg":"user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user="oracle" exe="/bin/su" (hostname=?, addr=?, terminal=? result=Success)'","app-name":"user"} but what I need it to become is: {"msg":"user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user=\"oracle\" exe=\"/bin/su\" (hostname=?, addr=?, terminal=? result=Success)'","app-name":"user"}

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >