Search Results

Search found 390 results on 16 pages for 'escaping'.

Page 7/16 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • play framework WS API always escape character ';' and '=' in URL

    - by user2512057
    When I send a URL like abc.efg.com/query?para1=cat;para2=dog, play WS API always convert it to abc.efg.com/query?para1=cat%03Bpara2%03Ddog. Of course, there are http:// in the beginning in the URL. my code is as below. val url= "http://abc.efg.com/query?para1=cat;para2=dog" val response = WS.url(url).get() When I use fidder or netmon to look at the data that sent to sever, I found play framework WS (2.1.5) always change to the URL above I mentioned. How do I tell WS not to convert?

    Read the article

  • Jquery, how to escape quotes

    - by Sandro Antonucci
    I'm using a simple jquery code that grabs html code form a tag and then puts this content into a form input <td class="name_cat" ><span class="name_cat">It&#039;s a &quot;test&quot; </span> (5)</td> jquery gets the content into span.name_catand returns it as It's a "test". So when I print this into an input it becomes <input value="It's a "test"" /> which as you can imagine will only show as It's a , the following double quote will close the value tag. What's the trick here to keep the original string while not showing utf8 code in the input? Jquery code $(".edit_cat").click(function(){ tr = $(this).parents("tr:first"); id_cat = $(this).attr("id"); td_name = tr.find(".name_cat"); span_name = tr.find("span.name_cat").html(); form = '<form action="/admin/controllers/edit_cat.php" method="post" >'+ '<input type="hidden" name="id_cat" value="'+id_cat+'" />'+ '<input type="text" name="name_cat" value="'+span_name+'" />'+ '<input type="submit" value="save" />'+ '</form>'; td_name.html(form); console.log(span_name); } ); I basically need html() not to decode Utf8

    Read the article

  • Unicode generated by toEscapedUnicode method is without spaces

    - by vishvesha
    For this word ????????????? the Unicode is== \u0938\u0941\u0916\u091A\u0948\u0928\u093E\u0928\u0940 \u0930\u0940\u091D\u0941\u092E\u0932 \u091C\u093F\u0935\u0924\u0930\u093E\u092E and look it has spaces before \u0930 and \u091C But when I am trying in my code String tempString=Strings.toEscapedUnicode(strString); This method to convert to Unicode gives a result without spaces: \u0938\u0941\u0916\u091A\u0948\u0928\u093E\u0928\u0940\u0930\u0940\u091D\u0941\u092E\u0932\u091C\u093F\u0935\u0924\u0930\u093E\u092E and that's why they are not matching. My 'toEscapeUnicode' method generates Unicode without spaces. I want the spaces, so how to do it?

    Read the article

  • Replace carriage returns and line feeds in out.println?

    - by Mike
    I am a novice coder and I am using the following code to outprint a set of Image keywords and input a "|" between them. <% Set allKeywords = new HashSet(); for (AlbumObject ao : currentObjects) { XmpManager mgr = ao.getXmpManager(); if (mgr != null) { allKeywords.addAll(mgr.getKeywordSet()); } } //get the Iterator Iterator itr = allKeywords.iterator(); while(itr.hasNext()){ String str = itr.next(); out.println(str +"|"); } %> I want the output to be like this: red|blue|green|yellow but it prints out: red| blue| green| yellow which breaks my code. I've tried this: str.replaceAll("\n", ""); str.replaceAll("\r", ""); and str.replaceAll("(?:\\n|\\r)", ""); No luck. I'd really appreciate some help!

    Read the article

  • In Java, is there a way to write a string literal without having to escape quotes?

    - by Matthew
    Say you have a String literal with a lot of quotation marks inside it. You could escape them all, but it's a pain, and difficult to read. In some languages, you can just do this: foo = '"Hello, World"'; In Java, however, '' is used for chars, so you can't use it for Strings this way. Some languages have syntax to work around this. For example, in python, you can do this: """A pretty "convenient" string""" Does Java have anything similar?

    Read the article

  • Sanitizing user input before adding it to the DOM in Javascript

    - by I GIVE TERRIBLE ADVICE
    I'm writing the JS for a chat application I'm working on in my free time, and I need to have HTML identifiers that change according to user submitted data. This is usually something conceptually shaky enough that I would not even attempt it, but I don't see myself having much of a choice this time. What I need to do then is to escape the HTML id to make sure it won't allow for XSS or breaking HTML. Here's the code: var user_id = escape(id) var txt = '<div class="chut">'+ '<div class="log" id="chut_'+user_id+'"></div>'+ '<textarea id="chut_'+user_id+'_msg"></textarea>'+ '<label for="chut_'+user_id+'_to">To:</label>'+ '<input type="text" id="chut_'+user_id+'_to" value='+user_id+' readonly="readonly" />'+ '<input type="submit" id="chut_'+user_id+'_send" value="Message"/>'+ '</div>'; What would be the best way to escape id to avoid any kind of problem mentioned above? As you can see, right now I'm using the built-in escape() function, but I'm not sure of how good this is supposed to be compared to other alternatives. I'm mostly used to sanitizing input before it goes in a text node, not an id itself.

    Read the article

  • Validate string in javascript with parenthesis

    - by user2932856
    I just need to validate 2 strings in javascript. One of them must contain only 0 or more open parenthesis ( . The other must contain only 0 or more close parenthesis ) . This means only those characters are allowed in each value. After spending a lot of time trying to understand the regex, I can't find a way to achieve this. With the escape characters I make a mess of the regex function. This is what I thought: /\(*/ Could anyone help me?

    Read the article

  • Sanitizing usser input before adding it to the DOM in Javascript

    - by I GIVE TERRIBLE ADVICE
    I'm writing the JS for a chat appication I'm working on in my free time, and I need to have HTML identifiers that change according to user submitted data. This is usually something conceptually shaky enough that I would not even attempt it, but I don't see myself having much of a choice this time. What I need to do then is to escape the HTML id to make sure it won't allow for XSS or breaking HTML. Here's the code: var user_id = escape(id) var txt = '<div class="chut">'+ '<div class="log" id="chut_'+user_id+'"></div>'+ '<textarea id="chut_'+user_id+'_msg"></textarea>'+ '<label for="chut_'+user_id+'_to">To:</label>'+ '<input type="text" id="chut_'+user_id+'_to" value='+user_id+' readonly="readonly" />'+ '<input type="submit" id="chut_'+user_id+'_send" value="Message"/>'+ '</div>'; What would be the best way to escape id to avoid any kind of problem mentioned above? As you can see, right now I'm using the built-in escape() function, but I'm not sure of how good this is supposed to be compared to other alternatives. I'm mostly used to sanitizing input before it goes in a text node, not an id itself.

    Read the article

  • XSL - How to disable output escaping for an attribute?

    - by Kobi
    I've had the following <a> tag: <a href="http://myserver/_forms?url={@FileRef}&amp;id=5">...</a> One of the files is called "File's got apostrophe.xml". The output of the XSL is: <a href="http://myserver/_forms?url=/blah/File&amp;#39;s got apostrophe.xml&id=5">...</a> The problem is the the apostrophe is HTML-escaped (twice?) into &amp;#39;, which breaks the link. I've also tried using <xsl:attribute>, with same results: <a> <xsl:attribute name="href"> <xsl:value-of select="concat('http://myserver/_forms?url=', @FileRef, '&amp;id=5')" disable-output-escaping="yes" /> </xsl:attribute> </a> Outputting <xsl:value-of select="@FileRef" disable-output-escaping="yes" /> works well - the unescaped value is printed on the page. How can I set the attribute without escaping the string?

    Read the article

  • How can I easily pass all the variables from a template to a partial in Symfony with output escaping

    - by Failpunk
    It there an easy way to pass all the variables a template file has access to onto a partial when I have output escaping on? I tend to create a template file, then refactor things into a partial at some point and it would seem that there would be an easy way to just pass all the same variables from the template to the partial and be done with it. I have output escaping on and I can't just pass in $sf_data. It look like calling a partial from within another partial is very simple...just pass in the variable $vars.

    Read the article

  • how to get bash to stop escaping $ during tab-completion?

    - by keturn
    I have this on the command line: ln -sf $PWD/wine- and then I hit tab to complete the filename. In earlier versions of Ubuntu, this worked just fine to complete the wine- filename (and as a side-effect $PWD would be expanded at that time). But now it turns it in to ln -sf \$PWD/wine- which isn't what I meant at all and doesn't complete anything as the file does not literally start with $. How do I get completion back to the less broken behaviour? set tells me these are my current settings: BASHOPTS=checkwinsize:cmdhist:expand_aliases:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor

    Read the article

  • F5 Networks iRule/Tcl - Escaping UNICODE 6-character escape sequences so they are processed as and r

    - by openid.malcolmgin.com
    We are trying to get an F5 BIG-IP LTM iRule working properly with SharePoint 2007 in an SSL termination role. This architecture offloads all of the SSL processing to the F5 and the F5 forwards interactive requests/responses to the SharePoint front end servers via HTTP only (over a secure network). For the purposes of this discussion, iRules are parsed by a Tcl interpretation engine on the F5 Networks BIG-IP device. As such, the F5 does two things to traffic passing through it: Redirects any request to port 80 (HTTP) to port 443 (HTTPS) through HTTP 302 redirects and URL rewriting. Rewrites any response to the browser to selectively rewrite URLs embedded within the HTML so that they go to port 443 (HTTPS). This prevents the 302 redirects from breaking DHTML generated by SharePoint. We've got part 1 working fine. The main problem with part 2 is that in the response rewrite because of XML namespaces and other similar issues, not ALL matches for "http:" can be changed to "https:". Some have to remain "http:". Additionally, some of the "http:" URLs are difficult in that they live in SharePoint-generated JavaScript and their slashes (i.e. "/") are actually represented in the HTML by the UNICODE 6-character string, "\u002f". For example, in the case of these tricky ones, the literal string in the outgoing HTML is: http:\u002f\u002fservername.company.com\u002f And should be changed to: https:\u002f\u002fservername.company.com\u002f Currently we can't even figure out how to get a match in a search/replace expression on these UNICODE sequence string literals. It seems that no matter how we slice it, the Tcl interpreter is interpreting the "\u002f" string into the "/" translation before it does anything else. We've tried various combinations of Tcl escaping methods we know about (mainly double-quotes and using an extra "\" to escape the "\" in the UNICODE string) but are looking for more methods, preferably ones that work. Does anyone have any ideas or any pointers to where we can effectively self-educate about this? Thanks very much in advance.

    Read the article

  • Are parametrized calls/sanitization/escaping characters necessary for hashed password fields in SQL queries?

    - by Computerish
    When writing a login system for a website, it is standard to use some combination of parameterized calls, sanitizing the user input, and/or escaping special characters to prevent SQL injection attacks. Any good login system, however, should also hash (and possibly salt) every password before it goes into an SQL query, so is it still necessary to worry about SQL injection attacks in passwords? Doesn't a hash completely eliminate any possibility of an SQL injection attack on its own?

    Read the article

  • Do I have to worry about escaping XML reserved characters before I return a DataContract object from

    - by Brett Widmeier
    Hi, I am pretty inexperienced with WCF. I have a DataContract that implements the IExtensibleDataObject interface. Some of the members of this object are populated from freetext input and could contain XML reserved characters ('', for example). I imagine that I get escaping of these characters for free with WCF, but I have been looking around and could not find anything commenting on this one way or another. Is this the case? I have set my service to log the messages that it sends and receives for viewing in the Trace Viewer. Part of a message that my service returns looks like this: <sInstructions>"></sInstructions> Now, I have a couple questions about this. 1) Is it actually transmitting "&gt; and just showing it in a more readable form in the trace viewer? 2) If it is actually is transmitting ">, is this legal XML?

    Read the article

  • Why are these strings escaping from my regular expression in python?

    - by dohkoxar
    In my code, I load up an entire folder into a list and then try to get rid of every file in the list except the .mp3 files. import os import re path = '/home/user/mp3/' dirList = os.listdir(path) dirList.sort() i = 0 for names in dirList: match = re.search(r'\.mp3', names) if match: i = i+1 else: dirList.remove(names) print dirList print i After I run the file, the code does get rid of some files in the list but keeps these two especifically: ['00. Various Artists - Indie Rock Playlist October 2008.m3u', '00. Various Artists - Indie Rock Playlist October 2008.pls'] I can't understand what's going on, why are those two specifically escaping my search.

    Read the article

  • mysqldb python escaping ? or %s?

    - by asldkncvas
    Dear Everyone, I am currently using mysqldb. What is the correct way to escape strings in mysqldb arguments? Note that E = lambda x: x.encode('utf-8') 1) so my connection is set with charset='utf8'. These are the errors I am getting for these arguments: w1, w2 = u'??', u'??' 1) self.cur.execute("SELECT dist FROM distance WHERE w1=? AND w2=?", (E(w1), E(w2))) ret = self.cur.execute("SELECT dist FROM distance WHERE w1=? AND w2=?", (E(w1), E(w2)) ) File "build/bdist.linux-i686/egg/MySQLdb/cursors.py", line 158, in execute TypeError: not all arguments converted during string formatting 2) self.cur.execute("SELECT dist FROM distance WHERE w1=%s AND w2=%s", (E(w1), E(w2))) This works fine, but when w1 or w2 has \ inside, then the escaping obviously failed. I personally know that %s is not a good method to pass in arguemnts due to injection attacks etc.

    Read the article

  • Overridden button control escaping content. How to stop it?

    - by RemotecUk
    Hi, I've got an ASP.Net button control that I have overridden to provide different functionality. the code looks as follows.. I'm overriding the Render method to surround the control with an <a>... /// <summary> /// Render Method /// </summary> /// <param name="writer"></param> protected override void Render(HtmlTextWriter writer) { base.CssClass = "euva-button-decorated"; writer.Write("<a class=\"euva-button\">"); base.Render(writer); writer.Write("</a>"); } When I check the generated source on the page, I find that where ASP.Net has injected its click handler it does the following... <a class="euva-button"><input type="submit" name="TestButton" value="Test Button" onclick="clickOnce(this);WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;TestButton&quot;, &quot;&quot;, true, &quot;&quot;, &quot;&quot;, false, false))" id="TestButton" class="euva-button-decorated" /></a> ... it seems to be escaping the output for the double quotes which means that the browser cannot understand the javascript. How do I make the render method not escape the injected ASP.Net client click handler ?? Note I also have my own client click handler which is declared declaratively in the page mark-up.

    Read the article

  • Is it possible for double-escaping to cause harm to the DB?

    - by waiwai933
    If I accidentally double escape a string, can the DB be harmed? For the purposes of this question, let's say I'm not using parametrized queries For example, let's say I get the following input: bob's bike And I escape that: bob\'s bike But my code is horrible, and escapes it again: bob\\\'s bike Now, if I insert that into a DB, the value in the DB will be bob\'s bike Which, while is not what I want, won't harm the DB. Is it possible for any input that's double escaped to do something malicious to the DB assuming that I take all other necessary security precautions?

    Read the article

  • How to prevent Artificial Intelligence from escaping into the internet?

    - by Jason
    I have an interest in artificial intelligence from a evolutionary standpoint. I want to experiment with it somewhat with a high level language like C#, however, I'm stuck on one of the most elementary problems with artificial life -- how to contain it? The best thing I can think of is a virtual machine. Where would I start to create a VM for my budding digital organisms in C#? How could I be sure they couldn't escape into the 'wild'? (I understand this unlikely, by the way.)

    Read the article

  • How do I write escape characters verbatim (without escaping) in C# using StreamWriter?

    - by Joel
    I'm writing a utility that takes in a .resx file and creates a javascript object containing properties for all the name/value pairs in the .resx file. This is all well and good, until one of the values in the .resx is This dealer accepts electronic orders. /r/nClick to order {0} from this dealer. I'm adding the name/value pairs to the js object like this: streamWriter.Write(string.Format("\n{0} : \"{1}\"", kvp.Key, kvp.Value)); When kvp.Value = "This dealer accepts electronic orders./r/nClick to order {0} from this dealer." This causes StreamWriter.Write() to actually place a newline in between 'orders.' and 'Click', which naturally screws up my javascript output. I've tried different things with @ and without using string.Format, but I've had no luck. Any suggestions?

    Read the article

  • Safe executing shell scripts; escaping vars before execution.

    - by Kirzilla
    Hello, Let's imagine that we have a simple php script that should get ssh_host, ssh_username, ssh_port from $_GET array and try to connect using this parameters to SSH. $port = escapeshellcmd($_GET['ssh_port']); $host = escapeshellcmd($_GET['ssh_host']); $username = escapeshellcmd($_GET['ssh_username']); $answer = shell_exec("ssh -p " . $port . " " . $user . "@" . $host); Is escapeshellcmd() enough or I need something more tricky? Or maybe I should use escapeshellarg() in this example? Thank you.

    Read the article

  • How do I write escape characters verbatim (without escaping) using StreamWriter?

    - by Joel
    I'm writing a utility that takes in a .resx file and creates a javascript object containing properties for all the name/value pairs in the .resx file. This is all well and good, until one of the values in the .resx is This dealer accepts electronic orders. /r/nClick to order {0} from this dealer. I'm adding the name/value pairs to the js object like this: streamWriter.Write(string.Format("\n{0} : \"{1}\"", kvp.Key, kvp.Value)); When kvp.Value = "This dealer accepts electronic orders./r/nClick to order {0} from this dealer." This causes StreamWriter.Write() to actually place a newline in between 'orders.' and 'Click', which naturally screws up my javascript output. I've tried different things with @ and without using string.Format, but I've had no luck. Any suggestions? Edit: This application is run during build to get some javascript files deployed later, so at no point is it accessible to / run by anyone but the app developers. So while I obviously need a way to escape characters here, XSS as such is not really a concern.

    Read the article

  • How do I suppress asp:image AlternateText from html escaping?

    - by rsturim
    I have an asp:Image -- which I'm assigning "alt" and "tooltip" from the code behind. Unfortunately the value which is coming from the database is getting automatically html escaped -- which I do now want it to -- how do I suppress this? For example my trademark html entity is doing this -- &#174; gets changed to --> &amp;#174 -- which is incorrect Here's my code in the aspx: <asp:Image runat="server" ID="MainImage" Width="260" /> Do I have any options? Thanks, -R And here's my code behind: this.MainImage.AlternateText = this.BasePage.SellGroup.DisplayName;

    Read the article

  • How do I get Hudson to stop escaping parts of my shell script?

    - by Rob Spieldenner
    I would like to have a shell script that copies some logs from a part of my system to the hudson workspace so I can archive them. So right now I have #!/bin/bash -ex cp /directory/structure/*.log . This is kind enough to be changed to cp '/directory/structure/*.log' . Which of course is not found since I don't have a file named *.log. So how do I get this script to work?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >