escaping

C#: Sanitize XML text values with XmlTextWriter?

Hello, I'm using XmlTextWriter to serialize and persist some of my data. Several of the fields I serialize are based on user input (e.g. Username). Today I use the WriteElementString method of XmlTextWriter. My question is: the second parameter of WriteElementString is the text value to be written. How can I sanitize it prior to writi...

jquery dialog box

I am having quite a hard time trying to find some answers with this particular dialog box action. The problem is when the user presses the "enter" (keyCode = 13) button, the dialog closes...as if the 'esc' key was pressed. I want to keep the dialog box open even when "enter" is pressed. Fairly simple code, simple dialog box from jque...

Can I escape braces in a java MessageFormat?

I want to output some braces in a java MessageFormat. For example I know the following does not work: MessageFormat.format(" public {0} get{1}() {return {2};}\n\n", type, upperCamel, lowerCamel); Is there a way of escaping the braces surrounding "return {2}"? ...

Do I need to escape a semicolon in a Perl regular expression literal?

Someone is telling me I need to escape a semicolon in a Perl regular expression literal. That is, to match a line containing a semicolon, I should use /\;/ and not /;/. From what I've read, the semicolon has no special meaning in a regular expression literal, so escaping it seems unnecessary. I've done some experiments and /;/ seems to ...

How can I split a string along a user-provided string separator in Perl?

My code used to work fine, and now it's breaking. A reduction of the problem is the following: I want to split a source string (from a database, but that's not important) at a separator. The separator is not fixed, but user provided, in a string. I used to do that: @results = split($splitString, $sourceStr); But this breaks when the u...

IE HTML Escaping

I have a little problem that's driving me mad. I have the following example code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"&gt; <html> <script> function Test() { document.getElementById("test").innerHTML = "<input type='text' value='ab&apos;cef'>" } </script> <...

How to quote values for LuaSQL?

LuaSQL, which seems to be the canonical library for most SQL database systems in Lua, doesn't seem to have any facilities for quoting/escaping values in queries. I'm writing an application that uses SQLite as a backend, and I'd love to use an interface like the one specified by Python's DB-API: c.execute('select * from stocks where symb...

Spring: escaping input when binding to command

Hi! How do you handle the case where you want user input from a form to be htmlEscape'd when you are binding to a command object? I want this to sanitize input data automatically in order to avoid running through all fields in command object. thanks. ...

Sql Server 2008 and PHP - sqlsvr_escape_string?

I'm using php and sql server 2008 and the SQL Server Driver for PHP 1.0 does not have a similar escape string like mysql_real_escape_string. Do I just need to replace single quotations with something like function sqlsvr_escape_string($string) { $pattern = "'"; $replace = "''"; return(stripslashes(eregi_replace($pattern,$replace,...

How to escape JSON string?

Are there any classes/functions available to be used for easy JSON escaping? Id rather not have to write my own. ...

passing special characters with encodeURI in javascript

I have an HTML input field linked to a button with an onclick function in javascript that can pass the textfield value to a textfield of another page. While passing the values from one page to another via an URL request of a JSP, I found out that encoding the values with encodeURI() gets : £ --> £ (2 signs !!) ö --> ö (2 signs !!) ...

Escaping slashes in jQuery for passing paths in an AJAX request

I have a problem with slashes! I have some jQuery for handling generic dialogs on a page. In some cases the fields are passing /-delimited paths... var fieldValues = []; // pull values from all the fields belonging to the dialog... $.each($(this).find('input, textarea, select'), function(n,field) { // escape the path fields var valu...

Escaping HTML in Python

How to escape HTML with characters like &#8211; in Python? ...

How to escape a string for use in Boost Regex

I'm just getting my head around regular expressions, and I'm using the Boost Regex library. I have a need to use a regex that includes a specific URL, and it chokes because obviously there are characters in the URL that are reserved for regex and need to be escaped. Is there any function or method in the Boost library to escape a strin...

How to escape php exec() command with quotes

I use the Exiv2 command line tool on Linux to edit image metadata like so: exiv2 -M"set Iptc.Application2.Caption String This is my caption....." modify IMG.jpg I want to execute this from PHP, using a caption provide by a user. This will work if the user enters no special characters: exec('/usr/local/bin/exiv2 -M"set Iptc.Applicatio...

Escape a string (add slashes) in VB.net?

Very simple question (surprisingly I can't find a similar question anywhere): how do I escape form data in VB.net? I have various lines like this: Dim query As String = "exec sp_Message_insert @clientid='" + pClientId + "', @message='" + pMessage + "', @takenby='" + pUserId + "', @recipients='" + pRecipients + "'" If I use an apostrop...

Recommended method for escaping HTML in Java

Is there a recommended way to escape <, >, " and & characters when outputting HTML in plain Java code? (Other than manually doing the following, that is). String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML"; String escaped = source.replace("<", "&lt;").replace("&", "&amp;"); // ... ...

Default escaping in Freemarker

In Freemarker templates we can use the escape directive to automatically apply an escaping to all interpolations inside the included block: <#escape x as x?html> <#-- name is escaped as html --> Hallo, ${name} </#escape> Is there a way to programmatically achieve a similar effect, defining a default escape applied to all interpola...

How can I safely pass a filename with spaces to an external command in Perl?

I have a Perl script that processes a bunch of file names, and uses those file names inside backticks. But the file names contain spaces, apostrophes and other funky characters. I want to be able to escape them properly (i.e. not using a random regex off the top of my head). Is there a CPAN module that correctly escapes strings for use ...

How do i escape this code to work in JavaScript?

<!-- Begin: AdBrite, Generated: 2009-08-03 19:56:32 --> <script type="text/javascript"> var AdBrite_Title_Color = '78B749'; var AdBrite_Text_Color = '000000'; var AdBrite_Background_Color = 'FFFFFF'; var AdBrite_Border_Color = 'CCCCCC'; var AdBrite_URL_Color = '0000FF'; try{ var AdBrite_Iframe=window.top!=window.self?2:1; var...