Hello, I'm using XmlTextWriter to serialize and persist some of my data. Several of the fields I serialize are based on user input (e.g. Username). Today I use the WriteElementString method of XmlTextWriter. My question is: the second parameter of WriteElementString is the text value to be written. How can I sanitize it prior to writi...
I am having quite a hard time trying to find some answers with this particular dialog box action. The problem is when the user presses the "enter" (keyCode = 13) button, the dialog closes...as if the 'esc' key was pressed. I want to keep the dialog box open even when "enter" is pressed. Fairly simple code, simple dialog box from jque...
I want to output some braces in a java MessageFormat. For example I know the following does not work: MessageFormat.format(" public {0} get{1}() {return {2};}\n\n", type, upperCamel, lowerCamel); Is there a way of escaping the braces surrounding "return {2}"? ...
Someone is telling me I need to escape a semicolon in a Perl regular expression literal. That is, to match a line containing a semicolon, I should use /\;/ and not /;/. From what I've read, the semicolon has no special meaning in a regular expression literal, so escaping it seems unnecessary. I've done some experiments and /;/ seems to ...
My code used to work fine, and now it's breaking. A reduction of the problem is the following: I want to split a source string (from a database, but that's not important) at a separator. The separator is not fixed, but user provided, in a string. I used to do that: @results = split($splitString, $sourceStr); But this breaks when the u...
I have a little problem that's driving me mad. I have the following example code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <script> function Test() { document.getElementById("test").innerHTML = "<input type='text' value='ab'cef'>" } </script> <...
LuaSQL, which seems to be the canonical library for most SQL database systems in Lua, doesn't seem to have any facilities for quoting/escaping values in queries. I'm writing an application that uses SQLite as a backend, and I'd love to use an interface like the one specified by Python's DB-API: c.execute('select * from stocks where symb...
Hi! How do you handle the case where you want user input from a form to be htmlEscape'd when you are binding to a command object? I want this to sanitize input data automatically in order to avoid running through all fields in command object. thanks. ...
I'm using php and sql server 2008 and the SQL Server Driver for PHP 1.0 does not have a similar escape string like mysql_real_escape_string. Do I just need to replace single quotations with something like function sqlsvr_escape_string($string) { $pattern = "'"; $replace = "''"; return(stripslashes(eregi_replace($pattern,$replace,...
Are there any classes/functions available to be used for easy JSON escaping? Id rather not have to write my own. ...
I have an HTML input field linked to a button with an onclick function in javascript that can pass the textfield value to a textfield of another page. While passing the values from one page to another via an URL request of a JSP, I found out that encoding the values with encodeURI() gets : £ --> £ (2 signs !!) ö --> ö (2 signs !!) ...
I have a problem with slashes! I have some jQuery for handling generic dialogs on a page. In some cases the fields are passing /-delimited paths... var fieldValues = []; // pull values from all the fields belonging to the dialog... $.each($(this).find('input, textarea, select'), function(n,field) { // escape the path fields var valu...
How to escape HTML with characters like – in Python? ...
I'm just getting my head around regular expressions, and I'm using the Boost Regex library. I have a need to use a regex that includes a specific URL, and it chokes because obviously there are characters in the URL that are reserved for regex and need to be escaped. Is there any function or method in the Boost library to escape a strin...
I use the Exiv2 command line tool on Linux to edit image metadata like so: exiv2 -M"set Iptc.Application2.Caption String This is my caption....." modify IMG.jpg I want to execute this from PHP, using a caption provide by a user. This will work if the user enters no special characters: exec('/usr/local/bin/exiv2 -M"set Iptc.Applicatio...
Very simple question (surprisingly I can't find a similar question anywhere): how do I escape form data in VB.net? I have various lines like this: Dim query As String = "exec sp_Message_insert @clientid='" + pClientId + "', @message='" + pMessage + "', @takenby='" + pUserId + "', @recipients='" + pRecipients + "'" If I use an apostrop...
Is there a recommended way to escape <, >, " and & characters when outputting HTML in plain Java code? (Other than manually doing the following, that is). String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML"; String escaped = source.replace("<", "<").replace("&", "&"); // ... ...
In Freemarker templates we can use the escape directive to automatically apply an escaping to all interpolations inside the included block: <#escape x as x?html> <#-- name is escaped as html --> Hallo, ${name} </#escape> Is there a way to programmatically achieve a similar effect, defining a default escape applied to all interpola...
I have a Perl script that processes a bunch of file names, and uses those file names inside backticks. But the file names contain spaces, apostrophes and other funky characters. I want to be able to escape them properly (i.e. not using a random regex off the top of my head). Is there a CPAN module that correctly escapes strings for use ...
<!-- Begin: AdBrite, Generated: 2009-08-03 19:56:32 --> <script type="text/javascript"> var AdBrite_Title_Color = '78B749'; var AdBrite_Text_Color = '000000'; var AdBrite_Background_Color = 'FFFFFF'; var AdBrite_Border_Color = 'CCCCCC'; var AdBrite_URL_Color = '0000FF'; try{ var AdBrite_Iframe=window.top!=window.self?2:1; var...