I know that Double quotes can be escaped like this:
string test = "He said to me, ""Hello World"". How are you?"
or by:
string test = "He said to me, \"Hello World\" . How are you?"
But I don't want to change the value in the database, I want to get the value from database and put it into an URL. For example :
href="http://www.abcd.com/movie/<%= mTitle%>/"
If string contains double quote it breaks the URL.
In this case you're not "escaping" the quotes, you're URL-encoding them. The problem isn't the string itself. The problem is that many "special characters" have other meanings in the context of a URL, or in some way confuse the parsing of that URL, and need to be encoded.
(In this case, it's not necessarily the URL itself, but the HTML attribute which is being confused by the quotes.)
Something like this:
<a href="http://www.abcd.com/movie/<%= server.urlEncode(mTitle) %>">
So instead of this output:
<a href="http://www.abcd.com/movie/A"Quoted"String">
You'd get this:
<a href="http://www.abcd.com/movie/A%22Quoted%22String">
Related
So,I am a very beginner in R,I wanted to ask this-
inside read.csv ,we are using "",but while writting summary/mean/sd etc. we don't use "". Why is this the case?
Double quotes " demark strings of characters, text inside code. Code itself is not double-quoted.
The following is valid code
name.of.file <- "C:\\Users\\bernhard\\valued_data.csv"
read.csv(name.of.file)
So you see, there is nothing special about read.csv, it takes the file name either as a string in "s or as a variable containing that string; no " in the latter case.
I have a div which will receive a CSS background image from user chosen URL, like so:
background-image: url("/* user specified URL here*/")
How should I escape the URL so that it's safe to embed in the CSS? Is escaping the quotes enough?
If you are setting the background url through JS, then the correct and safe ways is using encodeURI() and wrapping in quotes.
node.style.backgroundImage = 'url("' + encodeURI(url) + '")';
Is escaping the quotes enough?
No, you also should worry about backslashes and newlines.
Here is the CSS grammar for a double quoted URI:
http://www.w3.org/TR/CSS21/grammar.html#scanner
"([^\n\r\f\\"]|\\{nl}|{escape})"
where {nl} is
\n|\r\n|\r|\f
and {escape} is a backslash-escaped character. So a trailing backslash will break your CSS. A non-escaped newline likewise.
I would strongly recommend to remove all whitespace and finally escape " and \
Since the user data that you need to insert into CSS can be treated like a URL, and not just a string, you only need to ensure that it is properly URL-encoded.
This is safe because a well-formed URL does not contain any characters that are unsafe in CSS strings; except for apostrophe ('), which is not a problem as long as you use double quotes for your CSS string: url("...")
A simple way to do this is to URL-encode all characters that are not "reserved" or "unreserved" in URLs. According to RFC 3986, that would be all characters except for these:
A-Z a-z 0-9 ; , / ? : # & = + $ - _ . ! ~ * ' ( ) # [ ]
That is what encodeURI() does in Mārtiņš Briedis's JavaScript answer. (With one exception: encodeURI() encodes [ and ], which is mostly inconsequential.)
In addition to that, you might consider only allowing URLs that begin with https: or data:. By doing this you can prevent mixed content warnings if the page is served over HTTPS, and also avoid the javascript: issue Alexander O'Mara commented on.
There might be other URL parsing and validation that you want to do, but that is outside the scope of this question.
If you need to insert user data into a CSS string that cannot be treated like a URL, then you would need to do CSS backslash escaping. See user123444555621's answer for more on that.
const style = "background-image: url(\"" + CSS.escape(imageUrl) + "\")";
See https://developer.mozilla.org/en-US/docs/Web/API/CSS/escape
It is an experimental new thing, but it seems to be quite well supported (as of 2021).
I have this: my_variable = "You\'re It"
I want to find it on the page in an a tag so if I do:
page.parser.xpath("//a[contains(text(),'#{my_variable}')]")
page.parser.css('a:contains("#{temp_account_name}")')
page.parser.css("a:contains('#{temp_account_name}')")
I get an error for all the above.
But if I do:
page.parser.css('a:contains("You\'re It")')
it works. The problem is I can't use this above and place a variable in there.
How do I escape a ' character when using a variable and parsing it from the page?
On the page the text I am searching for is You're It. So I added the escape character to my variable to match and find what is on the page.
Try unescaping all the characters:
my_variable.gsub /[^\\](\\)[^\\]/, ''
...I think this is asp.net? If so, use .replace("'", "''") . Interesting solutions also exist with Server.HTMLEncode, but that's more for URLS.
When I have an Expression declared like
someText = Regex.Replace(someText, #"/*.*?*/", "");
The Error Says
System.ArgumentException: par"/*.*?*/"
parsing - Nested quantifier *.
How to rewrite the code to avoid this error?
It doesn't like that you have this: ?*
This basically translates to "zero or one of the previous expression zero or more times" which seems a little odd. I'm pretty sure that's the same thing as saying "zero or more times". Can you explain what you are trying to do in more detail?
I suspect that if you change your regex to this it will do what you want:
(/*.*)*/
Maybe what is needed is a verbal description or sample of what you are trying to match. Here is my guess of what you want. I just added an escape for the "?" character.
string someText = Regex.Replace(someText, #"/*.*\?*/", "");
It appears you're trying to parse /* */ style comments. You may wish to try a regex like:
someText = Regex.Replace(someText, #"/\*.*\*/", "");
This ensures that your * are escaped as actual characters.
Here is a good site to test your regular expressions without much trouble:
http://www.regular-expressions.info/javascriptexample.html
I hope this will help a bit.
I have an ASP.NET website with a regular expression validator text box.
I have changed the expression in the regular expression validation property "validator expression" and after compiling (rebuild) and running, the validation CHANGEs are not reflecting.
The previous validation is working fine but the changed validation is not working.
Please help me!
edit:
First code:
([a-zA-Z0-9_-.]+)\#((base.co.uk)|(base.com)|(group.com))
Second code:
#"([a-zA-Z0-9_\-.]+)#((base\.co\.uk)|(base\.com)|(group\.com)|(arg\.co\.uk)|(arggroup\.com))"
Assuming your "first code" is a literal regex, you need to escape the hyphen in the character class with a backslash.
Your "second code" is a regex formatted as a C# verbatim string that will match an email address such as whatever#base.co.uk just fine. There is nothing wrong with this regex.
You'll have to post the code in which you are using this regex if it doesn't work the way you want.
In this part: [a-zA-Z0-9_\-.] you are escaping the hyphen. The proper way to put a hyphen in a regex character class is in first position (or it thinks it is part of a range):
[-a-zA-Z0-9_.]
Then you removed the backslash from before the #. In Perl the # would be taken as part of a list name, but in C# I am not sure what effect it would have to not escape it.
The escaping of the periods is also suspect. You might need to double them up: e.g. \\. Instead, what I would do for a period is use a character class: i.e. [.] Inside the character class the period loses its special meaning.
Try this:
#"([-a-zA-Z0-9_.]+)\#((base[.]co[.]uk)|(base[.]com)|(group[.]com)|(arg[.]co[.]uk)|(arggroup[.]com))"