I have this: my_variable = "You\'re It"
I want to find it on the page in an a tag so if I do:
page.parser.xpath("//a[contains(text(),'#{my_variable}')]")
page.parser.css('a:contains("#{temp_account_name}")')
page.parser.css("a:contains('#{temp_account_name}')")
I get an error for all the above.
But if I do:
page.parser.css('a:contains("You\'re It")')
it works. The problem is I can't use this above and place a variable in there.
How do I escape a ' character when using a variable and parsing it from the page?
On the page the text I am searching for is You're It. So I added the escape character to my variable to match and find what is on the page.
Try unescaping all the characters:
my_variable.gsub /[^\\](\\)[^\\]/, ''
...I think this is asp.net? If so, use .replace("'", "''") . Interesting solutions also exist with Server.HTMLEncode, but that's more for URLS.
Related
I have a div which will receive a CSS background image from user chosen URL, like so:
background-image: url("/* user specified URL here*/")
How should I escape the URL so that it's safe to embed in the CSS? Is escaping the quotes enough?
If you are setting the background url through JS, then the correct and safe ways is using encodeURI() and wrapping in quotes.
node.style.backgroundImage = 'url("' + encodeURI(url) + '")';
Is escaping the quotes enough?
No, you also should worry about backslashes and newlines.
Here is the CSS grammar for a double quoted URI:
http://www.w3.org/TR/CSS21/grammar.html#scanner
"([^\n\r\f\\"]|\\{nl}|{escape})"
where {nl} is
\n|\r\n|\r|\f
and {escape} is a backslash-escaped character. So a trailing backslash will break your CSS. A non-escaped newline likewise.
I would strongly recommend to remove all whitespace and finally escape " and \
Since the user data that you need to insert into CSS can be treated like a URL, and not just a string, you only need to ensure that it is properly URL-encoded.
This is safe because a well-formed URL does not contain any characters that are unsafe in CSS strings; except for apostrophe ('), which is not a problem as long as you use double quotes for your CSS string: url("...")
A simple way to do this is to URL-encode all characters that are not "reserved" or "unreserved" in URLs. According to RFC 3986, that would be all characters except for these:
A-Z a-z 0-9 ; , / ? : # & = + $ - _ . ! ~ * ' ( ) # [ ]
That is what encodeURI() does in Mārtiņš Briedis's JavaScript answer. (With one exception: encodeURI() encodes [ and ], which is mostly inconsequential.)
In addition to that, you might consider only allowing URLs that begin with https: or data:. By doing this you can prevent mixed content warnings if the page is served over HTTPS, and also avoid the javascript: issue Alexander O'Mara commented on.
There might be other URL parsing and validation that you want to do, but that is outside the scope of this question.
If you need to insert user data into a CSS string that cannot be treated like a URL, then you would need to do CSS backslash escaping. See user123444555621's answer for more on that.
const style = "background-image: url(\"" + CSS.escape(imageUrl) + "\")";
See https://developer.mozilla.org/en-US/docs/Web/API/CSS/escape
It is an experimental new thing, but it seems to be quite well supported (as of 2021).
I'm trying to create a RegEx Validator that checks the file extension in the FileUpload input against a list of allowed extensions (which are user specified). The following is as far as I have got, but I'm struggling with the syntax of the backward slash (\) that appears in the file path. Obviously the below is incorrect because it just escapes the (]) which causes an error. I would be really grateful for any help here. There seems to be a lot of examples out there, but none seem to work when I try them.
[a-zA-Z_-s0-9:\]+(.pdf|.PDF)$
To include a backslash in a character class, you need to use a specific escape sequence (\b):
[a-zA-Z_\s0-9:\b]+(\.pdf|\.PDF)$
Note that this might be a bit confusing, because outside of character classes, \b represents a word boundary. I also assumed, that -s was a typo and should have represented a white space. (otherwise it shouldn't compile, I think)
EDIT: You also need to escape the dots. Otherwise they will be meta character for any character but line breaks.
another EDIT: If you actually DO want to allow hyphens in filenames, you need to put the hyphen at the end of the character class. Like this:
[a-zA-Z_\s0-9:\b-]+(\.pdf|\.PDF)$
You probably want to use something like
[a-zA-Z_0-9\s:\\-]+\.[pP][dD][fF]$
which is same as
[\w\s:\\-]+\.[pP][dD][fF]$
because \w = [a-zA-Z0-9_]
Be sure character - to put as very first or very last item in the [...] list, otherwise it has special meaning for range or characters, such as a-z.
Also \ character has to be escaped by another slash, even inside of [...].
When I have an Expression declared like
someText = Regex.Replace(someText, #"/*.*?*/", "");
The Error Says
System.ArgumentException: par"/*.*?*/"
parsing - Nested quantifier *.
How to rewrite the code to avoid this error?
It doesn't like that you have this: ?*
This basically translates to "zero or one of the previous expression zero or more times" which seems a little odd. I'm pretty sure that's the same thing as saying "zero or more times". Can you explain what you are trying to do in more detail?
I suspect that if you change your regex to this it will do what you want:
(/*.*)*/
Maybe what is needed is a verbal description or sample of what you are trying to match. Here is my guess of what you want. I just added an escape for the "?" character.
string someText = Regex.Replace(someText, #"/*.*\?*/", "");
It appears you're trying to parse /* */ style comments. You may wish to try a regex like:
someText = Regex.Replace(someText, #"/\*.*\*/", "");
This ensures that your * are escaped as actual characters.
Here is a good site to test your regular expressions without much trouble:
http://www.regular-expressions.info/javascriptexample.html
I hope this will help a bit.
I am trying to replace some text in a WordPress post with the help of WordPress Filter (http://wordpress.org/extend/plugins/wordpress-filter/) but but all ' and " are get escaped. What should I do to prevent it from escaping?
You need to have an escape character in front of them. Try using a "\" in front of the character you want to escape.
I have an ASP.NET website with a regular expression validator text box.
I have changed the expression in the regular expression validation property "validator expression" and after compiling (rebuild) and running, the validation CHANGEs are not reflecting.
The previous validation is working fine but the changed validation is not working.
Please help me!
edit:
First code:
([a-zA-Z0-9_-.]+)\#((base.co.uk)|(base.com)|(group.com))
Second code:
#"([a-zA-Z0-9_\-.]+)#((base\.co\.uk)|(base\.com)|(group\.com)|(arg\.co\.uk)|(arggroup\.com))"
Assuming your "first code" is a literal regex, you need to escape the hyphen in the character class with a backslash.
Your "second code" is a regex formatted as a C# verbatim string that will match an email address such as whatever#base.co.uk just fine. There is nothing wrong with this regex.
You'll have to post the code in which you are using this regex if it doesn't work the way you want.
In this part: [a-zA-Z0-9_\-.] you are escaping the hyphen. The proper way to put a hyphen in a regex character class is in first position (or it thinks it is part of a range):
[-a-zA-Z0-9_.]
Then you removed the backslash from before the #. In Perl the # would be taken as part of a list name, but in C# I am not sure what effect it would have to not escape it.
The escaping of the periods is also suspect. You might need to double them up: e.g. \\. Instead, what I would do for a period is use a character class: i.e. [.] Inside the character class the period loses its special meaning.
Try this:
#"([-a-zA-Z0-9_.]+)\#((base[.]co[.]uk)|(base[.]com)|(group[.]com)|(arg[.]co[.]uk)|(arggroup[.]com))"