I am trying to replace some text in a WordPress post with the help of WordPress Filter (http://wordpress.org/extend/plugins/wordpress-filter/) but but all ' and " are get escaped. What should I do to prevent it from escaping?
You need to have an escape character in front of them. Try using a "\" in front of the character you want to escape.
Related
i using wordpress vesion 4.3, when used Yoast SEO only page post-sitemap.xml error.
how i can fix it?
thanks for wathcing.
XML has a special set of characters that cannot be used in normal XML strings.
Here '&' is a special character.
These characters are:
& - &
< - <
> - >
" - "
' - '
For example, the following XML string is invalid:
<Organization>IBM & Microsoft</Organization>
Whereas the following is valid XML:
<Organization>IBM & Microsoft</Organization>
—Note that we have replaced '&' with '&' in the second XML string which makes it valid.
Your plugin doesn't escape Vietnamese symbols. So try to rename image file that causes this error.
I have a div which will receive a CSS background image from user chosen URL, like so:
background-image: url("/* user specified URL here*/")
How should I escape the URL so that it's safe to embed in the CSS? Is escaping the quotes enough?
If you are setting the background url through JS, then the correct and safe ways is using encodeURI() and wrapping in quotes.
node.style.backgroundImage = 'url("' + encodeURI(url) + '")';
Is escaping the quotes enough?
No, you also should worry about backslashes and newlines.
Here is the CSS grammar for a double quoted URI:
http://www.w3.org/TR/CSS21/grammar.html#scanner
"([^\n\r\f\\"]|\\{nl}|{escape})"
where {nl} is
\n|\r\n|\r|\f
and {escape} is a backslash-escaped character. So a trailing backslash will break your CSS. A non-escaped newline likewise.
I would strongly recommend to remove all whitespace and finally escape " and \
Since the user data that you need to insert into CSS can be treated like a URL, and not just a string, you only need to ensure that it is properly URL-encoded.
This is safe because a well-formed URL does not contain any characters that are unsafe in CSS strings; except for apostrophe ('), which is not a problem as long as you use double quotes for your CSS string: url("...")
A simple way to do this is to URL-encode all characters that are not "reserved" or "unreserved" in URLs. According to RFC 3986, that would be all characters except for these:
A-Z a-z 0-9 ; , / ? : # & = + $ - _ . ! ~ * ' ( ) # [ ]
That is what encodeURI() does in Mārtiņš Briedis's JavaScript answer. (With one exception: encodeURI() encodes [ and ], which is mostly inconsequential.)
In addition to that, you might consider only allowing URLs that begin with https: or data:. By doing this you can prevent mixed content warnings if the page is served over HTTPS, and also avoid the javascript: issue Alexander O'Mara commented on.
There might be other URL parsing and validation that you want to do, but that is outside the scope of this question.
If you need to insert user data into a CSS string that cannot be treated like a URL, then you would need to do CSS backslash escaping. See user123444555621's answer for more on that.
const style = "background-image: url(\"" + CSS.escape(imageUrl) + "\")";
See https://developer.mozilla.org/en-US/docs/Web/API/CSS/escape
It is an experimental new thing, but it seems to be quite well supported (as of 2021).
I have this: my_variable = "You\'re It"
I want to find it on the page in an a tag so if I do:
page.parser.xpath("//a[contains(text(),'#{my_variable}')]")
page.parser.css('a:contains("#{temp_account_name}")')
page.parser.css("a:contains('#{temp_account_name}')")
I get an error for all the above.
But if I do:
page.parser.css('a:contains("You\'re It")')
it works. The problem is I can't use this above and place a variable in there.
How do I escape a ' character when using a variable and parsing it from the page?
On the page the text I am searching for is You're It. So I added the escape character to my variable to match and find what is on the page.
Try unescaping all the characters:
my_variable.gsub /[^\\](\\)[^\\]/, ''
...I think this is asp.net? If so, use .replace("'", "''") . Interesting solutions also exist with Server.HTMLEncode, but that's more for URLS.
im trying to make a regex, and so far it does the folowwing:
-Disallow whitespace at the front and end
-Allow spaces in the middle
Here is the regex:
^[^\s].+[^\s]$
I want it to also disallow special characters, how do i do that?
Thanks
^[a-zA-Z0-9]([a-zA-Z0-9 ]*[a-zA-Z0-9])?$
^[a-zA-Z0-9][a-zA-Z0-9 ]*[a-zA-Z0-9]$ should only allow lowercase, uppercase and numbers and spaces except spaces at the start of end of the string
I am not sure how to escape an apostrophe with a slash. I am using fckeditor and fckeditor replaces all single apostrophes with double apostrophes. My code is doing the same thing so when I view the content there are two apostrophe in the html. I thought that I could escape the apostrophe with a slash and that should do the trick.
According to this list of HTML entities you should use ' (but this will apparantly not work in IE) or '.
You can find more on the HTML Symbol Entities Reference.
You should replace double quote with
This code 9" x 9" with give you output as 9" X 9"
And if your database row contain single apostrophe, you can display by assigning that value to lable controls text property and it should work without any issues.
You should replace with
"
which is the best and sometimes only way to store quotaiton marks in text fragments.