Questions tagged [escaping]
The escaping tag has no summary.
11 questions
0
votes
3
answers
672
views
Using the symbol ⎋ to denote any "escape" in Javascript, CSS, HTML etc
I know that:
Computer keyboards have an Escape Key
The symbol for the Escape Key is U+238B Broken Circle with Northwest Arrow (⎋)
and I also know that:
HTML5 & CSS3 both have escape characters
...
- 285
4
votes
2
answers
3k
views
Should REST API return escaped user generated content
We have a REST API that returns user generated content from a database. Before inserting the data into the database the data is sanitized.
But when returning the data we do not escape / decode the ...
- 585
4
votes
1
answer
1k
views
Which is a more efficient approach to decoding escape sequences in text?
I'm working on parsers that not only process delimited content, but also escape sequences within certain portions of that content. I'm contemplating the efficiency of several approaches to ...
- 365
2
votes
0
answers
566
views
Tainted String Type in Kotlin
Two of the top 3 security vulnerabilities in the OWASP Top 10 come from trusting user input (Injection and XSS). To deal with this, Ruby lets you "taint" Strings received from the user as unsafe.
In ...
- 15k
0
votes
4
answers
929
views
How to escape regexes and paths in double quote strings without going crazy?
It often happens that after designing my regexp (on regex101.com) I want to paste it in my program. Consider this regexp that matches numbers and string (but keep in mind this is general question!):
^...
- 883
-1
votes
2
answers
547
views
Is there any danger in rendering user-entered HTML and can it be mitigated?
I'm guessing the answer is no because there's quite a few examples, including right here. If I let users submit their own HTML text and then render it side by side, what could the user do that would ...
- 417
2
votes
1
answer
3k
views
Optimized Special Character Escaper vs Matcher/Pattern
I need to escape special characters which are sent to Apache Lucene.
Since the code will run on a production server, I want the code to be the fastest possible.
I've seen multiple ways to do it:
...
- 267
1
vote
1
answer
2k
views
pcre case insensitivity: handle escape sequences as raw bytes?
Consider the following regex (no unicode):
Example:\x04\x05\x41
Suppose you search this regex case-insensitively. Would you expect it to search the final \x41 in case-sensitive manner? People whom I ...
- 111
0
votes
2
answers
1k
views
How does Facebook strip html/apostrophes for XSS but also display it?
I'm not quite sure if this is a question for programmers.se rather than stackoverflow, but here goes. So Facebook [or any other large company] when given something like an apostrophe or html, can ...
- 191
2
votes
1
answer
1k
views
Does it make sense to sanitize email form input?
So, I'm expending this email submission form script for a client and saw something rather strange to my experience. As you can see below, the original programmer has sanitised the user input. Is this ...
- 276
2
votes
3
answers
230
views
Escaping strings in database layer
Can escaping functions (e.g. mysql_real_esacpe_string ) be moved down to the database layer where we would loop through all parameters passed for all queries and escape all strings. Would that be a ...
- 1,969