16 Matching Annotations
- Jun 2021
-
stackoverflow.com stackoverflow.com
-
As far as "Is there really no way to escape the < here?" there is a way... but you're not going to like it: %r<(?#{'<'}!foo)> == %r((?<!foo))
-
- Apr 2021
-
stackoverflow.com stackoverflow.com
-
The quirky looking printf is necessary to correctly expand the script's arguments in $@ while protecting possibly quoted parts of the command (see example below).
-
- Dec 2020
-
stackoverflow.com stackoverflow.com
-
One does not have to escape ] outside of the character class.
-
- Nov 2020
-
github.com github.com
-
If you needed a literal { character in your markup, you could always do {'{'}. (This is how it's done in React.) Or you could do {, which is pleasingly easy to remember. Does there need to be some method of escaping beyond that?
-
- Oct 2020
-
github.com github.com
-
By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
-
-
stackoverflow.com stackoverflow.com
-
Escaping is a subset of encoding: You only encode certain characters by prefixing a special character instead of transferring (typically all or many) characters to another representation.
-
-
www.onwebsecurity.com www.onwebsecurity.com
-
Escaping is a subset of encoding, where not all characters need to be encoded. Only some characters are encoded (by using an escape character).
-
what's the difference between escaping and encoding
-
-
-
Before MDX, some of the benefits of writing Markdown were lost when integrating with JSX. Implementations were often template string-based which required lots of escaping and cumbersome syntax.
-
- Jul 2020
-
developer.mozilla.org developer.mozilla.org
- May 2020
-
stackoverflow.com stackoverflow.com
-
'
because it's in YAML
but this means you can't use any ' in the actual script line
or you have to use different delimiters if you do
bottom line is it makes it harder to write/include your script than simply creating a separate shell script file.
-
- Apr 2020
-
makandracards.com makandracards.com
-
What we actually want to do is to escape content if it is unsafe, but leave it unescaped if it is safe. To achieve this we can simply use SafeBuffer's concatenation behavior:
-
Our helper still returns a safe string, but correctly escapes content if it is unsafe. Note how much more flexible our group helper has become because it now works as expected with both safe and unsafe arguments. We can now leave it up to the caller whether to mark input as safe or not, and we no longer need to make any assumptions about the safeness of content.
-
A common mistake is to see those escaped angle brackets, and "improve" the helper by making everything html_safe:
-
-
security.stackexchange.com security.stackexchange.com
-
You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript
-
-
wpvip.com wpvip.com
-
1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)
-