commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [lang] Question with the StringEscapeUtils.(un)escapeEcmaScript
Date Sun, 12 Mar 2017 13:35:15 GMT
On 12 March 2017 at 10:43, Benedikt Ritter <britter@apache.org> wrote:
> Hello,
>
>> Am 11.03.2017 um 13:08 schrieb Yasser Zamani <yasser.zamani@live.com>:
>>
>>
>>
>> On 3/8/2017 12:21 PM, Benedikt Ritter wrote:
>>> Hello Yasser,
>>>
>>> Sorry for the late reply! I have been on vacation and needed some time to go
through all the mails that have piled up :-)
>> Hello Benedikt , thank you very much for your answer
>>>
>>> StringEscapeUtils contains general String escaping routines. It does not focus
on business related escaping (how would you draw that line anyway?). escapeEcmaScript just
escapes the characters in a String using EcmaScript String rules.
>>> Can you please provide a failing test case showing the problem you see?
>>>
>> Yes, you're right. I mis-used the method. it is for escaping an ecma
>> string that can be used inside an another ecma string but I wrongly used
>> that  for escape from script injection!
>>> So „<" and „>“ are not escaped by escapeEcmaScript..
>> My failure :(
>>>>
>>>> And finally just for a curious, why `ESCAPE_ECMASCRIPT` does not include
>>>> `OctalUnescaper` but `UNESCAPE_ECMASCRIPT = UNESCAPE_JAVA` does?
>>>
>>> Again it is because it just escapes according to EcmaScript escaping rules.
>> It's some weird , you mean escaping ecma script does not need escaping
>> octal, but un-escaping ecma script does need also un-escaping octal?
>> i.e. inverse of escaping is not equal to unescaping and vice versa.
>
> To be honest, I don’t know :o) I’ve added Rob to the thread, because he has done
quite some work in Commons Text and may know why this makes sense…

OctalUnescaper is for UNESCAPE translators only.
There is no OctalEscaper.
Nor would it make sense to escape input as octal.

The other reason is that one should be strict in what one generates,
but liberal in what one accepts.

None of the types need Octal escaping, but if octal escapes are found
on input, I assume they need to be unescaped.

> Regards,
> Benedikt
>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message