escaping

I seem to recall that there is an HTML tag that escapes absolutely everything inside it except the matching closing tag. Kind of like <plaintext> but not fundamentally broken. <xmp> is the tag you are looking for: <xmp>some stuff <tags></tags> too</xmp> But, since it's depricated, the best you can get is <pre>. You need to use <pre><code> ... </code></pre> . <xmp> is deprecated and should not be used. See http://www.htmlcodetutorial.com/_XMP.html . There is also the XML CDATA : <![CDATA[stuff that is <tag>never</tag> parsed]]> Whether this works in an HTML document is probably up to the

Which characters must be avoided to make sure PSQLException: ERROR: syntax error in tsquery will not occur? The documentation does not say anything about how to escape the search string: http://www.postgresql.org/docs/8.3/static/datatype-textsearch.html Use quotes around your terms if you want them as phrases/verbatim or they contain characters used in the syntax: select to_tsquery('"hello there" | hi'); Bare in mind that you shouldn't really have crazy characters in your terms, since they are not going to match anything in the tsvector. The (non-token) characters recognized by the tsquery

I am trying to replaces instances of \r or \n characters in my json object with <br /> for display on a website. I tried: myString = myString.replace("\\r?\\n", "<br />"); But this doesn't seem to do anything. When I replace the regex with something else (like "a" for instance, the replace works as expected). Any ideas why this isn't working for the newline chars? Felipe Try this: myString = myString.replace(/[\r\n]/g, "<br />"); Update : As told by Pointy on the comment below, this would replace a squence of \r\n with two <br /> , the correct regex should be: myString = myString.replace(/\r?

how do I html-escape dangerous unsanitized input in jinja2? Can I do it inside the template or must it be done in python code? I have a variable that may contain da<ngero>u&s chars. How do I escape it in jinja2 jitter e.g. {{ user.username|e }} Pipe it through the |e filter Jinja: Template Designer Documentation -> HTML Escaping You could also tell the environment to autoescape everything: e = Environment(loader=fileloader, autoescape=True) note: in jinja1 this is auto_escape If you want to escape html in your programme, you can do it like this(example): >>> import jinja2 >>> jinja2.__version_

I'm attempting to load an RSA private key into my nodejs application using environment variables, but the newlines seem to be being auto-escaped. For the following, assume that the PRIVATE_KEY env var is set to the following (not my actual key): PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ

I want to grep for a function call 'init()' in all JavaScript files in a directory. How do I do this using grep? Particularly, how do I escape parenthesis, () ? Matthew Flaschen It depends. If you use regular grep, you don't escape: echo '(foo)'|grep '(fo*)' You actually have to escape if you want to use the parentheses as grouping. If you use extended regular expressions , you do escape: echo '(foo)'|grep -E '\(fo*\)' If you want to search for exactly the string "init()" then use fgrep "init()" or grep -F "init()" . Both of these will do fixed string matching, i.e. will treat the pattern as a

This is my query. cursor2.execute("update myTable set `"+ str(row[1]) +"` = \"'" + str(row[3]) +"'\" where ID = '"+str(row[0])+"'") It is failing when row values have double quotes "some value". How do I escape all special characters? Here is an example: import MySQLdb column = str(MySQLdb.escape_string(row[1])) query = "update myTable set %(column)s = %%s where ID = %%s" % dict(column = column) cursor2.execute(query, [row[3], row[0]]) Update Here is a brief commentary: column = str(MySQLdb.escape_string(row[1])) Always a good idea to escape anything that goes into a query. In this case we are