escaping

find interprets a dash at the start of a filename as the start of an option. Using the familiar -- trick doesn't work since options are after the filename, quoting has no effect, and replacing the first dash with \- doesn't work either. Users are often encouraged to precede such filenames with ./ , but what can I do if I don't know whether the given path will be absolute or relative? Edit: One solution is to find "$(readlink -f -- "$test_filename")" , but it's ugly. Any better ideas? Edit 2 : Thanks for the suggestions. Here are the two scripts that resulted from this effort: safe-find.sh ;

I am using SQLAlchemy to connect to different databases in Python, but not with the ORM support as this cannot be implemented due to several reasons. Mainly I do build a complex SQL query using things like sql += "AND fieldname = '%s'" % myvar In my case is not a problem of SQL injection as the data is always from a trusted source but even if the source is trusted it could contain characters that could break the query like ' , % or _ . Mainly, I need to escape them, and I wonder if there is an already existing escape function that I could re-use. You should not try to implement your own

I'm using Jinja2 to create Golang code using Python3. I need to pass some parameters in quotes to a function in my final code, but Jinja2 isn't escaping double quotes. My python code is something like: list_s = ['a', 'b'] string = '\"' + '", "'.join(list_s) + '\"' final_string = 'Function(' + string + ')' print(final_string) template.render({'function': final_string}) My template is: e.({{function}}) What I'm getting in the console (the print in the python code): Function("a", "b") What I wanted in my final code in Go: e.(Function("a", "b")) What I'm actually getting in my final code: e.

I'm running into an issue with the rails auto-escaping. It currently thinks a string is html_safe (which it is), but for display purposes I need it to still escape the html. Here's the steps the string is taking. my_string = render(:partial => "set_string", :locals => {:item => @item}) <%= my_string %> and the partial is basically <h2>Page Header</h2> <strong><%= item.name %></strong> <%= item.body %> etc My understanding is that because I'm displaying text in a view directly (the h2, etc) it assumes it is safe, and it also properly escapes the item outputs, which makes the whole my_string

When should we replace < > & " ' in XML to characters like &lt etc. My understanding is that it's just to make sure that if the content part of XML has > < the parser will not treat is start or end of a tag. Also, if I have a XML like: <hello>mor>ning<hello> should this be replaced to either: &lthello&gtmor&gtning&lthello&gt &lthello&gtmor>ning&lthello&gt <hello>mor&gtning<hello> I don't understand why replacing is needed. When exactly is it required and what exactly (tags or text) should be replaced? < , > , & , " and ' all have special meanings in XML (such as "start of entity" or "attribute

Does Facebook support Google's ajax crawling specification and, if so, what do you need to do to implement it? I am trying to get the Facebook "Like" button to work with AJAX crawlable urls as defined here: code.google.com/web/ajaxcrawling/docs/specification.html I have this url which I can go to directly and it loads. Note the "#!" in the url: http://www.idkshouldi.com/?#!idkDetails_idkKey=agppZGtzaG91bGRpcmMLEiljb21faWRrc2hvdWxkaV93ZWJfc2VydmVyX2dhZV9vYmpfSWRrVXNlciIDamltDAsSKWNvbV9pZGtzaG91bGRpX3dlYl9zZXJ2ZXJfZ2FlX29ial9JZGtJdGVtGN6kBgw When I "Like" this page it should crawl this "escaped

for example I have id like someform:somepanel:somebutton When I do jQuery("#someform:somepanel:somebutton") it returns someform, how to AUTOMATICALLY escape that id? EDIT: I want to do something like this jQuery(somefunction("#someform:somepanel:somebutton")) If it's only this very specialized version, you can just .replace() the character. function somefunction(selector) { return selector.replace(/:/, '\\\\:'); } jQuery(somefunction("#someform:somepanel:somebutton")) is then converted into jQuery("#someform\\:somepanel\\:somebutton"); To have a more generic version, you can use a regexp:

How do I make sure I don't escape something twice? I've heard that its good practice to escape values as you receive them from a form, and also escape when you output. That way you have two chances to catch something. I presume that you're using JSP. Just escape during display only. There for the JSTL <c:out> tag is perfectly suitable. It escapes HTML entities by default. Use it to display every user-controlled input, such as request URL, request headers and request parameters. E.g. <input type="text" name="foo" value="<c:out value="${param.foo}" />"> Escaping during input is not needed. XSS