about text substitution.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have an application that takes some user input and then at a later
date displays that in a hover over pop up.

The jquery script
<script type="text/javascript" src="https://ajax.googleapis.com/ajax /
<script type="text/javascript" src="https://swort.eu/library/prototip /
<link rel="stylesheet" media="all" href="https://swort.eu/library /

The basic application when it gets a mouse enter event  takes that
user input and passes it to the jquery like this:

    ExecuteJavaScript("new Tip('"+_
    me.ControlID +_
    "', '" + GetContentString + "', {"+_
    "title: '" + GetTitleString + "',"+_
    "style: 'protoblue',"+_
    "stem: 'topLeft',"+_
    "hook: { tip: 'topLeft', mouse: true },"+_
    "offset: { x: 14, y: 14 }"+_

There are some strings that really mess this up.  If one of the
characters is a " or a ' then the javascript throws an exception.

How can I preprocess these user entered strings so that I don't get
these execptions thrown?

i.e. can I put a \ in front of the " or the '  so that it is
interpreted literally?
Are there any other characters that will need special pre-processing?

Re: about text substitution.

2011-11-17 6:13, SpreadTooThin wrote:

Quoted text here. Click to load it

This would be much easier to analyze if the URL of an online version had
been included.

Quoted text here. Click to load it

This sounds like a complicated and risky way of doing something fairly
simple. Anyway, your problem, in the current approach, is basically a
JavaScript problem, not HTML

Quoted text here. Click to load it

Or maybe executes code injected by the intruder, through the huge
security hole that you have built.

Quoted text here. Click to load it

The backslash readily comes into my mind, and then all the line terminators.

Yucca, http://www.cs.tut.fi/~jkorpela /

Re: about text substitution.

Quoted text here. Click to load it

Right it's like sanatizing data base inputs.... So is there a sanatize

Re: about text substitution.

On Wed, 16 Nov 2011 20:13:45 -0800, SpreadTooThin wrote:

Quoted text here. Click to load it

See, that's your problem right there.


Denis McMahon

Site Timeline