escape

escape和encodeURI和encodeURIComponent使用场景和区别

随声附和 提交于 2020-03-17 03:17:33
函数出现时间: escape() javascript 1.0 encodeURI() javascript 1.5 encodeURIComponent() javascript 1.5 函数功能介绍: escape() : 采用ISO Latin字符集对指定的字符串进行编码。所有的空格符、标点符号、特殊字符以及其他非ASCII字符都会转化成%xx格式的字符编码(xx代表此字符在字符集表里编码的16进制数字)。比如,空格符的对应编码是%20。不会对ASCII字符和数字进行编码。不会被此方法编码的字符:@ * / +,反向编码函数:unescape()。 encodeURI(): 把URI字符串采用UTF-8编码格式转化成escape格式的字符串。不会被此方法编码的字符:! @ # $ & ( ) = : / ; ? + ',反向编码函数:decodeURI()。 encodeURIComponent():把URI字符串采用URF-8编码格式转化成escape格式的字符串。与encodeURI相比,这个函数会将更多的字符进行编码,比如"/"等字符。所以如果字符串里面包含了URI的几个部分的话,不能用这个来进行编码。否则“/”字符被编码后将URL显示错误。不会被此方法编码的字符:! * ( ),反向编码函数:decodeURIComponent()。 测试demo: var url

freemarker默认escape html 防范xss

女生的网名这么多〃 提交于 2020-03-02 19:16:26
freemarker 有html escape 方法,但是框架没有地方可以配置默认escape 1.<#escape>指令 2.<xxx?html>内建函数 方法一、 网上比较多的是通过TemplateLoader,给加载的template文件2头套 <#escape> <#escape x as x?html> your template code </#escape> 参考: http://techdiary.peterbecker.de/2009/02/defending-against-xss-attacks-in.html 但是现在我们应用的对freemarker做了扩展,一个页面分3个部分,一个layout、一个view、多个control。 多次render才到最终结果。要控制比较麻烦配置,也不友好。 方法二 改源码的$变量、默认全部转义、对固定的扩展的layout、一个view、多个control,配置正则原义输出。 变量是string类型的时候,用了xxx?string作为原义输出的内建函数。 缺点:比较暴力,修改了DollarViable源码,后续freemarker有升级要跟随修改 /** * The original code * env.getOut().write(escapedExpression.getStringValue(env)); */

4.1.2. Constants

半世苍凉 提交于 2020-02-07 00:15:33
4.1.2. Constants 4.1.2. 常量 There are three kinds of implicitly-typed constants in PostgreSQL: strings, bit strings, and numbers. Constants can also be specified with explicit types, which can enable more accurate representation and more efficient handling by the system. These alternatives are discussed in the following subsections. PostgreSQL中有三类隐式常量:字符串、位字符串和数字。常量也可以显式指定, 这可以使系统实现更准确的表示和更有效的处理。 以下各节将讨论这些方案。 4.1.2.1. String Constants 4.1.2.1. 字符串常量 A string constant in SQL is an arbitrary sequence of characters bounded by single quotes ( ' ), for example 'This is a string' . To include a

JavaScript escape() 函数

倖福魔咒の 提交于 2020-01-07 05:51:22
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 定义和用法 escape() 函数可对字符串进行编码,这样就可以在所有的计算机上读取该字符串。 语法 escape(string) 参数 描述 string 必需。要被转义或编码的字符串。 返回值 已编码的 string 的副本。其中某些字符被替换成了十六进制的转义序列。 说明 该方法不会对 ASCII 字母和数字进行编码,也不会对下面这些 ASCII 标点符号进行编码: * @ - _ + . / 。其他所有的字符都会被转义序列替换。 提示和注释 提示: 可以使用 unescape() 对 escape() 编码的字符串进行解码。 注释: ECMAScript v3 反对使用该方法,应用使用 decodeURI() 和 decodeURIComponent() 替代它。 实例 在本例中,我们将使用 escape() 来编码字符串: <script type="text/javascript"> document.write(escape("Visit W3School!") + "<br />") document.write(escape("?!=()#%&")) </script> 输出: Visit%20W3School%21 %3F%21%3D%28%29%23%25%26 来源: oschina

Oracle Escape Characters:oracle 跳脱字符

旧时模样 提交于 2019-12-25 20:51:32
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 一、Oracle 对于查询中间的的一些特殊字符,如果让它按照字面上去解释而不是当作特殊字符呢 Oracle allows the assignment of special escape characters to tell Oracle that the character is interpreted literally. Certain characters such as the underscore ?_? are not interpreted literally because they have special meaning within Oracle. In the example below, we want to find all Oracle parameter that relate to I/O, so we are tempted to use the filter LIKE ?%_io_%?. Below we will select from the x$ksppi fixed table, filtering with the LIKE clause: select ksppinm from x$ksppi where ksppinm like '%_io_%';

英语单词escapes

丶灬走出姿态 提交于 2019-12-06 16:58:39
escapes 来源 [root@centos7 ~]# help echo echo: echo [-neE] [arg ...] Write arguments to the standard output. Display the ARGs on the standard output followed by a newline. Options: -n do not append a newline -e enable interpretation of the following backslash escapes -E explicitly suppress interpretation of backslash escapes `echo' interprets the following backslash-escaped characters: \a alert (bell) \b backspace \c suppress further output \e escape character \f form feed \n new line \r carriage return \t horizontal tab \v vertical tab \\ backslash \0nnn the character whose ASCII code is NNN

SQL模糊查询通配符_和%处理

♀尐吖头ヾ 提交于 2019-12-05 07:53:26
下划线和百分号在sql模糊查询like语句中为特殊字符,分别可匹配1个字符和0到多个字符,如果需要真正查询特殊字符得转义,如like 'a\_b%' escape '\',将匹配前3个字符为a_b的所有记录。 1 、PreparedStatement处理 普遍做法,拼sql时使用like ?,左模糊在查询条件字符串左侧添加%,右模糊在查询条件字符串右侧添加%,对特殊字符进行预先转义 condition = condition.replaceAll("_", "\\\\_"); condition = condition.replaceAll("%", "\\\\%"); ps.setString(idx, "%" + conditon + "%") ; 为什么replaceAll中需要使用4个\可参考jdk源码Matcher.appendReplacement方法。 专业做法,拼sql时使用like ? escape '\'(java中使用两个\\) 2 、多数据库支持处理 在postgres中escape需要使用'\\'(java中使用四个\\)处理 3 、其他思考 查找数据库是否有配置模糊查询的默认转义字符,搜索未果,可能关键字抽取有问题,试图在oracle的v$parameter中查找会话相关参数但是没有收获。 建议处理方式:在sql中like后添加escape

Invalid escape sequence in literal [duplicate]

匿名 (未验证) 提交于 2019-12-03 10:10:24
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试): 问题: This question already has an answer here: (Swift) how to print “\” character in a string? 3 answers Suppose to be a easy one I get a compiler error for this: var str:String = "117\/7024" I gauss i have a problem with either / but i cant find an answer how to correct this String 回答1: Looks like you are trying to re-define str which you might have defined before yourself. I would not recommend this type of variable name, even if it is legal. Also, you need to leave a space after the = . EDIT: Your original question quoted the string as "117

passing variable to javascript regexp: combination of variable and regexp pattern

匿名 (未验证) 提交于 2019-12-03 09:06:55
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试): 问题: I need to pass variable into RegExp form = form.replace(/someVar\_\d+/g, someVar+"_"+num) I read this question, but there is not a combination of regular expression (like \d+ ) and a string variable: How do you use a variable in a regular expression? And I can use eval here, but I want to avoid it 回答1: You're looking for almost the same thing the question shows: var r = new RegExp(someVar + "_\\d+","g"); Two minor notes: You may want to escape regexp meta-characters that may be present in someVar . Note "\\d+" is a string, so you have to

How to use String#split with a backslash character?

匿名 (未验证) 提交于 2019-12-03 08:57:35
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试): 问题: I would like to split this string: C:\RCOUNT2013\2013_Extracted\Weekly ODEN Notices Report.12-28-2013.2013-12-29 07-20-51.pdf.log.0 on the \ . What would the regex be? string.split("\\ \") // ? 回答1: In regex-land, a \ is an escape character, so to obtain a literal \ we need to escape it: \\ . However, in Java strings, \ is also an escape character, so we need to escape each \ a second time, resulting in \\\\ . Therefore, this is what you want: str.split("\\\\") 回答2: split("\\\\") Double-escaping "\" 回答3: The regex would be "\\\\" In the