sanitization

问题 I'm looking for a php function that will sanitize a string and make it ready to use for a filename. Anyone know of a handy one? ( I could write one, but I'm worried that I'll overlook a character! ) Edit: for saving files on a Windows NTFS filesystem. 回答1: Instead of worrying about overlooking characters - how about using a whitelist of characters you are happy to be used? For example, you could allow just good ol' a-z , 0-9 , _ , and a single instance of a period ( . ). That's obviously more

问题 I have a simple piece of code that won't work: <div class="cover" [style.background-image]="sanitizer.bypassSecurityTrustStyle('url(/assets/img/picture (1).jpg)')"> </div> The sanitizer.bypassSecurityTrustStyle returns the following message: SafeValue must use [property]=binding: url(/assets/img/picture (1).jpg) (see http://g.co/ng/security#xss) Also tried to move sanitization to a custom pipe, the result is the same. When trying the following solutions Angular ignores style.background-image

问题 I'm using CKEditor in Markdown format to submit user created content. I would like to sanitize this content from malicious tags, but I would like to keep the formatting that is the result of the markdown parser. I've used two methods that do not work. Method one <!--- Sanitize post content ---> <cfset this.text = HTMLEditFormat(this.text)> <!--- Apply mark down parser ---> <cfx_markdown textIn="#this.text#" variable="parsedNewBody"> Problem For some reason <pre> and <blockquote> are being

问题 I have UTF-8 encoded post titles which I'd rather show using the appropriate characters in slugs. An example is Amazon Japan's URL here. How can any arbitrary string be converted to a safe URL slug such as this, with Ruby (or Rails)? (There are some related PHP posts, but nothing I could find for Ruby.) 回答1: From reading here it seems like a solution is this: require 'open-uri' str = "\x12\x34\x56\x78\x9a\xbc\xde\xf1\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a".force_encoding('ASCII-8BIT'

问题 I need to truncate html string that was already sanitized by my app before storing in DB & contains only links, images & formatting tags. But while presenting to users, it need to be truncated for presenting an overview of content. So I need to abbreviate html strings in java such that <img src="http://d2qxdzx5iw7vis.cloudfront.net/34775606.jpg" /> <br/><a href="http://d2qxdzx5iw7vis.cloudfront.net/34775606.jpg" /> when truncated does not return something like this <img src="http:/

问题 I wanted to write a javascript function to sanitize user input and remove any unwanted and dangerous characters. It must allow only the following characters: Alfanumeric characters (case insentitive): [a-z][0-9]. Inner whitespace, like "word1 word2". Spanish characters (case insentitive): [áéíóúñü]. Underscore and hyphen [_-]. Dot and comma [.,]. Finally, the string must be trimmed with trim(). My first attempt was: function sanitizeString(str){ str = str.replace(/[^a-z0-9áéíóúñü_-\s\.,]/gim,

问题 I have MyRequest.php class extending App\Http\Requests\Request . I want to trim() every input before validation because an e-mail with a space after it does not pass validation. However sanitize() was removed from src/Illuminate/Foundation/Http/FormRequest.php 回答1: I just came across for the same problem. I'd like to show you another way of doing it without extends but with traits . ( I will take the Example Classes from Tarek Adam ). PHP Traits are like functions which will be injected into

问题 Hello How can I can I allow only digit [^0-9] and a minus sign in front the digit. Example : Valid = -1...-9, Invalid = --1-... 回答1: Just remove every invalid character and check if the remaining has a valid format: $cleaned = preg_replace('/[^-0-9]+/', '', $str); if (preg_match('/^-?[0-9]+$/', $cleaned)) { // now valid } Ok, here’s another suggestion: preg_replace('/.*?(-?\d+).*/', '$1', $str) 回答2: /^-\d+$/ or if minus is optional /^-?\d+$/ 回答3: Should be as simple as... preg_match('#^-?[0-9

问题 I upgraded to RC1 which caused the previous solution for Beta 17 to no longer work, so I tried using the sanitizer but that causes problems for styles that may have embedded single quotes. This statement: sanitizer.bypassSecurityTrustStyle('url(/pImages/' + this.recipientId + '.jpg)'); gets converted into this: style="background-image: url("/pImages/57211a89b65ff1be3edd14c9.jpg");" and the double quote mark right after url( ends the style string and breaks it. So I tried manually inserting

问题 This is a follow-up question from this that considered evalc , instead of figgling with file-descriptors manually. You can see below an example about poor sanitization. I want to remove things such as trailing characters, all whitespaces, all newlines etc -- that usually cause unexpected things -- is there a ready sanitization command to do this? EDU>> a a = 1 +1*{x} -1*{y}*{z} EDU>> b b = 1 +1*{x} -1*{y}*{z} EDU>> isequal(a,b) ans = 0 回答1: I don't know whether there exist any ready robust