sanitize

来源： https://stackoverflow.com/questions/45991613/angular-how-do-i-sanitize-a-style-inside-a-plain-typescript-class

问题 I'm writing a CLI using node and I've arrived at the part where I take user input and append it to a string that is the command for the child_process.exec function. const CURL_CHILD = exec('npm view --json ' + process.argv[2] + ... I am trying to figure out what I need to do to process.argv[2] before I pass it to the exec function. I've surfed around for a while and haven't found any questions or answers that address this specific case. What is the best way to sanitize this user input for

问题 I'm coding a web interface to a horrible piece of propitiatory software our company uses. The software has no real UI and requires us giving putty access to our system for our clients to even pull data. My web interface has to run an exec(); function and it has to pass a few variables the user inputs. $command = "report-call '$type' '$study' '$server' '$tag' '$specopt1' '$specopt2' '$specopt3' '$specopt4'"; $last_line = exec($command, $output, $returnvalue); Now I assume I might be able to

问题 I've been using the sanitize method in a Rails 4 app to scrub a page which displays html that users generate to prevent unsafe things like script injection. So I have a view that looks like: sanitize @user_input Right now I'm having issues when uses are entering video tags with a source tag under it like so: <video><source src="foo.bar"></video> Unfortunately it looks like sanitize is stripping out the source tag so videos are no longer working. How do I use sanitize so it allows source tags?

问题 I have youtube links in my mock memory database and I want to *ngFor these videos from youtube. let videos: any[] =[ {videoURL: "ZOd5LI4-PcM"}, {videoURL: "d6xQTf8M51A"}, {videoURL :"BIfvIdEJb0U"} ]; like this. I used service to connect my component with the server and now in the html, I have let v of videos. And within the iframe tages.. I did <iframe src=v.videoURL></iframe> But since it's external source, they are telling me to use Domsanitzer but I am stuck at this part. I don't know how

问题 I am facing issues regarding the filenames that were accented and found a function to sanitize the filenames, but I am not sure of if this will affect the filenames in database as well or will just rename the files? Here is the code: add_filter('sanitize_file_name', 'sa_sanitize_spanish_chars', 10); function sa_sanitize_spanish_chars ($filename) { return remove_accents( $filename ); } 回答1: Try below code in function file. function sa_sanitize_spanish_chars($filename) { $ext = end(explode('.',

问题 Using Rails, I need to get a plain text and show it as HTML, but I don't want to use <pre> tag, as it changes the format. 回答1: I needed to subclass HTML::WhiteListSanitizer to escape non whitelisted tags (by changing process_node ), monkey patch HTML::Node to don't downcase tags' names and monkey patch HTML::Text to apply <wbr /> word splitting: class Text2HTML def self.convert text text = simple_format text text = auto_link text, :all, :target => '_blank' text = NonHTMLEscaper.sanitize text

问题 I have a website that saves data to a MySQL database Should I escape the HTML upon inserting it into MySQL or upon displaying it on my website? Ideally, I'd like to input raw HTML into my database and just sanitize each time I pull from it. Is there any danger in doing it this way? Example html: <h1>test</h1> 回答1: typically users won't save HTML, but I don't want them to be restricted. Of course that HTML won't be executed. It will just be displayed Should I escape the HTML upon inserting it

问题 I'm running Rails 4.2.x and I have the following problem. The <title> of some pages are generated from user content. So I have to use the sanitize Rails helpers to properly clean it up. But if the user writes something like "A & B", the title shown in browser is A & B which is wrong. What's the correct way of escaping user content on the <title> tag using Rails? At least some special characters should be included... 回答1: We can use CGi also title = "A & B" => "A & B" string = CGI.escapeHTML

问题 I'm running Rails 4.2.x and I have the following problem. The <title> of some pages are generated from user content. So I have to use the sanitize Rails helpers to properly clean it up. But if the user writes something like "A & B", the title shown in browser is A & B which is wrong. What's the correct way of escaping user content on the <title> tag using Rails? At least some special characters should be included... 回答1: We can use CGi also title = "A & B" => "A & B" string = CGI.escapeHTML