commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasser.zam...@live.com>
Subject Re: [lang] Question with the StringEscapeUtils.(un)escapeEcmaScript
Date Sat, 11 Mar 2017 12:07:54 GMT


On 3/8/2017 12:21 PM, Benedikt Ritter wrote:
> Hello Yasser,
>
> Sorry for the late reply! I have been on vacation and needed some time to go through
all the mails that have piled up :-)
Hello Benedikt , thank you very much for your answer
>
> StringEscapeUtils contains general String escaping routines. It does not focus on business
related escaping (how would you draw that line anyway?). escapeEcmaScript just escapes the
characters in a String using EcmaScript String rules.
> Can you please provide a failing test case showing the problem you see?
>
Yes, you're right. I mis-used the method. it is for escaping an ecma 
string that can be used inside an another ecma string but I wrongly used 
that  for escape from script injection!
> So „<" and „>“ are not escaped by escapeEcmaScript..
My failure :(
>>
>> And finally just for a curious, why `ESCAPE_ECMASCRIPT` does not include
>> `OctalUnescaper` but `UNESCAPE_ECMASCRIPT = UNESCAPE_JAVA` does?
>
> Again it is because it just escapes according to EcmaScript escaping rules.
It's some weird , you mean escaping ecma script does not need escaping 
octal, but un-escaping ecma script does need also un-escaping octal? 
i.e. inverse of escaping is not equal to unescaping and vice versa.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Mime
View raw message