Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Unexpected '\'. in a String literal

Expand Messages
  • John Hawkinson
    ia_perdomo wrote on Fri, 20 May 2011 ... JSLint realizes that if you put a backslash before a character that does not require it,
    Message 1 of 8 , May 20, 2011
    • 0 Attachment
      ia_perdomo <ivan.perdomo.hn@...> wrote on Fri, 20 May 2011
      at 18:12:21 -0000 in <ir6au5+5iui@...>:


      > var s = '\>';
      > Can you comment why JSLint is reporting Unexpected '\' ?

      JSLint realizes that if you put a backslash before a character that
      does not require it, you have probably made a mistake. Since putting a
      backslash before an arbitrary character may turn out to have a special
      meaning (that is not the character! E.g. \n), you should not use
      backslashes unless you need them.

      Is there a reason why you want to have a backslash here?

      --jhawk@...
      John Hawkinson
    • Douglas Crockford
      ... Yes. The in that position is necessary.
      Message 2 of 8 , May 20, 2011
      • 0 Attachment
        --- In jslint_com@yahoogroups.com, "ia_perdomo" <ivan.perdomo.hn@...> wrote:
        >
        > Hi,
        >
        > It seems that this String literal a valid JavaScript code:
        >
        > var s = '\>';
        >
        > But JSLint reports:
        > Problem at line 1 character 11: Unexpected '\'.

        > Can you comment why JSLint is reporting Unexpected '\' ?

        Yes. The \ in that position is necessary.
      • Erik Eckhardt
        If you truly need the backslash, doesn t this work? var s = ; ... [Non-text portions of this message have been removed]
        Message 3 of 8 , May 20, 2011
        • 0 Attachment
          If you truly need the backslash, doesn't this work?

          var s = '\\>';

          On Fri, May 20, 2011 at 11:17 AM, John Hawkinson <jhawk@...> wrote:

          >
          >
          > ia_perdomo <ivan.perdomo.hn@...> wrote on Fri, 20 May 2011
          > at 18:12:21 -0000 in <ir6au5+5iui@...>:
          >
          > > var s = '\>';
          >
          > > Can you comment why JSLint is reporting Unexpected '\' ?
          >
          > JSLint realizes that if you put a backslash before a character that
          > does not require it, you have probably made a mistake. Since putting a
          > backslash before an arbitrary character may turn out to have a special
          > meaning (that is not the character! E.g. \n), you should not use
          > backslashes unless you need them.
          >
          > Is there a reason why you want to have a backslash here?
          >
          > --jhawk@...
          > John Hawkinson
          >
          >
          >


          [Non-text portions of this message have been removed]
        • ia_perdomo
          ... I m generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the character to avoid a
          Message 4 of 8 , May 20, 2011
          • 0 Attachment
            > Is there a reason why you want to have a backslash here?
            >

            I'm generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the '>' character to avoid a '</script>' [2]

            [1] http://freemarker.org/
            [2] http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

            Thanks for your reply.

            Iván
          • ia_perdomo
            ... I guess that you meant unnecessary :)
            Message 5 of 8 , May 20, 2011
            • 0 Attachment
              > > Can you comment why JSLint is reporting Unexpected '\' ?
              >
              > Yes. The \ in that position is necessary.
              >

              I guess that you meant unnecessary :)
            • Rob Richardson
              An escaped is an ampersand then gt then a semicolon. will do nothing to protect you from XSS. Rob ... From: jslint_com@yahoogroups.com
              Message 6 of 8 , May 20, 2011
              • 0 Attachment
                An escaped > is an ampersand then 'gt' then a semicolon. \> will do nothing
                to protect you from XSS.

                Rob


                -----Original Message-----
                From: jslint_com@yahoogroups.com [mailto:jslint_com@yahoogroups.com] On
                Behalf Of ia_perdomo
                Sent: Friday, May 20, 2011 12:55 PM
                To: jslint_com@yahoogroups.com
                Subject: Re: [jslint] Unexpected '\'. in a String literal




                > Is there a reason why you want to have a backslash here?
                >

                I'm generating JavaScript code with a template engine [1] and checking the
                resulting JS code with JSLint. It escapes the '>' character to avoid a
                '</script>' [2]

                [1] http://freemarker.org/
                [2]
                http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

                Thanks for your reply.

                Iván
              • Erik Eckhardt
                Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
                Message 7 of 8 , May 20, 2011
                • 0 Attachment
                  Blacklisting and escaping are tricky propositions when it comes to trying to
                  avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
                  potential ways to exploit these.

                  You're much better off using a whitelist approach, which immediately
                  eliminates everything in that XSS cheat sheet.

                  On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

                  >
                  >
                  >
                  >
                  > > Is there a reason why you want to have a backslash here?
                  > >
                  >
                  > I'm generating JavaScript code with a template engine [1] and checking the
                  > resulting JS code with JSLint. It escapes the '>' character to avoid a
                  > '</script>' [2]
                  >
                  > [1] http://freemarker.org/
                  > [2]
                  > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
                  >
                  > Thanks for your reply.
                  >
                  > Iv�n
                  >
                  >
                  >


                  [Non-text portions of this message have been removed]
                Your message has been successfully submitted and would be delivered to recipients shortly.