Loading ...
Sorry, an error occurred while loading the content.

Re: Unexpected '\'. in a String literal

Expand Messages
  • Douglas Crockford
    ... Yes. The in that position is necessary.
    Message 1 of 8 , May 20, 2011
    • 0 Attachment
      --- In jslint_com@yahoogroups.com, "ia_perdomo" <ivan.perdomo.hn@...> wrote:
      >
      > Hi,
      >
      > It seems that this String literal a valid JavaScript code:
      >
      > var s = '\>';
      >
      > But JSLint reports:
      > Problem at line 1 character 11: Unexpected '\'.

      > Can you comment why JSLint is reporting Unexpected '\' ?

      Yes. The \ in that position is necessary.
    • Erik Eckhardt
      If you truly need the backslash, doesn t this work? var s = ; ... [Non-text portions of this message have been removed]
      Message 2 of 8 , May 20, 2011
      • 0 Attachment
        If you truly need the backslash, doesn't this work?

        var s = '\\>';

        On Fri, May 20, 2011 at 11:17 AM, John Hawkinson <jhawk@...> wrote:

        >
        >
        > ia_perdomo <ivan.perdomo.hn@...> wrote on Fri, 20 May 2011
        > at 18:12:21 -0000 in <ir6au5+5iui@...>:
        >
        > > var s = '\>';
        >
        > > Can you comment why JSLint is reporting Unexpected '\' ?
        >
        > JSLint realizes that if you put a backslash before a character that
        > does not require it, you have probably made a mistake. Since putting a
        > backslash before an arbitrary character may turn out to have a special
        > meaning (that is not the character! E.g. \n), you should not use
        > backslashes unless you need them.
        >
        > Is there a reason why you want to have a backslash here?
        >
        > --jhawk@...
        > John Hawkinson
        >
        >
        >


        [Non-text portions of this message have been removed]
      • ia_perdomo
        ... I m generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the character to avoid a
        Message 3 of 8 , May 20, 2011
        • 0 Attachment
          > Is there a reason why you want to have a backslash here?
          >

          I'm generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the '>' character to avoid a '</script>' [2]

          [1] http://freemarker.org/
          [2] http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

          Thanks for your reply.

          Iván
        • ia_perdomo
          ... I guess that you meant unnecessary :)
          Message 4 of 8 , May 20, 2011
          • 0 Attachment
            > > Can you comment why JSLint is reporting Unexpected '\' ?
            >
            > Yes. The \ in that position is necessary.
            >

            I guess that you meant unnecessary :)
          • Rob Richardson
            An escaped is an ampersand then gt then a semicolon. will do nothing to protect you from XSS. Rob ... From: jslint_com@yahoogroups.com
            Message 5 of 8 , May 20, 2011
            • 0 Attachment
              An escaped > is an ampersand then 'gt' then a semicolon. \> will do nothing
              to protect you from XSS.

              Rob


              -----Original Message-----
              From: jslint_com@yahoogroups.com [mailto:jslint_com@yahoogroups.com] On
              Behalf Of ia_perdomo
              Sent: Friday, May 20, 2011 12:55 PM
              To: jslint_com@yahoogroups.com
              Subject: Re: [jslint] Unexpected '\'. in a String literal




              > Is there a reason why you want to have a backslash here?
              >

              I'm generating JavaScript code with a template engine [1] and checking the
              resulting JS code with JSLint. It escapes the '>' character to avoid a
              '</script>' [2]

              [1] http://freemarker.org/
              [2]
              http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

              Thanks for your reply.

              Iván
            • Erik Eckhardt
              Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
              Message 6 of 8 , May 20, 2011
              • 0 Attachment
                Blacklisting and escaping are tricky propositions when it comes to trying to
                avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
                potential ways to exploit these.

                You're much better off using a whitelist approach, which immediately
                eliminates everything in that XSS cheat sheet.

                On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

                >
                >
                >
                >
                > > Is there a reason why you want to have a backslash here?
                > >
                >
                > I'm generating JavaScript code with a template engine [1] and checking the
                > resulting JS code with JSLint. It escapes the '>' character to avoid a
                > '</script>' [2]
                >
                > [1] http://freemarker.org/
                > [2]
                > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
                >
                > Thanks for your reply.
                >
                > Iv�n
                >
                >
                >


                [Non-text portions of this message have been removed]
              Your message has been successfully submitted and would be delivered to recipients shortly.