Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Unexpected '\'. in a String literal

Expand Messages
  • Erik Eckhardt
    If you truly need the backslash, doesn t this work? var s = ; ... [Non-text portions of this message have been removed]
    Message 1 of 8 , May 20, 2011
    • 0 Attachment
      If you truly need the backslash, doesn't this work?

      var s = '\\>';

      On Fri, May 20, 2011 at 11:17 AM, John Hawkinson <jhawk@...> wrote:

      >
      >
      > ia_perdomo <ivan.perdomo.hn@...> wrote on Fri, 20 May 2011
      > at 18:12:21 -0000 in <ir6au5+5iui@...>:
      >
      > > var s = '\>';
      >
      > > Can you comment why JSLint is reporting Unexpected '\' ?
      >
      > JSLint realizes that if you put a backslash before a character that
      > does not require it, you have probably made a mistake. Since putting a
      > backslash before an arbitrary character may turn out to have a special
      > meaning (that is not the character! E.g. \n), you should not use
      > backslashes unless you need them.
      >
      > Is there a reason why you want to have a backslash here?
      >
      > --jhawk@...
      > John Hawkinson
      >
      >
      >


      [Non-text portions of this message have been removed]
    • ia_perdomo
      ... I m generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the character to avoid a
      Message 2 of 8 , May 20, 2011
      • 0 Attachment
        > Is there a reason why you want to have a backslash here?
        >

        I'm generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the '>' character to avoid a '</script>' [2]

        [1] http://freemarker.org/
        [2] http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

        Thanks for your reply.

        Iván
      • ia_perdomo
        ... I guess that you meant unnecessary :)
        Message 3 of 8 , May 20, 2011
        • 0 Attachment
          > > Can you comment why JSLint is reporting Unexpected '\' ?
          >
          > Yes. The \ in that position is necessary.
          >

          I guess that you meant unnecessary :)
        • Rob Richardson
          An escaped is an ampersand then gt then a semicolon. will do nothing to protect you from XSS. Rob ... From: jslint_com@yahoogroups.com
          Message 4 of 8 , May 20, 2011
          • 0 Attachment
            An escaped > is an ampersand then 'gt' then a semicolon. \> will do nothing
            to protect you from XSS.

            Rob


            -----Original Message-----
            From: jslint_com@yahoogroups.com [mailto:jslint_com@yahoogroups.com] On
            Behalf Of ia_perdomo
            Sent: Friday, May 20, 2011 12:55 PM
            To: jslint_com@yahoogroups.com
            Subject: Re: [jslint] Unexpected '\'. in a String literal




            > Is there a reason why you want to have a backslash here?
            >

            I'm generating JavaScript code with a template engine [1] and checking the
            resulting JS code with JSLint. It escapes the '>' character to avoid a
            '</script>' [2]

            [1] http://freemarker.org/
            [2]
            http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

            Thanks for your reply.

            Iván
          • Erik Eckhardt
            Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
            Message 5 of 8 , May 20, 2011
            • 0 Attachment
              Blacklisting and escaping are tricky propositions when it comes to trying to
              avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
              potential ways to exploit these.

              You're much better off using a whitelist approach, which immediately
              eliminates everything in that XSS cheat sheet.

              On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

              >
              >
              >
              >
              > > Is there a reason why you want to have a backslash here?
              > >
              >
              > I'm generating JavaScript code with a template engine [1] and checking the
              > resulting JS code with JSLint. It escapes the '>' character to avoid a
              > '</script>' [2]
              >
              > [1] http://freemarker.org/
              > [2]
              > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
              >
              > Thanks for your reply.
              >
              > Iv�n
              >
              >
              >


              [Non-text portions of this message have been removed]
            Your message has been successfully submitted and would be delivered to recipients shortly.