Loading ...
Sorry, an error occurred while loading the content.
 

Re: [jslint] Unexpected '\'. in a String literal

Expand Messages
  • ia_perdomo
    ... I m generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the character to avoid a
    Message 1 of 8 , May 20, 2011
      > Is there a reason why you want to have a backslash here?
      >

      I'm generating JavaScript code with a template engine [1] and checking the resulting JS code with JSLint. It escapes the '>' character to avoid a '</script>' [2]

      [1] http://freemarker.org/
      [2] http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

      Thanks for your reply.

      Iván
    • ia_perdomo
      ... I guess that you meant unnecessary :)
      Message 2 of 8 , May 20, 2011
        > > Can you comment why JSLint is reporting Unexpected '\' ?
        >
        > Yes. The \ in that position is necessary.
        >

        I guess that you meant unnecessary :)
      • Rob Richardson
        An escaped is an ampersand then gt then a semicolon. will do nothing to protect you from XSS. Rob ... From: jslint_com@yahoogroups.com
        Message 3 of 8 , May 20, 2011
          An escaped > is an ampersand then 'gt' then a semicolon. \> will do nothing
          to protect you from XSS.

          Rob


          -----Original Message-----
          From: jslint_com@yahoogroups.com [mailto:jslint_com@yahoogroups.com] On
          Behalf Of ia_perdomo
          Sent: Friday, May 20, 2011 12:55 PM
          To: jslint_com@yahoogroups.com
          Subject: Re: [jslint] Unexpected '\'. in a String literal




          > Is there a reason why you want to have a backslash here?
          >

          I'm generating JavaScript code with a template engine [1] and checking the
          resulting JS code with JSLint. It escapes the '>' character to avoid a
          '</script>' [2]

          [1] http://freemarker.org/
          [2]
          http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

          Thanks for your reply.

          Iván
        • Erik Eckhardt
          Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
          Message 4 of 8 , May 20, 2011
            Blacklisting and escaping are tricky propositions when it comes to trying to
            avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
            potential ways to exploit these.

            You're much better off using a whitelist approach, which immediately
            eliminates everything in that XSS cheat sheet.

            On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

            >
            >
            >
            >
            > > Is there a reason why you want to have a backslash here?
            > >
            >
            > I'm generating JavaScript code with a template engine [1] and checking the
            > resulting JS code with JSLint. It escapes the '>' character to avoid a
            > '</script>' [2]
            >
            > [1] http://freemarker.org/
            > [2]
            > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
            >
            > Thanks for your reply.
            >
            > Iv�n
            >
            >
            >


            [Non-text portions of this message have been removed]
          Your message has been successfully submitted and would be delivered to recipients shortly.