Loading ...
Sorry, an error occurred while loading the content.
 

Re: Unexpected '\'. in a String literal

Expand Messages
  • ia_perdomo
    ... I guess that you meant unnecessary :)
    Message 1 of 8 , May 20 12:56 PM
      > > Can you comment why JSLint is reporting Unexpected '\' ?
      >
      > Yes. The \ in that position is necessary.
      >

      I guess that you meant unnecessary :)
    • Rob Richardson
      An escaped is an ampersand then gt then a semicolon. will do nothing to protect you from XSS. Rob ... From: jslint_com@yahoogroups.com
      Message 2 of 8 , May 20 1:15 PM
        An escaped > is an ampersand then 'gt' then a semicolon. \> will do nothing
        to protect you from XSS.

        Rob


        -----Original Message-----
        From: jslint_com@yahoogroups.com [mailto:jslint_com@yahoogroups.com] On
        Behalf Of ia_perdomo
        Sent: Friday, May 20, 2011 12:55 PM
        To: jslint_com@yahoogroups.com
        Subject: Re: [jslint] Unexpected '\'. in a String literal




        > Is there a reason why you want to have a backslash here?
        >

        I'm generating JavaScript code with a template engine [1] and checking the
        resulting JS code with JSLint. It escapes the '>' character to avoid a
        '</script>' [2]

        [1] http://freemarker.org/
        [2]
        http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string

        Thanks for your reply.

        Iván
      • Erik Eckhardt
        Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
        Message 3 of 8 , May 20 1:47 PM
          Blacklisting and escaping are tricky propositions when it comes to trying to
          avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
          potential ways to exploit these.

          You're much better off using a whitelist approach, which immediately
          eliminates everything in that XSS cheat sheet.

          On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

          >
          >
          >
          >
          > > Is there a reason why you want to have a backslash here?
          > >
          >
          > I'm generating JavaScript code with a template engine [1] and checking the
          > resulting JS code with JSLint. It escapes the '>' character to avoid a
          > '</script>' [2]
          >
          > [1] http://freemarker.org/
          > [2]
          > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
          >
          > Thanks for your reply.
          >
          > Iv�n
          >
          >
          >


          [Non-text portions of this message have been removed]
        Your message has been successfully submitted and would be delivered to recipients shortly.