This question already has answers here:
Right angle bracket in HTML
(2 answers)
Closed 7 years ago.
I am wondering if the symbol > always needs to be converted into >, if the input is coming from a user? I could understand that < (<) would need to, since the next characters could be interpreted as HTML, but what harm could > have?
It depends what you are going to do with the data. If you're going to render it to a page, it should be HTML-escaped (meaning converted to >). If you're doing pretty much anything else then it should not.
Related
This question already has answers here:
HTML attribute with/without quotes
(6 answers)
Closed 1 year ago.
What is regarded as best practice when writing HTML, double or single quotes around attribute values, upper- or lower-case attribute names?
Best practice is to use a tool like prettier https://prettier.io
It formats your code every time you save your file. Then you will never have to think about it again.
This question already has answers here:
Using explicitly numbered repetition instead of question mark, star and plus
(4 answers)
Closed 2 years ago.
I have a pattern that I am using and it does everything I need it to except for it does not allow for an 10 digit phone number and not all UK numbers are 11 digits, for example, 01932 783433 is allowed and valid but 01932 78383 is also valid but not allowed;
Pattern:
^\s*\(?(020[7,8]{1}\)?[ ]?[1-9]{1}[0-9{2}[ ]?[0-9]{4})|(0[1-8]{1}[0-9]{3}\)?[ ]?[1-9]{1}[0-9]{2}[ ]?[0-9]{3})\s*$
I've tried without success to edit the pattern but each time I make a change and think I'm there the pattern starts allowing non numeric characters like 'ext 456' (extension numbers) at the end which is what I am trying to stop.
Is anyone able to help with a solution to make the 11th digit optional without changing anything else?
The comments of changing {3} to {2,3} resolve the issue I was having and the pointer to regex101.com were very useful in understanding my issue.
This question already has answers here:
Proper way to restrict text input values (e.g. only numbers)
(18 answers)
Closed 2 years ago.
User is allowed to enter all the alphabets and numbers but when the special-characters are entered then it shouldn't be entered in the the text box.
I tried doing this using (ng-pattern-restrict) but it's not working as expected, I think it might be possible that it needs to be imported in
app-module.ts but not working.
HTML FILE
#Shashank has a valid point of view. What you want to do is disable the entry of special characters from the backend, as well as render the field invalid from the frontend. A hacker knowing what they're doing would easily manipulate the HTTP Request itself rather than the field, making it pretty vulnerable.
However, if you insist on your solution, I would recommend using RegEx. This sample expression might come in handy. That way, whenever the input field detects one of these special characters, it would replace that character with a ''
This question already has answers here:
COMPLETE list of HTML tag attributes which have a URL value?
(2 answers)
Closed 7 years ago.
Obviously a href and img src. Are there any others? How would you search for this?
One of them is certainly srcset on the picture element, well its contains a URL but is maybe one.
Not sure how to properly search for one, maybe browsers have implemented some logic like that?
Mh, at least servo has implemented a generic get_url_attribute function which tries to converts any attribute to a URL https://github.com/servo/servo/blob/master/components/script/dom/element.rs#L997 sorry no help here
This question already has answers here:
How to display HTML tags as plain text [duplicate]
(11 answers)
Closed 9 years ago.
I'm currently creating a website and I need to show an example of code on the page. simply putting it within a p obviously doesn't work, as the tags do not display. Is there anyway to get them to display on the webpage?
You can put code in <code> tags (if what you're displaying is in a programming language) just to get something going quickly. If what you're displaying is Markup (HTML), you'll have to replace < with < and > with >.
You can also look at tools like SyntaxHighlighter if you want your code to be more readable.