IE(11) does not escape "<" character when concatenated with an alphabetical character - html

I posted a similar question earlier but all replies missed the point or just assumed something basic/simple, so I'll try to explain again. Please read on if you wish to help...
I want to be able to type something like <this> is visible and have it show up on a rendered page. When I type the same text without this site's code-text, this is what I get: "something like is visible". Notice that the text between the "<" and ">" is missing.
In fact, I had to add the ">" character otherwise this text would have never showed up. This issue does not happen if the "<" character is not concatenated (i.e.: "something like < this> is visible")
The reason for that is that IE believes I am creating a tag. I want to escape the "<" special character.
Conversion does not work (i.e.: converting "<" to < or <).
Thank you.

I can't insert examples into my comment, but have you tried the following:
Something like <this> is visible.
You can use this page as a reference.

Related

Using grep in BBEdit

I'd like BBEdit to search some HTML and match every paragraph tag that contains a text string like "myText".
This sort of works but often matches beyond the closing ">" of the tag.
<p.*myText[^>]*>
As I understand it, this should match the opening angle bracket-"p", then any number of characters until it finds "myText", then any number of characters that are NOT ">" until it finds the closing ">". What's wrong?
Use <p\s[^>]*myText[^>]*> – from comment by Wiktor Stribiżew.

Regular Expression for HTML attributes

I need to write a regular expression to catch the following things in bold
class="something_A211"
style="width:380px;margin-top: 20px;"
I have no idea how to write it, can someone help me?
I need this because, in html file i have to replace (whit notepad++) with empty, so i want to have a clear < tr > or < td > or anything else.
Thank you
You can use a regex like this to capture the content:
((?:class|style)=".*?")
Working demo
However, if you just want to match and delete that you can get rid of capturing groups:
(?:class|style)=".*?"
For all constructions like something="data", you can use this.
[^\s]*?\=\".*?\"
https://regex101.com/r/oQ5dR0/1
The link shows you what everything does.
To explain it briefly, a non space character can come before the "=" any mumber of times, then comes the quotes and info inside of them.
The question mark in .*? (and character any number of times) is needed so only the minimum amount of characters will be used (instead of looking for the next possible quotes somewhere further along)

JSON escape space characters

How would I escape space characters in a JSON string? Basically my problem is that I've gotten into a situation where the program that reads the string can use HTML tags for formatting, but I need to be able to use these HTML tags without adding more spaces to the string. so things like
<u>text</u>
is fine, for adding underline formatting
but something like
<font size="14">text</font>
is not fine, because the <font> tag with the size attribute adds an extra space to the string. I know, funny criteria, but at this point thats what has happened.
My first speculative solution would be to have some kind of \escape character that JSON can put in between font and size that will solve my "space" problems, something that the HTML will ignore but leave the human readable string in the code without actual spaces.
ex. <font\&size="14">text</font>
displays as: text
kind of like but better?
any solutions?
You can use \u0020 to escape the ' ' character in JSON.

Usage: Escape HTML problem

I ran into an interesting problem.
In our webpage a user can write their own description. We escape all text to make it easy to write (<3 shows up properly and isnt the start of a tag). This also avoids any problems with trying to inject their javascript code or hide something or do anything with html.
A side effect is when a user writes
Hi
My name is
shows up as
Hi My name is
Initially we (really i) wrote var desc = (SafeHtml)obj.desc.HtmlEscape.replace("\n", "\n<br>") however this doesnt replace anything because what really happens is \n is replaced as #&10; since all characters < 0x20 (<--i think) needs an escape to be represented in html.
So my question is, am i doing things right? I changed the replace to ("
", "\n<br/>");. Is this the right way? Escape everything and replace characters you deem 'legal'? ATM i cant think of any other characters to escape.
That's how I'd do it - escape everything, and then replace safe escaped sequences. That said, I don't think you need to replace all characters < 0x20 - I'd leave 0x10 (newline) and 0x13 (carriage return) alone in the escaping step, and then replace them by <br />. Doesn't make much difference though.

escaping html inside comment tags

escaping html is fine - it will remove <'s and >'s etc.
ive run into a problem where i am outputting a filename inside a comment tag eg. <!-- ${filename} -->
of course things can be bad if you dont escape, so it becomes:
<!-- <c:out value="${filename}"/> -->
the problem is that if the file has "--" in the name, all the html gets screwed, since youre not allowed to have <!-- -- -->.
the standard html escape doesnt escape these dashes, and i was wondering if anyone is familiar with a simple / standard way to escape them.
Definition of a HTML comment:
A comment declaration starts with <!, followed by zero or more comments, followed by >. A comment starts and ends with "--", and does not contain any occurrence of "--".
Of course the parsing of a comment is up to the browser.
Nothing strikes me as an obvious solution here, so I'd suggest you str_replace those double dashes out.
There is no good way to solve this. You can't just escape them because comments are read in plaintext. You will have to do something like put a space between the hyphens, or use some sort of code for hyphens (like [HYPHEN]).
Since it is obvoius that you cannnot directly display the '--'s you can either encode them or use the fn:escapeXml or fn:replace tags for appropriate replacements.
JSTL documentation
There's no universal working way to escape those characters in html unless the - characters are in multiples of four so if you do -- it wont work in firefox but ---- will work. So it all depends on the browser. For Example, looking at Internet Explorer 8, it is not a problem, those characters are escaped properly. The same goes for Googles Chrome... However Firefox even the latest browser (3.0.4), it doesn't handle escaping of these characters well.
You shouldn't be trying to HTML-escape, the contents of comments are not escapable and it's fine to have a bare ‘>’ or ‘&’ inside.
‘--’ is its own, unrelated problem and is not really fixable. If you don't need to recover the exact string, just do a replacement to get rid of them (eg. replace with ‘__’).
If you do need to get a string through completely unmolested to a JavaScript that will be reading the contents of the comment, use a string literal:
<!-- 'my-string' -->
which the script can then read using eval(commentnode.data). (Yes, a valid use for eval() at last!)
Then your escaping problem becomes how to put things in JS string literals, which is fairly easily solvable by escaping the ‘'’ and ‘-’ characters:
<!-- 'Bob\x27s\x2D\x2Dstring' -->
(You should probably also escape ‘<’, ‘&’ and ‘"’, in case you ever want to use the same escaping scheme to put a JS string literal inside a <​script> block or inline handler.)