How to escape variables from DB like ${HOST}?
The situation happens when there is some code posted in tags <pre><code>.
If it remains as it is there's the error
Uncaught ReferenceError: HOST is not defined.
It's needed in a context where it's required to use the character ` for enclosure to prevent the error (it's a multiline content)
Uncaught SyntaxError: '' string literal contains an unescaped line break
The line generating error it's
e.setContent(escape(`<? echo $getpost["post"]; ?>`));
It gives the same error also by using
htmlspecialchars(addslashes())
This line:
e.setContent(escape(`<? echo $getpost["post"]; ?>`));
ends in your code as:
e.setContent(escape(`bla
bla2
bla3
`));
Because the $getpost["post"] contained newlines.
And your javascript isn't happy about the newlines.
Solution?
That depends on what you are trying to achieve, but you have to escape your newline somehow.
For example, replace it by \n, or NEWLINE and replace it back later.
Hard to say, but the reason for your error is the newline
Related
I'm using prestashop as a cms and i want to display specific products on a page.
I found a module to do so by writing for example this line of code : [ph-product-cms id="1"] which will be converted at the execution into many lines of code with multiple quotes to display the products
The thing is when i try to use innerhtml like this : document.getElementsByClassName('test0 prod')[0].innerHTML = "[ph-product-cms id="1"]"; it shows Uncaught SyntaxError : Unexpected identifier
I tried single quotes but it doesn't work either.
Wherever you find double-quotes put a \ before them to escape them. For example,
\[ph-product-cms id=\"1\"]
I am trying to format a MAC address in a table that is populated using AngularJS:
<tr ng-repeat="dev in devices">
<td>{{dev.mac.replace(/(.{2})/g,"$1:")}}</td>
</tr>
{{dev.mac}} works just fine (aside from being unformatted), but when I add the .replace() function it breaks. I tried escaping the forward slash based on the error I received, which didn't help. Is .replace() not available inside the browser or is there a different syntax for regex inside the double braces or what am I doing wrong?
The goal is to convert AABBCCDDEEFF into AA:BB:CC:DD:EE:FF as easily as possible within the double braces. As a bonus question, how do I prevent the trailing ':' in the regex (it currently prints AA:BB:CC:DD:EE:FF:)?
Edit: Adding the error message
Error: $parse:syntax
Syntax Error
Syntax Error: Token '/' not a primary expression at column 20 of the
expression [dev.mac.replace(/(.{2})/g,"$&:")] starting at
[/(.{2})/g,"$&:"].
That seems to indicate the forward slash is causing the problem, but like I said, escaping it doesn't help.
Rather than running your replace inline like that, it'd be better to abstract that out into a function, that should fix any issues you're having with it not getting interpreted correctly. This article shows the right syntax for declaring a function on the scope to call here: function call inside Angular double curly braces, it should be something like this
$scope.fixMacAddress = function(addr)
{
return addr.replace(/(.{2})/g,"$1:")
}
and
{{ fixMacAddress(dev.mac) }}
I understand that there is probably something at play here that I am not aware of, but I cannot understand how I can be getting the following error:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in F:\Software Development\****\HTDOCS\pages\home2.php on line 17
All six of the following lines throw that error when executed. Their purpose is to output array values into a JavaScript.
echo "$title['{$line}'] = {$get['title']};";
echo "$content['{$line}'] = {$get['content']};";
echo "$islink['{$line}'] = {$get['islink']};";
echo "$linktext['{$line}'] = {$get['linktext']};";
echo "$linkurl['{$line}'] = {$get['linkurl']};";
echo "$path['{$line}'] = {$get['path']};";
The $get PHP array is storing a mysqli_fetch_array(). I want to know what is causing the error above in my code, which only uses a single beginning and end quote, and how to prevent it. I am aware that this could get flagged as a duplicate, as many questions on this topic have, but none in a fairly large sample those topics have been able to me.
You want:
"\$title['{$line}'] ...
Or:
"\$title['$line'] ...
Double-quoted strings expand variables, so PHP is seeing "$title ... as a PHP variable, followed by what appears to be array syntax; it's a syntax error not to put array syntax with curly braces wrapped around in a double-quoted string, hence the error.
From the manual:
The complex syntax can be recognised by the curly braces surrounding
the expression.
If a dollar sign ($) is encountered, the parser will greedily take as
many tokens as possible to form a valid variable name. Enclose the
variable name in curly braces to explicitly specify the end of the
name.
Array references require the complex syntax.
See: http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing
This is my code :
<c:forEach items="${entry.value}" var="keyval">
var bdgroup= {
elem1: '${keyval.partno}',
elem2: '${keyval.location}',
elem3: '${keyval.village}',
elem4: '${keyval.id}'
};
exampleArray.push(bdgroup);
</c:forEach>
i am getting
'unterminated string literal error'`
sometimes it works fine but for other times this error happens..
When e.g. ${keyval.id} gets expanded, if it has a single quote in it, then the Javascript will look like
elem1: 'what's up?'
thus your unterminated string error.
Escape the quotes before you put them in JSON.
Escape the single quotes and any other special characters, so that the values are taken correctly.
I'm ==> I\'m
Looks like you're using a taglib, and the elements inside the single quotes are being generated by the page processor.
I'll bet that on the times that it fails, your values contain single quotes.
Escape the single quotes, and that should fix it.
Previously, I am encountering "unterminated string literal strange error" in JS: SyntaxError: unterminated string literal strange error
I kinda fix it using json_encode since newlines are escaped.
Now I am getting these odd results, for example this JS variable (processed with json_encode):
cacheObj_open.handler='<pre class="brush: html;">"<html>\r\n<body>\r\n<p>Hello world.<\/p>\r\n<\/body>\r\n<\/html>"</pre>';
Will output with codes having double quotes around them:
"<html>
<body>
<p>Hello world.</p>
</body>
</html>"
The above code runs without console error. But the one below (also processed with json_encode) throws SyntaxError: missing ; before statement error:
cacheObj_open.handler='<pre class="brush: html;">"\r\n<?php\r\n$stmt = $dbh->prepare("SELECT * FROM REGISTRY where name = ?");\r\nif ($stmt->execute(array($_GET['name']))) {\r\n while ($row = $stmt->fetch()) {\r\n print_r($row);\r\n }\r\n}\r\n?>"</pre>';
What is the best way to avoid any errors when outputting HTML entity source code to a JS variable? I know that json_encode will escape some new lines(this is a good idea) but based on the above example, it still throws an error for some codes. I appreciate any inputs and suggestions.
I have tried adding addslashes on PHP side but it still throws the error.
The error in this case is at execute(array($_GET['name'], the single quotes here close the quotes surrounding the whole string. They should be escaped with a backslash.