escaping

After the fine and long article about escaping from Matthias here some examples for special characters in a simple web application. This article should be only an inspiration, I will describe some code samples with python/javascript and explain why [<"@%'&_\?/:;,>কী €] is the ultimate input to test input in web applications.

The demo application offers a simple form with name and message field for an one-line guest book.Read more

Escaping is the art of transforming a text into a transport format from which it can be extracted again without any modification.

That's something every developer does - to a certain level. For example take the sentence

Matthias says: "I love Javascript".

Now put this sentence in a Java source code:

If you don't complain about this, your compiler will. In Java (any many other programming languages) the quotation mark " has a special meaning, it defines a string. So if you have a string containing the quotation mark, you need to escape it:

If you print out s, the original text is shown: