I have a method which looks like this
def full
"#{self.first} #{self.second}"
end
problem is that I want to escape it, so to do it in the model I do
def full
ERB::Util.h("#{self.first} #{self.second}")
end
but if first or second have & in it, it would give me & instead of &
also if they have apostrphies ' it would escape them and make it unreadable..
Is there a way to avoid XSS and make the string readable as well?
I think you can use this html_escape Click here...
Related
Is there anyway to use variables in text fields?
For example i have a variable for my file directory STRDIR and default setted to workbooth path
Is there any way to user can write to textbox(name TextBox1) in VBA like that {STRDIR}/theirfilename.txt and after that i plan to see when i Debug.Print TextBox1.Value i would like to see result as STRDIR + "theirfilename.txt"
Is it possible to use like that ? Regards.
You can use
Debug.Print Replace(Textbox1.Value, "{STRDIR}", STRDIR)
but there's no automatic process for variable substitution
Use & for concatenating strings and string-variables.
+ sometimes works with strings in VBA but should be reserved for addition.
Unless you literally want to display the name of the variable, like your example:
`STRDIR + "theirfilename.txt"`
..which means you're looking for a function to provide the same output as this:
Debug.Print "STRDIR + ""theirfilename.txt"""
...but I doubt that's what you mean.
So initially, I thought I was doing something wrong as I can't find anyone else trying to do this, but maybe I just do things in a more complicated way. Anyway; I have this line of code:
newtab(listA(i).Split("""))
That, in my mind should work, because why wouldn't you want to split a string by ", right? Well apparently vb.NET doesn't like that.
newtab(listA(i).Split(""""))
You need to use "" for a " within "..."
Try using
newtab(listA(i).Split("\""))
Using vb.net and visual studio 2012.
I have a bunch of strings using custom text replacement.
By that I mean that they are all one-line strings using, for example, "&1" to replace 'vbcr' and so on.
I have to take this string and replace all the "&1" by a vbcr.
I tried using regex and stringbuilder replace. Here is an example:
finaltext = firsttext.Replace("&1", vbcr)
But doing it this way results in replacing the "&1" by a simple space.
I thought that vbcr was the problem but I tried to reverse my code by:
finaltext = firsttext.Replace(vbcr, "&1")
The vbcr were correctly replaced by "&1" so I don't understand why my original code is not working.
I know it's possible using a long complicated custom function but I would prefer to avoid this solution if possible.
According to MSDN, the syntax of String.Replace states that the first argument is the oldValue and the second argument is the one that replaces it.
Also, if you need newlines, you should be using Environment.NewLine:
finaltext = firsttext.Replace("&1", Environment.NewLine)
Environment.NewLine is easier to read and it also takes care of the platform for you, being
A string containing "\r\n" for non-Unix platforms, or a string
containing "\n" for Unix platforms.
If I have a string like input = "AA["
If Right(input, 1) = "[" Then Do stuff
The If statement returns false, even if I try converting things around to chars, etc etc. But if I do this is returns true:
Dim temp As String = Right(input, 1)
If temp = "[" Then Do Stuff
I like knowing little semantics like this, any idea why it comes out this way?
Or don't use Right at all since this is .Net
Dim s As String = "AAAAAAA]"
If s.Substring(s.Length - 1, 1) = "]" Then
Stop
End If
'or
If s(s.Length - 1) = "]" Then
Stop
End If
I've seen weird behavior like that when debugging.
In fact, today I had something simlar
Dim records As Integer
records = If(o.dr Is Nothing, o.ADO.rs.RecordCount, o.ADO.DS.Tables("tbl").Rows.Count)
That should work, using the rs.RecordCount when dr is nothing, otherwise using the Rows.Count. It didn't, records was ending up as zero. Rewrote it as a full if then/else block and it works.
It's never my first thought that the compiler/debugger/ide is messing things up, but you should keep it in the back of your mind for consideration: the programmers that wrote those programs are just as human and fallible as you or me.
It shouldn't. Are you sure you didn't have a typo? The result of RIGHT is a string, and if the input was truly "AA[" the IF will have passed.
I've never had VB act wonky on something like this.
If the code appears in a form, then the .Right property of the form overrides the string manipulation function. You need to specify the parent namespace - e.g. VisualBasic.Right - to ensure that you get the correct method.
I think you may have some kind of strange overload confusion occuring here.
You are specifiing "Right" (which could be calling a local "Right" function).
The function your implying is "Microsoft.VisualBasic.Strings.Right" in most of my code ends up being "Strings.Right" due to the global import.
I would try changing you code to the below and see if it still happens, in order to rule out some overload/scope confusion. (and/or the reduced "Strings.Right")
If Micosoft.VisualBasic.Strings.Right(input, 1) = "[" Then Do stuff
I am facing an issue with my code .
the thing is i want to escape { in the string.format function ...
Of course one way to escape it is to use {{ (2 curly braces)
Is there any other way possible to escape without using the double curly braces.
thanks
Why would there be another solution? {{ is specified as the way of escaping braces in a format string... I can't see why the API designers would include another way.
Of course, you could also provide a format parameter and then populate it with a brace:
Dim text as String = string.Format("{0}{1}", "{", "}")
will give "{}" as a string, for example... but I can't see that this is a better solution.
Perhaps if you could say why you dislike the normal solution (double curly braces) we could advise you on an alternative - but there isn't one within the format specification "language" itself, as far as I'm aware.
No, unfortunately it is not possible.
Well, you could do it this way, but not a good idea in my view.
Dim str1 As String = "Print this " & Chr(123) & "0" & Chr(125) & " string"
Dim str2 As String = "silly"
Console.WriteLine(String.Format(str1, str2))
Console.ReadLine()