Ultimate Website Testing String
Question
I've been grappling with the fraught area of escaping user (text) input for web pages. The ultimate goal is to have user input displayed and stored exactly as typed in, without breaking anything.
To that end I have been using the following test string :
'"_$%^&*()+=-£{}[]/n/<>\\@~;|,.?#:! &``"'
It seems to work well (even Stack Overflow or Twitter is not immune, hence the back ticks). My question is, will this string capture most escaping problems, for example going from a web page via Ajax and to a database and back again?
In fact how do I display this string in Stack Overflow without the back ticks?
Is there a better one, eg say one that will highlight encoding problems too?
4 answers
solution1
1 ACCPTED 2009-09-25 14:21:12
When I'm testing, I'm using something like this
a'b<'>",!"/%$?$&?% (()%/"!"/&?%$/" &$/"?%&?-f¯Ñ112üêù
This is generally sufficient to highlight encoding issues, at least from what I can see.
solution2
1 2009-09-25 16:23:56
包含诸如unicode x2202之类的数学符号也可能很有用。
solution3
0 2009-09-25 14:22:33
That seems like it should be all of them. The smartest thing to do would be to (depending on the language you're using) use a library that has been well tested, that can sanitize user input. Just ask around what other websites use.
solution4
0 2009-09-25 16:47:53
See here: http://gendoh.com/2511063
The post itself is written in Korean, but you could see what makes difference between several given patterns. (V1 to V3 are for generic web apps while V4 and V5 is for javascripts.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.