javascript - Add safe HTML inside unsafe string appended with .text() -


so if have unsafe string:
'<div id='unsafe'></div> unsafe2 <div id='unsafe3'></div>' safely appended (or going appended) inside div container via div.text(str), how can safely , efficiently replace middle part of string - unsafe2 (or few separate parts in bigger string) trusted html (let's inline-block element), displayed html,

i.e final display inside container must this:

                          ___  <div id='unsafe'></div> |___| <div id='unsafe3'></div>

edit: assuming know how find unsafe2 inside string. question of proper , safe replacement 1 bothers me.

edit2: here's simple fiddle: https://jsfiddle.net/5pa7do7w/ type containing word doggy(hello doggy, i'm here!) , hit enter, assume unsafe string came other user's end. in 'chat' field doggy replaced colored span doggy. easy do, using .html(str), approach if input unsafe string <script> alert example - trigered, whole string appended html. want append hello doggy, i'm here! via .text(str) 'escape' it, butt still able swap doggy colored html now.

edit3: while trying solve - updated fiddle. how must , work: https://jsfiddle.net/5pa7do7w/1/ try enter <div></div> hey doggy <script> window.alert(hello) </script> doggy. afraid possible break out of js scope xss, costantly using unescaped string in code while splitting it, , not sure there vulnerability or not.


-

Popular posts from this blog

c# - ODP.NET Oracle.ManagedDataAccess causes ORA-12537 network session end of file -

overview i want replace oracle.dataaccess orcale. managed dataaccess, opening connection latter throws ora-12537 network session end of file exception. exception message / stack trace {oracleinternal.network.networkexception (0x000030f9): ora-12537 : netzwerksession: dateiende @ oracleinternal.network.readerstream.read(orabuf ob) @ oracleinternal.ttc.orabufreader.getdatafromnetwork() @ oracleinternal.ttc.orabufreader.read(boolean bignoredata) @ oracleinternal.ttc.marshallingengine.unmarshalub1(boolean bignoredata) @ oracleinternal.ttc.ttcprotocolnegotiation.readresponse()} i trying connect oracle 11g database , not have client installed on local machine. working test application (unmanaged) using oracle.dataaccess works fine . using system; using oracle.dataaccess.client; namespace app.odp.unmanaged { internal class program { private static void main(string[] args) { //dummy connection string
Read more

matlab - Compression and Decompression of ECG Signal using HUFFMAN ALGORITHM -

i want compress , decompress ecg signal stored text message text file , find out file size, cr,prd ratio,and qs. here code compression , decompression of ecg signal using huffman algorithm. i'm trying find out file size, compression ratio,prd ratio,qs. but error i'm getting the ecg file in text format. %clearing variables , screen enter code here clear all; close all; clc; [file1]=uigetfile('*.txt'); %fprintf('enter ecg file name :%s',file1); p=file1; t=sprintf('%s',p); b1=dlmread([file1]); len=length(b1); lead=input('enter lead number :'); %lead=str2double(lead); col2=b1(1:end,lead); e=fix(sqrt(len)); m=1; i=1:e j=1:e g2(i,j)=fix(col2(m)*1000); %amplifying 1000 m=m+1; end end g3=g2; i=1:e j=1:e
Read more

utf 8 - split utf-8 string into bytes in python -

i trying split utf-8 string bytes in python 3. problem is, when use bytearray, byte, encode etc functions array size of element 14 bytes, not 1 byte expected. need split text file sequence of bytes , send them byte after byte using sockets. tried this: infile = open (file, "r") str = infile.read() byte_str = bytes(str, 'utf-8') print("size of byte_str",sys.getsizeof(byte_str[0])) print gives me 14, need 1... suggestion? quoting official documentation : sys.getsizeof(object[, default]) return size of object in bytes. object can type of object. built-in objects return correct results, not have hold true third-party extensions implementation specific. only memory consumption directly attributed object accounted for, not memory consumption of objects refers to. if given, default returned if object not provide means retrieve size. otherwise typeerror raised. getsizeof() calls object’s __sizeof__ method , adds
Read more