On 3/8/2017 12:21 PM, Benedikt Ritter wrote: > Hello Yasser, > > Sorry for the late reply! I have been on vacation and needed some time to go > through all the mails that have piled up :-) Hello Benedikt , thank you very much for your answer > > StringEscapeUtils contains general String escaping routines. It does not > focus on business related escaping (how would you draw that line anyway?). > escapeEcmaScript just escapes the characters in a String using EcmaScript > String rules. > Can you please provide a failing test case showing the problem you see? > Yes, you're right. I mis-used the method. it is for escaping an ecma string that can be used inside an another ecma string but I wrongly used that for escape from script injection! > So „<" and „>“ are not escaped by escapeEcmaScript.. My failure :( >> >> And finally just for a curious, why `ESCAPE_ECMASCRIPT` does not include >> `OctalUnescaper` but `UNESCAPE_ECMASCRIPT = UNESCAPE_JAVA` does? > > Again it is because it just escapes according to EcmaScript escaping rules. It's some weird , you mean escaping ecma script does not need escaping octal, but un-escaping ecma script does need also un-escaping octal? i.e. inverse of escaping is not equal to unescaping and vice versa.
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
