Trouble Filtering the \ character

In my application, I cannot allow the user to enter the “” character in
their URL. The only problem is, if I try if sURL.include? “”, it gives
me an error, because I’m guessing it assumes that I am trying to escape
chars with the “” character. If so, how can I check whether the
variable sURL contains the | character? Sorry for such a dumb question.

“Ben V.” [email protected] writes:

In my application, I cannot allow the user to enter the ""
character in their URL. The only problem is, if I try if
sURL.include? "", it gives me an error, because I’m guessing it
assumes that I am trying to escape chars with the "" character.

Try sURL.include? “\”

Jim

Try sURL.include? “\”
Yep, that works - I can’t believe I didn’t think about it. Thanks for
your help and time.

Ben V. wrote:

In my application, I cannot allow the user to enter the “” character in
their URL.

Might be Windows muscle memory. Consider silently replacing it with a
forward slash instead of reporting an error to the user?

David V.

David V. wrote:

Ben V. wrote:

In my application, I cannot allow the user to enter the “” character in
their URL.

Might be Windows muscle memory. Consider silently replacing it with a
forward slash instead of reporting an error to the user?

When your skin gets exposed to UV light the cells are damaged by the
high energy rays. When the damage exceeds a certain level, the cell has
more potential to damage the organism than help it. The cell responds
to this by committing a form of cellular suicide, called apoptosis.

Applying the same principle to code can produce much more robust
applications than you otherwise would get. If a connection acts
unusually suspiciously, it’s often much better to forcefully fail than
to attempt to fix the problem. This is mainly because an attempt to fix
the problem may in itself fail, the validation code becomes much
bulkier and as a result more error prone, and you stand less chance of
giving away information to an attacker.

Whenever suspicious activity is detected (within reason) a generic
failure is usually the best course of action. Mongrel is a very good
example of a Ruby project which takes this approach and is considered
highly secure as a result (I have no connection to the Mongrel
project). If an incorrect HTTP request is encountered it simply drops
the connection, preventing any information from being given to what may
well be an attacker.