1

I have a string "akl&#85@^" as a password retrieved from database. The string is showing a different value as "aklU@^" on the web page.

It is basically because "&#85" is the HTML ASCII code of the upper case letter "U".

Is there anyway I can skip the convertion, and display the string as "akl&#85@^"? Thanks.

Not sure if it matters, I'm coding in C#.

Improve this question
6
  • Which language you are using and can you show your code? Commented Jul 20, 2018 at 21:10
  • String.fromCharCode(n1, n2, ..., nX) use this function, in java script Commented Jul 20, 2018 at 21:16
  • 1
    You really shouldn't display your users' passwords. Commented Jul 20, 2018 at 21:21
  • 3
    You shouldn't even know your users' passwords. plaintextoffenders.com/faq/devs Commented Jul 21, 2018 at 0:25
  • 1
    Which web page rendering technology are you using? Razor? Webforms? Roll-your-own? Your code seems vulnerable to HTML/script-injection (or just plain misformatting) if you are pasting data strings into HTML code. Your question is an attempt to address it but be sure to do it systematically. Every HTML text node is HTML, not text. Commented Jul 21, 2018 at 0:34

3 Answers 3

Reset to default
3

You can use the following function to escape HTML

function escapeHTML(str){
    return str.replace( /[\u00A0-\u9999<>\&]/gim, function( i) { return '&#' + i .charCodeAt(0) + ';'; });
}


<span id="testResult"></span>
<script>
function escapeHTML(str){
        return str.replace( /[\u00A0-\u9999<>\&]/gim, function( i) { return '&#' + i .charCodeAt(0) + ';'; });
    }
document.getElementById("testResult").innerHTML = escapeHTML("akl&#85@^");
</script>

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I don't really know C# but basically I believe you should do a replace operation of the password string, replacing & with &amp;.

Improve this answer

1 Comment

I ended up doing a stringvalue.replace('&', '&amp') in some javascript that was being used to get this value and that got it to display correctly. Nice and simple! Thanks!
0 
function unicodeEscape(str) {
  for (var result = '', index = 0, charCode; !isNaN(charCode = str.charCodeAt(index++));) {
    result += '\\u' + ('0000' + charCode.toString(16)).slice(-4);
  }
  return result;
}

Or you can use this 

function escapeUnicode(str) {
    return str.replace(/[^\0-~]/g, function(ch) {
        return "\\u" + ("000" + ch.charCodeAt().toString(16)).slice(-4);
    });
}

You can use this to skip all of your unicode ascii, this is not created by me just found this which will work for you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.