Ian, I'm not able to reproduce this issue as you've stated it. Here's the test I did:
<@ASSIGN val <@SQ>> <@ASSIGN array <@ARRAY value="a,b;<@SQ>,2;">> <@FILTER array=array expr='#1 = @@val'> And the return of @FILTER was the correct array, without error. I'm on 7.1.1 Windows. Please see if my test works on your system to rule out a difference. Then we'll need to look more closely ar your case. Robert -----Original Message----- From: Ian Evans [mailto:[email protected]] Sent: Monday, May 23, 2016 12:36 PM To: [email protected] Subject: TeraScript-Talk: proper encoding for untrusted input in meta tag expressions Hi, I'm trying to filter an array based on user input, and assign the result: <@ASSIGN NAME="array_contains_input" SCOPE="request" VALUE="<@FILTER ARRAY='request$some_array' EXPR='#1 = <@VAR request$untrusted_input>'>"> If the untrusted input contains ' (single quote) or " (double quote) or both, the application errors out with "Error during expression evaluation." I assume it's because the quote mark in the input is being parsed as part of the meta tag. Is there any way to encode the untrusted input so that if it contains single or double quotes it will not interrupt the expression parsing, but would still be accurately compared in the expression? This code is running on: TeraScript Server Advanced 7.0.3.0 Mac OS X (32-bit) Thanks, -Ian ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe terascript-talk" in the body. ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe terascript-talk" in the body.
