Robert, I've done a little playing around, and the input is coming from a querystring parameter. It does not seem to have anything to do with the quote marks, as I initially thought.
If you put the following in a results action in a taf and supply ?query=%() in the url it throws the expression eval error: <@EXCLUDE> <@ASSIGN val <@SEARCHARG query>> <@ASSIGN array <@ARRAY value="a,b;<@SQ>,2;">> <@ASSIGN filtered value="<@FILTER array=array expr='#1 = @@val'>"> </@EXCLUDE> @@filtered It does not seem to happen with %( or %), but only %() Thanks, -Ian On 05/23/16 15:24, Robert Shubert wrote: > Ian, > > I'm not able to reproduce this issue as you've stated it. Here's the test I > did: > > <@ASSIGN val <@SQ>> > <@ASSIGN array <@ARRAY value="a,b;<@SQ>,2;">> > <@FILTER array=array expr='#1 = @@val'> > > And the return of @FILTER was the correct array, without error. > > I'm on 7.1.1 Windows. Please see if my test works on your system to rule out > a difference. Then we'll need to look more closely ar your case. > > Robert > > -----Original Message----- > From: Ian Evans [mailto:[email protected]] > Sent: Monday, May 23, 2016 12:36 PM > To: [email protected] > Subject: TeraScript-Talk: proper encoding for untrusted input in meta tag > expressions > > Hi, > > I'm trying to filter an array based on user input, and assign the result: > > <@ASSIGN NAME="array_contains_input" SCOPE="request" VALUE="<@FILTER > ARRAY='request$some_array' EXPR='#1 = <@VAR request$untrusted_input>'>"> > > If the untrusted input contains ' (single quote) or " (double quote) or both, > the application errors out with "Error during expression evaluation." I > assume it's because the quote mark in the input is being parsed as part of > the meta tag. > > Is there any way to encode the untrusted input so that if it contains single > or double quotes it will not interrupt the expression parsing, but would > still be accurately compared in the expression? > > This code is running on: > > TeraScript Server Advanced 7.0.3.0 Mac OS X (32-bit) > > Thanks, > -Ian > > > > ---------------------------------------- > > To unsubscribe from this list, please send an email to > [email protected] with "unsubscribe terascript-talk" in the body. > > > > > ---------------------------------------- > > To unsubscribe from this list, please send an email to > [email protected] with "unsubscribe terascript-talk" in the body. > > ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe terascript-talk" in the body.
