Michael,
Could you raise a JIRA for this with an example of where the escaping
isn't happening? Thanks.
There is code for formatting (FmtUtils) but if you have discovered a
case where it isn't being applied properly, it should be fixed.
Andy
On 21/01/14 08:43, Michael Brunnbauer wrote:
Hello Martynas,
On Tue, Jan 21, 2014 at 01:30:42AM +0100, Martynas Jusevi?ius wrote:
is there a way to build a SPARQL-specific regex string in Jena?
I do not know. com.hp.hpl.jena.query.ParameterizedSparqlString does not seem
to do the necessary escaping. This is what we do to create literals in
a SPARQL query in Python:
def escape(s):
map={
'"': '\\"',
'\r': '\\r',
'\n': '\\n',
'\t': '\\t',
'\b': '\\b',
'\f': '\\f'
}
s=s.replace('\\','\\u005C\\u005C')
for key,value in map.items():
s=s.replace(key,value)
return '"' + s + '"'
And this is what we do to check that URIs that are inserted into a SPARQL
query do not contain malicious stuff:
def checkuri(uri):
for c in uri:
n = ord(c)
if n <= 32 or c in '<>\\':
return False
return True
Regards,
Michael Brunnbauer
