Replace Chars in String Problem

Use the replace function iteratively as long as given character occurs in the target string (can be found out using indexOf ). Post your code so that we can suggest possible modifications.

Another complicated, but elegant solution would be to use the replace function which uses a Regular Expression along with the g(global) modifier, substitution variable and anonymous functions. Something like:

// 'b' here contains the matched character.
"!AB#CD%EF@".replace
   (/([!#%$@])/g,
   function(a, b) {
     return(b.charCodeAt(0));
   });

If you're doing this for the purpose of input sanitizing, there are probably less 'safe' characters than there are 'unsafe' characters, create a new empty string ( string 2 ) loop over the input string ( string 1 ), one character at a time, if the character is in the range a-b, A-B, 0-9, then place it at the end of string 2, otherwise place the code of the character at the end of string 2. Simple as anything.

Don't bother trying to replace every special character ( especially if your sanitizing for a database or a shell script ) because you'll likely miss one, if you only allow the safe characters, the only risk is that you forget to allow something safe, and that's quite a bit better than forgetting to block something unsafe. Basically, it's always safer to whitelist than it is to blacklist.

> If you're doing this for the purpose of input sanitizing

That doesn't seem to be the case here since converting special / blacklisted characters to their equivalent codes doesn't serve any purpose. Also, encodeURIComponent(string) seems to be a more appropriate escaping function than manually doing so.

Regardless of whether you're doing this for input sanitising or not, the method I suggested has the best complexity guarantee.. it's always O( n ). Worst case, assuming a string of all special characters, for calling replace multiple times is O( 1 + 2 + 3 + 4 + .. + n ), and I have no idea about the worst case for regexes; but I assume it's not as good as O( n ).. [ Even it it is O( n ), the implicit factor on n and the initial overhead is likely higher than it is for manually doing it by looping, although, if the input strings are epicly massive, maybe the overhead of regex setup is outweighed ]. Of course, if you blacklist the special characters, you have to multiply all those n's by a factor k ( number of illegal characters ), if you whitelist only alphanumeric characters, you can check for the character being in the range a-z,A-Z,0-9 using charCodeAt(i) and the known ascii values for the starts and end of those ranges == a small constant factor.

Looping and checking each char is also the simplest one to write/understand, so it's a win all round IMHO.

That doesn't seem to be the case here since converting special / blacklisted characters to their equivalent codes doesn't serve any purpose.

I disagree, this could certainly be used as an effective one-way sanitization technique -- coupled with wrapping the processed input in a pair of quotes -- but of course, who am I to second guess the OP.

Also, encodeURIComponent(string) seems to be a more appropriate escaping function than manually doing so.

Probably. Certainly if you ever want to unescape.

> I disagree, this could certainly be used as an effective one-way sanitization technique

Sanitization by converting special characters to their numeric equivalents rather than escaping them? When talking about web applications, the majority of escaping which happens is to prevent arbitrary input from messing up manual form submissions / asynchronous submits for which encodeURIComponent works nice enough. So I still don't see any real need to roll something custom unless of course the exercise is for learning purpose.

> Probably. Certainly if you ever want to unescape.

At least in J2EE, the unescaping is automatic so

And as far as the complexity analysis is concerned, one should rather use tried and tested library / proven methods than worrying oneself with premature optimization. Don't optimize unless you have benchmarked and it really is slow in the context of your requirements / application design. And BTW, regular expression engines nowadays are super optimized state machines which can almost come close to the manual search and replace when used with care. :-)

And as far as the complexity analysis is concerned, one should rather use tried and tested library / proven methods than worrying oneself with premature optimization.

I absolutely agree, unless the task at hand is simple enough to be considered a "primitive operation" in itself, and personally, I consider looping over a string's characters to be something thats -- in all practical purposes -- irreducible, without either losing generality [ i.e. replace wont work with ranges ], or requiring a complex framework [ regex support ranges just fine, but you can't deny they could be considered overkill in many contexts ]. Regex are fast, but they have to be pre-processed ( initial overhead ), and the abstraction of regexes incurs a cost ( unless the implementation is really, really excellent )

I wasnt strictly refering to sanitising as in sanitising a post/request value, I was considering sanitising a string for a database or a shell script, where input corruption is much more acceptable than integrity corruption.. but I pretty much forgot this is the Javascript forum, and any sanitization of that type should ( must! ) be done at the server anyway... and thats not gonna be done in Javascript.. unless using old-school ASP+serverside JS.. >_>

> but I pretty much forgot this is the Javascript forum

Bah, I rest my case. :-P

Sorry to answer only now,but I was very busy...
Thanks for all the replies, this is the code I'm using:

var myString = "MyStr-ing-";
var specialChars = "!@#$%^&*()-+";
for(var nIndex=0; nIndex<specialChars.length; nIndex++)
myString=myString.replace(specialChars.charAt(nIndex),specialChars.charCodeAt(nIndex);

The original code is "MyStr-ing-" and after running the code the string will be "MyStr45ing-", replacing only the first appearance, any ideas how to do it in a better way, and I way that will change all the chars.
Thanks

Something like this maybe:

<!--
    Replace special characters in a string.
    Copyright (C) 2008  sos aka Sanjay

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
            "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
    <meta http-equiv="Script-Content-Type" content="text/javascript">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Example</title>
    <script type="text/javascript">
    // Error checking omitted for brevity
    function doIt() {
      var special = "@#$%^&";
      var str = "@Hello @How@ $Do %You $Do?";
      var strArr = str.split(''); // Convert string to an array
      for(var i = 0, maxI = strArr.length; i < maxI; ++i) {
        var ch = strArr[i];
        // If the current character is one among the special characters,
        // replace it with its character code.
        if(special.indexOf(ch) > -1) {
          strArr[i] = str.charCodeAt(i);
        }
      }
      var modifiedStr = strArr.join('');
      alert("Orig String: " + str + "\nModified String: " + modifiedStr);
    }
    doIt();
    </script>
</head>
<body id="bdy">
  <p>A test page</p>
</body>
</html>