{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 别忘想泡老子 的问题《How do you put { and } in a format string [duplica》','https://www.manongdao.com/q-1377092.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to generate some code at runtime where I put in some boiler-plate stuff and the user is allowed to enter the actual working code. My boiler-plate code looks something like this:
using System;
public class ClassName
{
public double TheFunction(double input)
{
// user entered code here
}
}
Ideally, I think I want to use string.Format to insert the user code and create a unique class name, but I get an exception on the format string unless it looks like this:
string formatString = @"
using System;
public class ClassName
{0}
public double TheFunction(double input)
{0}
{2}
{1}
{1}";
Then I call string.Format like this:
string entireClass = string.Format(formatString, "{", "}", userInput);
This is fine and I can deal with the ugliness of using {0} and {1} in the format string in place of my curly braces except that now my user input cannot use curly braces either. Is there a way to either escape the curly braces in my format string, or a good way to turn the curly braces in the user code into {0}'s and {1}'s?
BTW, I know that this kind of thing is a security problem waiting to happen, but this is a Windows Forms app that's for internal use on systems that are not connected to the net so the risk is acceptable in this situation.
Be extra extra cautious in who has access to the application. A better solution might be to create a simple parser that only expects a few, limited, commands.
Double the braces:
string.Format("{{ {0} }}", "Hello, World");would produce{ Hello, World }"{{" and "}}"
What I think you want is this...
Escape them by doubling them up:
From http://msdn.microsoft.com/en-us/netframework/aa569608.aspx#Question1