APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

2005/03/04 tr

© March 2005 Tony Lawrence

I use this in Perl much more than the shell, but that's probably because most anything that needs it is usually too complicated for the shell.

The man page for tr gives some examples, but doesn't mention what is probably its most important use nowadays: security for input strings gathered from web forms. Any web site that allows other people to provide content or comments (as we do here) has to be concerned about Cross-Site Scripting. That term really is a misnomer and simply means that malicious content can be interpreted by web browsers. People browsing suspicious websites have to worry about that a little, but web site owners have to worry even more (if they are accepting outside material for comments, etc.).

Back to "tr". Let's say I've gathered some input from you and I want to strip any html or possible shell redirection from it. Of course I could run through deleting characters I don't want, like "<" and ">" and "|", and maybe it's a login name and I don't want quotation marks, and so on, but I'm bound to forget something, so the better way is to use "tr" to only allow what I DO want. So,

Perl: $input =~ tr/a-zA-Z0-9//cd;
Shell: input=`echo $input  | tr -cd "[0-9A-z]"`

will remove everything EXCEPT letters and numbers.

"tr" has other uses, and the shell version understands some useful shorthand: tr "[:lower:]" "[:upper:]" will translate its input to upper case. It can "squeeze" characters, which can be useful for removiong extraneous spaces:

echo "foo     bar" | tr -s " "
foo bar

Of course, it often gets much more complicated. For example, I allow some html tags in submitted comments. I have to be very careful about that, and only allow the non-harmful tags through. This usually requires more than "tr" could do by itself, but certainly it comes into play as part of the process.

If the world were a nicer place, "tr" would still be useful to protect from typing mistakes and for uppercasing, etc. but today it's usually security that's on my mind when I use this.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> tr (shell, Perl)

Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Photos for Mac: A Take Control Crash Course

Take Control of Parallels Desktop 12

Photos: A Take Control Crash Course

Take Control of Upgrading to El Capitan

More Articles by © Tony Lawrence

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Getting information off the Internet is like taking a drink from a fire hydrant. (Mitchell Kapor)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode