Delimiter

This article is about delimiters in computing. For delimiters in human use, see Word divider and digit grouping.

In computing, a delimiter is a character or a sequence of characters for specifying the boundary between separate, independent regions in data such as a text file or data stream.^[1][2] For context, data boundaries can be indicated via other means. For example, declarative notation indicates the length of a field at the start of the field instead of relying on delimiters.^[3]

Depiction of data using comma as a field delimiter.

In mathematics, delimiters are often used to specify the scope of an operation in an expression, and can occur both as isolated symbols (e.g., colon in "${\displaystyle 1:4}$") and as a pair of opposing-looking symbols (e.g., angled brackets in ${\displaystyle \langle a,b\rangle }$).

Examples

Delimiters are used for a wide range of purposes. The following examples demonstrate a small fraction of their applicability.

Tabular data

Tabular data, organized as rows and columns, is often delimited. A field delimiter separates the columns of a row into fields and a record delimiter separates rows into records.^[4] The commonly used comma-separated values (CSV) format uses a comma to delimit fields, and an newline control character to delimit records. The following CSV data represents three records each with four fields. The first line is metadata that names the fields.

fname,lname,age,salary
nancy,davolio,33,$30000
erin,borakova,28,$25250
tony,raphael,35,$28700

CSV data is an example of flat-file database.

Bracket delimiters

Bracket delimiters, also called block delimiters, region delimiters, or balanced delimiters, mark the start and end of a region of text.^[5][6] Commonly used bracket delimiters include:^[7]

Delimiters	Description
( )	Parentheses; Lisp code is cited as recognizable by its use of parentheses[8]
{ }	Braces; also called curly brackets[9]
[ ]	Square brackets; commonly used to denote a subscript
< >	Angle brackets[10]
" "	Double quote; commonly used to denote a string literal[11]
' '	Single quote; commonly used to denote a string literal or character literal[11]
<? ?>	Used in XML to denote a processing instruction[12]
/* */	Used in many programming languages to denote a comment[13]
<% %>	Used in some web templates to specify a language boundary[14]

Delimiter collision

Delimiter collision describes a limitation of using delimiters. When content information contains a delimiter, then the processing of the data will fail since the embedded delimiter will be incorrectly interpreted as a data boundary unless provisions are made to prevent the collision.^[4][15] In XML, for example, collision can occur when content contains an angle bracket (< or >).

Each delimiter in a format can result in collision. In CSV, for example, field collision can occur when a field contains a comma (e.g., salary = "$30,000"), and record delimiter collision can occur when a field contains a newline. Both record and field delimiter collision occur frequently in CSV data.

A malicious user may seek to exploit collision. Consequently, delimiter collision can be the source of security vulnerability and exploit. Well-known examples include SQL injection and cross-site scripting in the context of SQL and HTML, respectively.

Solutions

Multiple methods for avoiding collision have been devised.

Obfuscation

Using a delimiter that is unlikely to appear in the content is an ad hoc approach that leads to limited success. It requires knowledge of expected content, guessing what won't appear in the content, and offers little security against malicious collisions.

Control characters

If content is restricted from containing control characters (which is typical), then using control characters for delimiters prevents delimiter collision that otherwise can occur when using non-control character delimiters.^[16] The ASCII character set was designed with this in mind by providing non-printing characters that can be used as delimiters in the range 28 to 31. Later, Unicode adopted the same code points.

Common name	ASCII (decimal)	ASCII name	Unicode name	Use
file separator	28	␜	INFORMATION SEPARATOR FOUR	End of file or between a concatenation of files
group separator	29	␝	INFORMATION SEPARATOR THREE	Between sections of data; not needed in simple data files
record separator	30	␞	INFORMATION SEPARATOR TWO	End of a record or row
unit separator	31	␟	INFORMATION SEPARATOR ONE	Between fields of a record, or members of a row

Escape sequence

A commonly used method for avoiding delimiter collision is to use escape sequence. A specific printable character or sequence of characters before a character that otherwise would indicate a boundary, indicates that the delimiter character is not to be treated as a boundary. Although effective, this technique has drawbacks including:

• Content can be hard to read when it contains numerous escape sequences, a problem referred to as leaning toothpick syndrome (due to use of \ to escape / in Perl regular expressions, leading to sequences such as "\/\/");
• Data becomes difficult to parse via regular expression
• Requires a way to escape the escape sequence; to use the escape sequence as content
• An escape sequence can be cryptic to those unfamiliar with the syntax^[17]
• The method does not protect against injection attacks ^{[citation needed]}

Higher level encoding

Some systems allow any character to be represented as a sequence of characters. This allows text that otherwise is a delimiter to be encoded in the content indirectly and thus prevent delimiter collision. A drawback of this method, is that character codes are relatively hard to read, understand and memorize.

For example, Perl allows a character to be encoded as the sequence \x## where ## is the numeric value of the character code. The following shows how the sequence for double-quote (\x22) can be used to prevent collision with the delimiter that marks the begin and end of a string literal.

print "Nancy said \x22Hello World!\x22 to the crowd.";

produces the same output as:

print "Nancy said \"Hello World!\" to the crowd.";      ### use escape char

Dual quoting delimiters

In contrast to escape sequences and escape characters, dual delimiters provide yet another way to avoid delimiter collision. Some languages, for example, allow the use of either a single quote (') or a double quote (") to specify a string literal. For example, in Perl:

print 'Nancy said "Hello World!" to the crowd.';

produces the desired output without requiring escapes. This approach, however, only works when the string does not contain both types of quotation marks.

Padding quoting delimiters

In contrast to escape sequences and escape characters, padding delimiters provide yet another way to avoid delimiter collision. Visual Basic, for example, uses double quotes as delimiters. This is similar to escaping the delimiter.

print "Nancy said ""Hello World!"" to the crowd."

produces the desired output without requiring escapes. Like regular escaping it can, however, become confusing when many quotes are used. The code to print the above source code would look more confusing:

print "print ""Nancy said """"Hello World!"""" to the crowd."""

Configurable alternative quoting delimiters

In contrast to dual delimiters, multiple delimiters are even more flexible for avoiding delimiter collision.^[7]: 63

For example, in Perl:

print qq^Nancy doesn't want to say "Hello World!" anymore.^;
print qq@Nancy doesn't want to say "Hello World!" anymore.@;
print qq(Nancy doesn't want to say "Hello World!" anymore.);

all produce the desired output through use of quote operators, which allow any convenient character to act as a delimiter. Although this method is more flexible, few languages support it. Perl and Ruby are two that do.^{[7]: 62 [18]}

Content boundary

A content boundary is a special type of delimiter that is specifically designed to resist delimiter collision. It works by allowing the author to specify a sequence of characters that is guaranteed to always indicate a boundary between parts in a multi-part message, with no other possible interpretation.^[19]

The delimiter is frequently generated from a random sequence of characters that is statistically improbable to occur in the content. This may be followed by an identifying mark such as a UUID, a timestamp, or some other distinguishing mark. Alternatively, the content may be scanned to guarantee that a delimiter does not appear in the text. This may allow the delimiter to be shorter or simpler, and increase the human readability of the document. (See e.g., MIME, Here documents).

Whitespace or indentation

Some programming and computer languages allow the use of whitespace delimiters or indentation as a means of specifying boundaries between independent regions in text.^[20]

Regular expression syntax

See also: Regular expression examples

In specifying a regular expression, alternate delimiters may also be used to simplify the syntax for match and substitution operations in Perl.^[21]

For example, a simple match operation may be specified in Perl with the following syntax:

$string1 = 'Nancy said "Hello World!" to the crowd.';    # specify a target string
print $string1 =~ m/[aeiou]+/;                           # match one or more vowels

The syntax is flexible enough to specify match operations with alternate delimiters, making it easy to avoid delimiter collision:

$string1 = 'Nancy said "http://Hello/World.htm" is not a valid address.'; # target string
   
print $string1 =~ m@http://@;       # match using alternate regular expression delimiter
print $string1 =~ m{http://};       # same as previous, but different delimiter
print $string1 =~ m!http://!;       # same as previous, but different delimiter.

Here document

A here document allows the inclusion of arbitrary content by specifying a special end sequence. Many languages support this including PHP, bash scripts, ruby and perl. A here document starts by describing what the end sequence is and continues until that sequence occurs at the start of a new line.^[22] If the content is known, this technique avoids delimiter collision since an end sequence can be chosen that does not exist in the content.

An example in perl:

print <<ENDOFHEREDOC;
It's very hard to encode a string with "certain characters".

Newlines, commas, and other characters can cause delimiter collisions.
ENDOFHEREDOC

This code prints:

It's very hard to encode a string with "certain characters".

Newlines, commas, and other characters can cause delimiter collisions.

ASCII armor

Although principally used as a mechanism for text encoding of binary data, ASCII armoring is a programming and systems administration technique that also helps avoid delimiter collision in some circumstances.^[23][24] This technique is more complicated than many other collision avoidance techniques, and therefore is less suitable for small applications and simple data formats. The technique employs a special encoding scheme, such as base64, to ensure that delimiter or other significant characters do not appear in transmitted data. It prevents multilayered escaping, i.e. for double-quotes.

This technique is used, for example, in ASP.NET, and is closely associated with the VIEWSTATE component of that system.^[25] This prevents delimiter collision and ensures that incompatible characters will not appear inside the HTML code, regardless of what characters appear in the original (decoded) text.^[25] The following example demonstrates how this technique works.

The following code fragment shows an HTML tag in which the VIEWSTATE value contains double-quotes – characters that are incompatible with the delimiters of the HTML tag. The code is not valid and would fail.

<input type="hidden" name="__VIEWSTATE" value="BookTitle:Nancy doesn't say "Hello World!" anymore." />

To store arbitrary text in an HTML attribute, HTML entities can be used. In this case " stands for double-quote.

<input type="hidden" name="__VIEWSTATE" value="BookTitle:Nancy doesn't say &quot;Hello World!&quot; anymore." />

Alternatively, any encoding could be used that doesn't include characters that have special meaning in the context, such as base64:

<input type="hidden" name="__VIEWSTATE" value="Qm9va1RpdGxlOk5hbmN5IGRvZXNuJ3Qgc2F5ICJIZWxsbyBXb3JsZCEiIGFueW1vcmUu" />

Or percent-encoding:

<input type="hidden" name="__VIEWSTATE" value="BookTitle:Nancy%20doesn%27t%20say%20%22Hello%20World!%22%20anymore." />

See also

• CDATA – Section delimiter in the markup languages SGML and XML
• Decimal separator – Numerical symbol
• Delimiter-separated values – Text format for indicating tabular data
• Escape sequence – Series of characters with a special meaning
• Newline – Special characters in computing signifying the end of a line of text
• String literal – Delimited series of characters that represent a string in code
• Tab-separated values – Text format for tabular data using tab between fields