In computing, a delimiter is a character or a sequence of characters for specifying the boundary between separate, independent regions in data such as a text file or data stream. For context, data boundaries can be indicated via other means. For example, declarative notation indicates the length of a field at the start of the field instead of relying on delimiters.
Jeffrey S. Rohl (1973). 9780719005558, Oxford University Press. ISBN 9780719005558
describing the method in Hollerith notation under the Fortran programming language.
In mathematics, delimiters are often used to specify the scope of an operation in an expression, and can occur both as isolated symbols (e.g., colon in "") and as a pair of opposing-looking symbols (e.g., Angled bracket in ).
Tabular data, organized as rows and columns, is often delimited. A field delimiter separates the columns of a row into fields and a record delimiter separates rows into records.
p. 141 The commonly used comma-separated values (CSV) format uses a comma to delimit fields, and an newline control character to delimit records. The following CSV data represents three records each with four fields. The first line is metadata that names the fields.
Delimiter collision describes a limitation of using delimiters. When content information contains a delimiter, then the processing of the data will fail since the embedded delimiter will be incorrectly interpreted as a data boundary unless provisions are made to prevent the collision.
Jeffrey Friedl (2025). 9780596528126, Oxford University Press. ISBN 9780596528126
describing solutions for embedded-delimiter problems p. 472. In XML, for example, collision can occur when content contains an angle bracket (< or >).
Each delimiter in a format can result in collision. In CSV, for example, field collision can occur when a field contains a comma (e.g., salary = "$30,000"), and record delimiter collision can occur when a field contains a newline. Both record and field delimiter collision occur frequently in CSV data.
A malicious computer user may seek to exploit collision. Consequently, delimiter collision can be the source of security vulnerability and exploit. Well-known examples include SQL injection and cross-site scripting in the context of SQL and HTML, respectively.
Using a delimiter that is unlikely to appear in the content is an ad hoc approach that leads to limited success. It requires knowledge of expected content, guessing what won't appear in the content, and offers little security against malicious collisions.
If content is restricted from containing control characters (which is typical), then using control characters for delimiters prevents delimiter collision that otherwise can occur when using non-control character delimiters. Discussion on ASCII Delimited Text vs CSV and Tab Delimited The ASCII character set was designed with this in mind by providing non-printing characters that can be used as delimiters in the range 28 to 31. Later, Unicode adopted the same code points.
A commonly used method for avoiding delimiter collision is to use escape character. A specific printable character or sequence of characters before a character that otherwise would indicate a boundary, indicates that the delimiter character is not to be treated as a boundary. Although effective, this technique has drawbacks including:
Content can be hard to read when it contains numerous escape sequences, a problem referred to as leaning toothpick syndrome (due to use of \ to escape / in Perl regular expressions, leading to sequences such as "\/\/");
Data becomes difficult to parse via regular expression
Requires a way to escape the escape sequence; to use the escape sequence as content
An escape sequence can be cryptic to those unfamiliar with the syntax
Some systems allow any character to be represented as a sequence of characters. This allows text that otherwise is a delimiter to be encoded in the content indirectly and thus prevent delimiter collision. A drawback of this method, is that character codes are relatively hard to read, understand and memorize.
For example, Perl allows a character to be encoded as the sequence where ## is the numeric value of the character code. The following shows how the sequence for double-quote () can be used to prevent collision with the delimiter that marks the begin and end of a string literal.
print "Nancy said \x22Hello World!\x22 to the crowd.";
produces the same output as:
print "Nancy said \"Hello World!\" to the crowd."; ### use escape char
In contrast to escape sequences and escape characters, dual delimiters provide yet another way to avoid delimiter collision. Some languages, for example, allow the use of either a single quote (') or a double quote (") to specify a string literal. For example, in Perl:
print 'Nancy said "Hello World!" to the crowd.';
produces the desired output without requiring escapes. This approach, however, only works when the string does not contain both types of quotation marks.
In contrast to escape sequences and escape characters, padding delimiters provide yet another way to avoid delimiter collision. Visual Basic, for example, uses double quotes as delimiters. This is similar to escaping the delimiter.
print "Nancy said ""Hello World!"" to the crowd."
produces the desired output without requiring escapes. Like regular escaping it can, however, become confusing when many quotes are used.
The code to print the above source code would look more confusing:
print "print ""Nancy said """"Hello World!"""" to the crowd."""
In contrast to dual delimiters, multiple delimiters are even more flexible for avoiding delimiter collision.
For example, in Perl:
print qq^Nancy doesn't want to say "Hello World!" anymore.^;
print qq@Nancy doesn't want to say "Hello World!" anymore.@;
print qq(Nancy doesn't want to say "Hello World!" anymore.);
all produce the desired output through use of quote operators, which allow any convenient character to act as a delimiter. Although this method is more flexible, few languages support it. Perl and Ruby are two that do.
Matsumoto Yukihiro (2025). 9780596002145, O'Reilly. . ISBN 9780596002145
In Ruby, these are indicated as general delimited strings. p. 11
A content boundary is a special type of delimiter that is specifically designed to resist delimiter collision. It works by allowing the author to specify a sequence of characters that is guaranteed to always indicate a boundary between parts in a multi-part message, with no other possible interpretation.
The delimiter is frequently generated from a random sequence of characters that is statistically improbable to occur in the content. This may be followed by an identifying mark such as a UUID, a timestamp, or some other distinguishing mark. Alternatively, the content may be scanned to guarantee that a delimiter does not appear in the text. This may allow the delimiter to be shorter or simpler, and increase the human readability of the document. ( See e.g., MIME, ).
Some programming and computer languages allow the use of whitespace delimiters or Indent style as a means of specifying boundaries between independent regions in text.
In specifying a regular expression, alternate delimiters may also be used to simplify the syntax for match and substitution operations in Perl.
Jeffrey Friedl (2025). 9780596528126, Oxford University Press. ISBN 9780596528126
page 472.
For example, a simple match operation may be specified in Perl with the following syntax:
$string1 = 'Nancy said "Hello World!" to the crowd.'; # specify a target string
print $string1 =~ m/aeiou+/; # match one or more vowels
The syntax is flexible enough to specify match operations with alternate delimiters, making it easy to avoid delimiter collision:
$string1 = 'Nancy said "http://Hello/World.htm" is not a valid address.'; # target string
print $string1 =~ m@http://@; # match using alternate regular expression delimiter
print $string1 =~ m{http://}; # same as previous, but different delimiter
print $string1 =~ m!http://!; # same as previous, but different delimiter.
A here document allows the inclusion of arbitrary content by specifying a special end sequence. Many languages support this including PHP, bash scripts, ruby and perl. A here document starts by describing what the end sequence is and continues until that sequence occurs at the start of a new line. Perl operators and precedence If the content is known, this technique avoids delimiter collision since an end sequence can be chosen that does not exist in the content.
An example in perl:
print <
Newlines, commas, and other characters can cause delimiter collisions.
ENDOFHEREDOC
This code prints:
It's very hard to encode a string with "certain characters".
Newlines, commas, and other characters can cause delimiter collisions.
Although principally used as a mechanism for text encoding of binary data, ASCII armoring is a programming and systems administration technique that also helps avoid delimiter collision in some circumstances.
(an example usage of ASCII armoring in encryption applications)
Christian Gross (2025). 9781584503477, Charles River Media. . ISBN 9781584503477
(an example usage of ASCII armoring in encryption applications) This technique is more complicated than many other collision avoidance techniques, and therefore is less suitable for small applications and simple data formats. The technique employs a special encoding scheme, such as base64, to ensure that delimiter or other significant characters do not appear in transmitted data. It prevents multilayered Escape character, i.e. for Quoting escape.
This technique is used, for example, in ASP.NET, and is closely associated with the VIEWSTATE component of that system.
(describes the use of Base64 encoding and VIEWSTATE inside HTML source code) This prevents delimiter collision and ensures that incompatible characters will not appear inside the HTML code, regardless of what characters appear in the original (decoded) text. The following example demonstrates how this technique works.
The following code fragment shows an HTML tag in which the VIEWSTATE value contains double-quotes characters that are incompatible with the delimiters of the HTML tag. The code is not valid and would fail.
To store arbitrary text in an HTML attribute, HTML entities can be used. In this case ( stands for double-quote.
Alternatively, any encoding could be used that doesn't include characters that have special meaning in the context, such as base64:
