I'm pretty new to the Pickle Library and JS. I am writing code in JS to interact with a Python server; when I make a POST to the Python server, I am returned a pickled float. I want to convert the float into a JS-readable object.
The server returns something like pickle.dumps(3.14159,0). When I print this value in Python, I get b'F3.14159\n.' However, the library I'm working with, JPickle, cannot interpret the 'b' in the return (or at least, that's what I'm guessing...when I try to unpickle my response using console.log(jpickle.loads(response)), I get a "unhandled opcode" error). Separate from the POST request, jpickle.loads('F3.14159\n.') gives me 3.14159, but jpickle.loads(b'F3.14159\n.') fails to compile. I'm not sure how to change the response I get from the POST because it is unreadable in JS, so I'm unsure how to go about solving this problem.
I'm open to any solutions that don't involve changing the server-side code (I don't have control over it), including using another library. I've tried JsonPickle with no luck.
Use just JSON, no pickle library required; Python comes with the json module and browser JS can, out of the box, parse json into values.
Serialize your data via something like json.dump and use JSON.parse in the browser to deserialize it.
A little late, but the answers in attached might help:: the code allows Javascript on a browser to traverse and decode compressed pickled objects coming from Python via Ajax.
Is there an already published Javascript solution to traverse Python pickled objects without using Node.js
Make sure that the mime type is allowing you to pass binary numbers.
Related
I have an Android app that runs my code(which is a JS bundle) in a hidden webview. I make API calls through native code using a JS interface. The response is sent back to a function through the evaluetJavascript method of the webview. The concern here is somehow a malicious response is received which might execute arbitrary JS in my webview. I am base-64 encoding the result before calling the evaluateJavascript and once it reaches the JS, I just decode it and parse the JSON and then it's just a string value which gets used further.
I have 2 questions:
(1) Since I am not using eval() anywhere in my JS code, is my understanding correct that even if a code gets through, it won't ever execute?
(2) I have been asked to still validate the data. Is there any way to detect if a given string contains executable JS code? I thought of looking for characters like ;"'() etc. but have concerns that my data may contain parentheses and that a stringified JSON will have quotes anyways. I am worried about false positives. What will be a better approach for this?
I have a large-ish amount of server-side data that I need to store in a mySQL table. [I'm a novice, working through the learning curve of javascript & php.]
I'm thinking it's best to stringify the javascript array into a JSON object and send that to a PHP page to save to the database. Once the data's in a PHP array, I know how* to get it into the database; I'm just not sure what's the best way to get it there.
I can't POST (like this example) since the maximum length of a POST string is 2048 characters, and I have maybe 10-20kb of data.
I'd rather not use AJAX or Node.js (like this example) for the sake of simplicity, and since this is a one-off (but both on my list to learn in the future!)
Or, would it be best to create a temp text file to the server with javascript, and then call a PHP page to load & process the data? (Although I can't find examples of how to do that without using POST.)
I understand the difference between server-side & client-side (thanks to this great explanation) but the size limit of POST seems to be my issue?
*Also I'm a little unsure as to when/how it's necessary to encode data (like with this deprecated mysql-real-escape-string example) for storage with {json/posting/DB tables/text}. In this case my data could contain 'single' & "double" quotes (but no foreign characters 国外 वर्ण), which [in my short experience] seem like the only times it will be an issue?
Thanks!
The problem is that Javascript is client side language while PHP is server side language. This means that PHP cannot interact with the user without some HTML, CSS or JavaScript and visa-versa, JavaScript can't interact with server side files without some PHP. Why is this? Since JavaScript is client side the user can edit it as they can see the code while with a PHP script it is all on the server and they are not able to see the code, only what it outputs/prints. So in short you cannot do what you are asking without POST or GET and it is not possible to do this without a server side script such as a PHP script (Python is also very useful if you are thinking of learning more about web backends).
There are numerous example of how to do this that you can find with a simple google search, here is a great example send data to MySQL with AJAX + jQuery + PHP
Hope I could clarify your question.
Here's the two scenarios.
We are using a manually built xml soap request with xmlhttprequest, sending it to a wcf soap service, getting back the response and using xPath to parse the data and fill out a drop down list.
We are sending a json request to a rest wcf service and getting a json response back and assigning the values to a drop down list
Which scenario is faster? My sense tells me #2 but I could be wrong.
Json will be faster, since Json is essentially Javascript. But that shouldn't be the main motivation. Parsing the data, will assumingly be only a small part of your application anyway.
On the other hand, browsers are also well trained to parse XML.
The main difference is that XML, and therefor SOAP, is larger to send to the client, so the transfer may be a bigger slowdown than the parsing.
Anyway, if you want to know, you should just test and profile instead of guessing or asking.
Option two would generally be faster than option one, as JSON is a much simpler format than XML.
However, if you really need the parsing to be fast, you shouldn't use either, you should use a custom format that is really fast to parse using simple string operations. For example a comma separated string that could be parsed with a split(',').
After profiling in my scenario, I found out that JSON is actually much faster as far as processing time within the browser
New to JSON, just trying to get my feet wet.
I know how to do this with XML via javascript, but am trying to learn how to handle JSON objects so I can switch over.
Basically I want to search through all "permalink" tags in the following JSON object and, when I find the right one, save its corresponding "title" and "id" tags to javascript variables:
http://api.soundcloud.com/users/goldenstatewarriors/tracks.json?client_id=02db8e29aa2fb5bf590f478b73137c67
Can this be done with only javascript (no PHP)? The main issue I'm facing is simply grabbing the text from the page and converting it to a json object.
You need to use a JSON parser in order to transform the JSON string into an object you can handle natively in JavaScript. Recent browsers have this functionality built in as JSON.parse(), but obviously this will not work in older browsers (we're talking very old browsers here).
A solution to that problem is to use the JSON parsing library available here. If native browser support is detected, it simply uses that, otherwise it has a JavaScript implementation to achieve the same result. The file you'll need is json2.js - simply include that as you would any other library and away you go!
An example of the code would be:
var dataObject = JSON.parse(jsonData);
As a side note, XMLHttpRequest is somewhat of a misnomer these days. It is simply a mechanism for making HTTP requests and retrieving the data returned, it doesn't have to be XML. It can be plain text, (non X)HTML, JSON, anything. In fact, I don't think I've seen anything in the wild return actual XML data for an XMLHttpRequest in a very long time.
I am fetching JSON data from my local server and was wondering what functions I should run my data through before printing it on the page in HTML. Just want to ensure everything is secure and any special characters like quotes are handled properly.
Thanks!
If you are using legal JSON and you are using a real JSON parser, not eval(), then your JSON is safe. It can't contain executable code, only data definitions.
You are certainly free in your client code to take the parsed JSON and run a bunch of sanity checks on the data to make sure it makes sense and passes any specific tests you might want to run on it, but you won't have to worry about code injection if you are using real JSON and a real JSON parser. That is one of the advantages of using JSON - it is a data-only format.
If you're worried about someone hijacking your server and returning bogus data, then you can try to secure the endpoint with https and run any obvious sanity checks in the client.