When sending input from a multiline textbox with an xhttp request through javascript, chrome blocks out new lines as part of some new exploit prevention. I have tried using encodeURI, which did nothing, and trying to send also causes this error. I am allowing users to submit html through the textbox.
Edit:
Javascript code:
var taskid = 'task=' + notes;
var cont = '&content=' + po.value;
var head = '&head=' + pp.value;
var comb = taskid+cont+head;
var nlink = 'create.note.php?'+comb;
var encoded = encodeURI(nlink);
xhttp.open('GET', encoded + comb, true);
Chromes response:
[Deprecation] Resource requests whose URLs contained both removed whitespace
(`\n`, `\r`, `\t`) characters and less-than characters (`<`) are blocked.
Please remove newlines and encode less-than characters from places like
element attribute values in order to load these resources. See
https://www.chromestatus.com/feature/5735596811091968 for more details.
Related
I'm changing current user's path through a function:
function setSomeValue(someValues) {
var query = '';
for (var i = 0; i < someValues.length; i++) {
query += someValues[i] + ',';
}
if ('URLSearchParams' in window) {
var searchParams = new URLSearchParams(window.location.search);
searchParams.set("paramName", query);
var newRelativePathQuery = window.location.pathname + '?' + searchParams.toString();
history.pushState(null, '', newRelativePathQuery);
}
}
As you can see, I'm adding to user's location new words and want new location to be like this:
www.site.com?paramName=value1,value2,
But browser converts my commas into %2C so I get this:
www.site.com?paramName=value1%2Cvalue2%2C
What should be done to make pushing commas to URL possible?
(copy & paste from several comments)
It might be due to URLSearchParams and its toString method implementation - but we can’t know, because you have not shown us what that actually is. If that is not deliberately encoding the comma, and the browser simply does it automatically - then there’s little you can do about that.
If newRelativePathQuery contains the encoded versions already, maybe they could be replaced back to normal commas. But if history.pushState does it, then “other ways” to create the URL itself won’t help you much.
Since a debug output showed that newRelativePathQuery contains the encoded commas already, you can try and replace them back to commas, and see if that “survives” being pushed to the history then.
It's a little hacky, but here's one solution. Let's say we want to use URL's searchParams.set() to set ids=1,2,3,4 in our query string.
If you just do url.searchParams.set("ids", "1,2,3,4"), the URL will have ids=1%2C2%2C3%2C4. To avoid that encoding, first set ids=LIST_OF_IDS_PLACEHOLDER, get the URL as a string, and then replace LIST_OF_IDS_PLACEHOLDER with 1,2,3,4, like this:
const myList = [1,2,3,4],
url = new URL(document.location.href); // or however you get your URL object
url.searchParams.set("ids", "LIST_OF_IDS_PLACEHOLDER");
const newUrlString = url.toString().replace("LIST_OF_IDS_PLACEHOLDER", ids.join(','));
console.log(newUrlString); // this will include: ids=1,2,3,4
First, I want parse a html and fetch some line
with Google Apps Script, and it's showed
" The element type "link" must be terminated by the matching end-tag "/link " "
and code here
var response = UrlFetchApp.fetch(url)
var downloadContent = response.getContentText();
var doc = XmlService.parse(downloadContent);
I think because the html use html5, that GAS can't parsing,
so I try otherwise method to parsing string,
(read line by line and keep lines which I need)
var xml = UrlFetchApp.fetch(url).getContentText();
but GAS hasn't Scanner, and how can I do?
In fact, I want to go this url "https://www.ptt.cc/bbs/gossiping/index.html"
and fetch information in
<div class="r-ent">
...
</div>
Google Apps Script is JavaScript so you can use the split() method to split the text content into multiple lines by the newline character.
var text = UrlFetchApp.fetch(url).getContentText();
var lines = text.split(/\r?\n/);
Logger.log(lines);
I have no idea what I'm doing wrong here. I'm trying to encode my URL with javascript. But the URL never gets put into the tweet. I think it has something to do with some parameters in my URL having spaces.
https://twitter.com/intent/tweet?text=40%25%20Off%20Prom%20Tuxedo%20Rental&url=http%3A%2F%2Fexample.com%3A5757%2Fcoupon%3Fref_name%3DTest%20Name%26school%3DTest%20School
If I take out the %20's from my URL then it works...
https://twitter.com/intent/tweet?text=40%25%20Off%20Prom%20Tuxedo%20Rental&url=http%3A%2F%2Fexample.com%3A5757%2Fcoupon%3Fref_name%3DTestName%26school%3DTestSchool
But I need to keep those spaces in there.
This is the javascript code I have right now...
var text = encodeURIComponent("40% Off Prom Tuxedo Rental");
var couponURL = encodeURIComponent("http://example.com/coupon/?ref_name=Test Name&school=Test School");
var twitterURL = "https://twitter.com/intent/tweet?text=";
var twitterURL = twitterURL+text+"&url="+couponURL;
In this situation, a percentage sign equals %25, so if you want to include the spaces in your tweet link, use %2520 instead of %20. So wherever you were going to use %20, use %2520 instead.
var text = "40% Off Prom Tuxedo Rental";
text = text.replace(/\s/g, "%2520")
I`ve come across a problem when serializing special characters like TAB, linefeed and carriage return as an attribute value.
According to this http://www.w3.org/TR/1999/WD-xml-c14n-19991109.html#charescaping, these should be encoded as &\#x9;, &\#xA;, and &\#xD; respectively. But calling in chrome:
var root = new DOMParser().parseFromString('<root></root>', 'text/xml').documentElement;
root.setAttribute('a', 'first\nsecond');
var serialized = new XMLSerializer().serializeToString(root);
Gives a string < root a="first\nsecond"/> with the linefeed not escaped.
When loading that again:
var loaded = new DOMParser().parseFromString(serialized, 'text/xml').documentElement;
loaded.getAttribute('a');
returns "first second" and the linefeed was lost to just a space. Has anyone faced this issue before? Any help would be appreciated.
Thanks,
Viktor
I ran into this problem, and solved it by writing a function removeInvalidCharacters(xmlNode) that removes invalid characters (from nodeValues) in the XML tree. You can use it before serializing to ensure you don't get invalid characters.
You can find removeInvalidCharacters() in my stackoverflow question on the same topic
You can use removeInvalidCharacters() like this:
var stringWithSTX = "Bad" + String.fromCharCode(2) + "News";
var xmlNode = $("<myelem/>").attr("badattr", stringWithSTX);
var serializer = new XMLSerializer();
var invalidXML = serializer.serializeToString(xmlNode);
// Now cleanse it:
removeInvalidCharacters(xmlNode);
var validXML = serializer.serializeToString(xmlNode);
I've also filed an issue report against chrome, but its worth noting that IE9 has its own bugs in this department, so a fix w/o a workaround is probably a long time coming.
I have a JavaScript function like so:
var strBody = encodeURI(window.location.href);
var strSubject = encodeURI(document.title);
var mailto_link = "mailto:?subject=" + encodeURI(strSubject) + "&body=" + strBody;
This code is executed on a hyperlink's onclick event, and opens the mail client (mailto://). However, the title of the page has several & symbols, but the title is only picked up until the first &. The url is always picked up.
What is the correct JavasSript to escape the & and display it in the mail client's subject line?
var encoded_body = encodeURIComponent(window.location.href);
var encoded_subject = encodeURIComponent(document.title);
var mailto_link = "mailto:?subject=" + encoded_subject + "&body=" + encoded_body;
should do it (encodeURIComponent instead of encodeURI).
In your original code you were also incorrectly double encoding the subject (once on line 2, and then again on line 3).
I took the liberty of renaming your variables to make it clearer that they contain the encoded subject and body, as opposed to the original text.
You want encodeURIComponent not encodeURI.