In my Angular 5 Application I am doing something like this at
this.returnUrl = this.route.snapshot.queryParams['returnUrl']
I am using this when a user accesses a route but it's not logged in. He is redirected to the login page and after login he should be going back to this return url.
The problem is that http://localhost:4200/schedule?selectedDate=2018-01-29 when accessing this route, the return url becomes:
http://localhost:4200/login?returnUrl=%2Fschedule%3FselectedDate%3D2018-01-29 and after the successful login, the application tries to go to the http://localhost:4200/%2Fschedule%3FselectedDate%3D2018-01-29 URL but that throws a 404 error since it does not recognize the path.
Any idea how can I stop Angular changing my url to this format ? I was assuming that it would pick up the correct URL.
I managed to somehow fix this by instead of using
this.router.navigate(this.returnUrl)
I used
this.router.navigateByUrl(this.returnUrl);
i think You can simply add the url like this <button class="btn btn-md btn-danger pull-right" routerLink="../../">cancel</button>
or else call click event
Use this.
this.returnUrl = decodeURIComponent(this.route.snapshot.queryParams['returnUrl']);
Related
I am wondering how to deal with a simple redirect. I have a domain, for example: stackguy.com. And I want to redirect users to specific URLs from this url.
Let's say, stackguy.com/redirect=youtube.com/watch/xxx
And this URL (youtube.com...) needs to be elastic. What the user enters, it should redirect to the website the user wants.
I have totally no idea, to be honest. I've tried to do it by using database and by separating all urls but it's a lot of work and can't be automated easily.
It can also be done like stackguy.com/red=<id of YT video>
Doesn't matter to me.
The other solution talks about using javascript which runs on the client side. And you probably want this on the server side.
You still need to use a parameter
stackguy.com?redirect=https://www.youtube.com/watch/xxx
But you can use php to do the redirect.
$par = filter_var ($_GET ['redirect'] ?? '', FILTER_SANITIZE_STRING);
if ($par)
{header('Location: ' . $par, true, 302); }
The first line gets the parameter after sanitizing it. It returns blank if its null (or missing)
The second line checks if there is a string
The third line does a redirect using a 302. This is a temporary redirect, I wouldn't advise using a 301 (permanent).
Note that this will only work if the PHP file has done NO HTML output.
I think you should use query parameters for this and handle the redirect in your javascript. Instead of:
stackguy.com/redirect=youtube.com/watch/xxx
use
stackguy.com?redirect=https://www.youtube.com/watch/xxx
Then in your js you can check if the redirect paramter is set and redirect the user to the link in the query parameter.
Here is an example:
function redirectUrl() {
// Get the value of the "redirect" query parameter
const redirect = new URLSearchParams(window.location.search).get("redirect");
// If the "redirect" parameter is not null, redirect the user to the specified URL
if (redirect) {
window.location = redirect;
}
}
To use the function you will need to call it in your code for example:
window.addEventListener("load", redirectUrl);
I have an HTML button that sends a POST request and would like to do some kind of verification before making the request here.
The verification involves a GET request, where I make sure that a certain table contains a certain value or not. After that, if the condition is valid I make the POST request else I use the value I fetched from the GET request.
Even though this sounds basic I'm not sure how to do this in Nodejs.
Here is how code is organized now,
Her is the HTML button:
<form action="/generate_survey" method="POST" id="gen_survey">
<button type="submit" class="btn btn-primary my-3">Get Survey Link</button>
</form>
And I have a router.js that includes all the routes:
route.get('/generate_survey', controller.test)
then here in the controller.js, I have the db and other call functions.
So here is the test function where I want to make the request
exports.test = (req, res)=>{
.....
}
Should I put the GET request results in a variable and then depending on that I make the POST request?
If so I'd like to see an example of how to something similar in Nodejs
Thanks
In Angular we can do this way. so hope same applies to Nodejs as well. adding form method just for ref. you can check the actual one.
form onsubmit="do_something()"
do_something(): boolean{
// do get operation here
return true; // submit the form
return false; // don't submit the form
}
Using JavaScript, how can I make it redirect to another site based on the URL?
(Example)
If someone goes to https://example.com/12345, it will redirect them to https://example.net/12345.
And if someone goes to https://example.com/abc123456, it will redirect them to https://example.net/abc123456
How can I do this?
In the place that you have hosted that domain, See if you can find something that makes it a single page app or a way to rewrite all urls to one page so that it doesn't show 404 not found. (not certain how you can do that, I only done it with firebase hosting, it has a way of configuring it so that no matter what url you give it, it always shows you the same page, and also the url doesn't get changed ) if you can do that, this is the code you need:
let pathname = location.pathname //if the url is https://example.net/1234, the path name will be /1234
location.href = "https://example.net" + pathname //if you add that to this string, it would be https://example.net/1234
You can use following code for that:
location.href = 'https://example.net/12345';
location.href = 'https://example.net/abc123456';
Or used following code for that:
location.replace('https://example.net/12345');
location.replace('https://example.net/abc123456');
All:
I have an issue with a project I am working on using C# MVC4
In the project, I am accepting a URL and other parameters from a user, then do some processing and send the result of the processing to the URL provided by the user.
The result is being sent using the following code:
var context = HttpContext.Current;
context.Response.Write("<html><head>");
context.Response.Write("</head><body>");
context.Response.Write(string.Format("<form name=\"myform\" method=\"post\" action=\"{0}\" >", postUrl));
context.Response.Write("</form>");
context.Response.Write("<script type=\"text/javascript\">document.myform.submit();</script></body></html>");
context.Response.Write("</body>");
context.Response.Flush();
context.Response.Clear();
context.ApplicationInstance.CompleteRequest();
Whenever a user attempts an XSS like passing a url value of javascript%3aalert('xss')%2f%2f, the JavaScript runs and the pop up shows up.
I've tried Antixss.HtmlEncode() to encode the URL before passing it into string.Format but still doesn't work. I've tried Antixss.UrlEncode() also, but this gives error as the form doesn't submit to the URL.
Please help me out, Is there something I am missing? What else can I do?
Thanks in advance.
You will need a three pronged approach to solve this issue.
Preventing XSS injection:
Note that if a user injected the url value
" /> <script>alert('xss')</script>
this would also leave you vulnerable:
<form name="myform" method="post" action="" /> <script>alert('xss')</script>" >
Therefore you should use the HttpUtility.HtmlAttributeEncode function to solve this one.
However, don't stop there. As noted, you should project against javascript: style URLs. For this I would ensure that the URL begins with http:// or https://. If not, throw a SecurityException which you should be logging and handling server-side, and showing the user a custom error page.
Finally, you want to protect against Open Redirect Vulnerabilities. This is to stop phishing attacks by redirecting users to other domains. Again, use a whitelist approach and ensure that the domain redirected to is one of your own. Be careful on the parsing here, as it is easy to get it wrong - a URL of http://example.org?http://example.com will pass the validation filter for example.com on many badly written validation routines. I recommend using the Uri object in .NET and retrieving the domain through that rather than rolling your own string functions.
You could also check if the URL is a relative URL, and allow it if acceptable. Use something like this function which uses a built in .NET library to ensure that it is relative or not.
Just a thought - try putting this script in rather than just document.myform.submit (and remove the form's action property):
if("{0}".indexOf('http') !== 0) {
//this is some sort of injection, or it's pointing at something on your server. Should cover http and https.
//Specifically, it makes sure that the url starts with 'http' - so a 'javascript' url isn't going to work.
} else {
document.myform.action="{0}"
document.myform.submit();
}
There is more you could do, but this should help.
Since you are adding the postUrl as an attribute "action" of the form tag, you can try using HtmlAttributeEncode method in the HttpUtility
[ValidateInput(false)]
public ActionResult Test(string url)
{
var context = System.Web.HttpContext.Current;
context.Response.Write("<html><head>");
context.Response.Write("</head><body>");
context.Response.Write(string.Format("<form name=\"myform\" method=\"post\" action=\"{0}\" >", HttpUtility.HtmlAttributeEncode(url)));
context.Response.Write("</form>");
context.Response.Write("<script type=\"text/javascript\">document.myform.submit();</script></body></html>");
context.Response.Write("</body>");
context.Response.Flush();
context.Response.Clear();
context.ApplicationInstance.CompleteRequest();
return null;
}
http://localhost:39200/home/test?url=https%3A%2F%2Fwww.google.com - Worked
http://localhost:39200/home/test?url=%3Cscript%3Ealert(%27test%27)%3C%2Fscript%3E - Worked(Did not show alert)
It is always good practice to Validate the user input against a white list of inputs, to prevent XSS exploits.
try using HttpUtility.UrlEncode
something like Response.Write(HttpUtility.UrlEncode(urlString));
see How To: Prevent Cross-Site Scripting in ASP.NET for more steps =)
How do I properly redirect a user to a route in Angular in from JavaScript?
Most of the redirection that I'm doing is simply from clicking a link, and this works great.
Main
However, if I do something like this:
<button class="btn btn-default" ng-click="performLogin()">Login</button>
$scope.performExternalLogin = function () {
DoSomeAuthenticationStuff();
window.location.href = "/#main";
}
This works the first time, but when the user does it a second time, I get an exception from Angular.
I suspect that there's a better way to redirect to a route, but my Googling skills have not come through for me.
I'd appreciate any help.
Here's the exception:
Unhandled exception at line 112, column 381 in http://ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.min.js
0x800a139e - JavaScript runtime error: [$rootScope:infdig] http://errors.angularjs.org/1.2.18/$rootScope/infdig?p0=10&p1=%5B%5B%22fn
In Angular you should use the $location service to interract with the window's location:
$scope.performExternalLogin = function () {
DoSomeAuthenticationStuff();
$location.path('/main'); // Will redirect to `#/main`
}