I have this string with two variables inserted inside it
URL='https://bla.com/api/multicomplete?data={"query":"' + title_text + " " + city_name + '"}';
Sometime, title_text includes some wacky characters (&, $, letters like đ etc..) and it results in something like this:
title_text = 'Airport Hotel Park & Fly Sofia'
...?data={"query":"Airport%20Hotel%20Park%20&%20Fly%20Sofija",...
I can assume that that is because I have %20&%20 in URL, and indeed when I remove &%20 (& space), then I get no errors.
So I have tried this method:
JSON.stringfy(title_text)
to let me send those characters via URL, but it doesn't work. Is there a good method to escape those special characters in that long string? I don't feel like removing them for good, I feel so dirty thinking of it.
You have to use URI Encoding using encodeURI() to solve this problem.
You can do JSON.stringify and concatenate with the base url just like you've already done.
Related
I want to access the following link:
http://localhost:8080/lookups/TagGroup.html?
is_guideline_tag=true&field_name=%3C%3Ealert('1')%3E&tag_group_id=38
but when I paste it into the browser (Chrome 63.0.3239.84) it becomes:
http://localhost:8080/lookups/TagGroup.html?
is_guideline_tag=true&field_name=%3C%3Ealert(%271%27)%3E&tag_group_id=38
so the apostrophes are replaced by %27 and I can't access the link.
I want also to mention that field_name in my above link is obtained like this: encodeURIComponent("<>alert('1')>") which should return %3C%3Ealert('1')%3E
Any ideas?
so the apostrophes are replaced by %27 and I can't access the link
%27 is the correct, up-to-date way to include ' in a URI-encoded string (the query string in a URL is URI-encoded). If you're having trouble with it server-side, it sounds like you're not URI-decoding properly. That's what you need to fix. Your field is just fine if you URI-decode it:
console.log(decodeURIComponent('%3C%3Ealert(%271%27)%3E'));
I don't know specifically why Chrome encodes ' to %27, just that it's valid to do so. I thought it was because Chrome implemented the up-to-date RFC 3986 definition, which includes ' as a reserved character which must be encoded, but it isn't consistent about that (' is in the category sub-delims which includes other characters like ! which Chrome leaves alone). encodeURIComponent uses the outdated RFC 2396 definition, which does not list ' as a reserved character. I assume the Chromium project had a reason for converting ' to %27. But again, it's valid and in the resulting URL the %27 represents a '.
(You also be wondering why decodeURIComponent decodes %27 if encodeURIComponent doesn't encode it. It's because all encoded entities are decoded, not just select ones. %nn where nn is two hex digits always defines an encoded entity that should be decoded, regardless of whether it had to be encoded originally.)
I assume you're being very careful with what you do with that code in the query string as well...
I've got a web request to a javascript file. As a response I've JavaScript-Snippet which I'm trying to parse in C#.
The Snippet looks like this:
sDt[1647110]=['SVK U19 A','D43A71','Jupie Podlavice Badin(U19)','TJ Straza(U19)','','',' / '
,'','',114745,114746,1,'',0,0,0,1012,1,'','',''];sDt[1647108]=['SVK U19 A','D43A71','Kysucke Nove Mesto(U19)',
'MFK Lokomotiva Zvolen(U19)','','',' / ','','',114741,114742,1,'',0,0,0,1012,1,'','',''];
sDt[1647109]=['SVK U19 A', /* A lot of more of that kind followed by */ ;WLID[1623901]=1;
WLID[1623902]=1;WLID[1623903]=1;WLID[1637686]=1;
WLID[1637692]=1;WLID[1637687]=1;WLID[1637688]=1;WLID[1637685]= /* ending with */
var ORD = [1647110,1647108,1647109,1647133,1645669,1647122,1626152,1647251,1646643,
1647130,1646685,1 ... ];
Obviously this isn't pure JSON array. Now I wonder how to parse this most efficiently. First I started to do this per pedes meaning usig String.Split and so on. But this is slow and unfortunately not really stable.
While the Part behind each sDt[Idendifier]= is an Array which I could parse with Json.Net I also need the Idendifier. Everything else like WLID or var ORD I can ignore.
Does anyone has an idea how to do this efficiently?
Thanks in advance
You have to go through the whole request token by token if you don't have any other information. There is no other way around.
Why don't you just send the JSON?
But to parse it I would do the following:
Go through the whole request.
If you come across a '[' make sure to check if you're not in a string. (For example by setting a flag when you stumble over a ' " ' and by unsetting it if you come to the next ' " ').
If you're are not parsing a string right now, the following tokens are either the identifier or the content. You can easily check that.
In case of a number, this is your identifier until you reach "]" (and given that you aren't parsing a string currently).
In the other case it's the content which you can parse with Json.Net now, just remember where (the index) the first "[" and the following "]" is and you can generate a substring which you can then pass to Json.Net.
If you come across a ";" and you are not in a string, make sure that you skip the WLID and ORD part.
The whole operation takes O(n * m) with n=Number of tokens and m=length of the longest content string.
If you do the parsing of the content yourself (and not letting Json.Net do that for you) you could narrow it down to O(n) of course.
In a part of the code I can't change. The function encodeURIComponent() will be executed on the URL i pass in, how ever one of my API calls contains a + sign which is necessary to send as a + sign. Right now it gets replaces "%2B" which makes the API fail..
I have tried using escape and "%2B" and backslash infront of my + sign as "+" but nothing gives so far..
How do I make encodeURIComponent('+') return + and not "%2B"
Thank you affordtime for your help
Temporarily swap out the plus signs for an arbitrary marker, e.g.
encodeURIComponent("one £ + £ two".replace(/\+/g, '*PLUS*')).replace('*PLUS*', '+');
Gives you:
"one%20%C2%A3%20+%20%C2%A3%20two"
...ie retains the +, which will also survive the reverse trip via decodeURIComponent().
You can't do it without changing the code. encodeURIComponent will never output a + sign.
If you or someone else can change the code you could use this answer:
encodeURIComponent(search).replace(/%20/g, "+");
and then use spaces in the input where you want + to be.
It is not usually recommended to overwrite native functions but you could do this which would redefined encodeURIComponent to not escape plus characters but otherwise escape the same set of characters.
function encodeURIComponent(s) {
// encodeURI leaves these chars untouched ##$&=:/,;?+
return encodeURI(s).replace(/[##$&=:\/,;?]/g, function(c) {
return '%'+c.charCodeAt(0).toString(16)
})
}
As you can't change the behavior of encodeURIComponent, the simplest way is to replace %2B-s back to +-es:
encodeURIComponent('1+2=3').replace(/%2B/g, '+') //1+2%3D3
This is more efficient, as it needs a single replacement, and doesn't need intermediate "escaping", and simpler, as you don't have to reimplement encodeURIComponent and using the native one might be even faster for large strings.
I have a string in C# that contains an error message. This message could contain single quotes or double quotes or both, but I am free to manipulate the string however I need (as well as the HTML/Javascript).
For example, the following messages could be displayed (content isn't important, just the fact they could contain single or double quotes):
The following error has occurred: "You dun goofed."
The specified path isn't valid.
The following error has occurred: "I'm a goof"
This string is inserted into HTML as an alert inside of an onClick handler. That sounds complicated so let me show what I mean:
<a onClick="alert('myContentGoesHere')">View Error</a>
I'm able to get the single quotes to display by replacing ' with \' in C#. However, my attempts to similarly escape " has resulted in an odd number of backslashes which terminates the onClick attribute and causes invalid HTML.
So far I have tried to replace " with:
\"
\\"
"
\"
No dice. I feel like I might be approaching this from the wrong angle so if you have a solution which goes beyond a string replace, I'm all ears. Thanks for any help you can offer.
To make the value work as a string literal in JavaScript you need to escape the string delimiter and backslashes. Then you need to HTML encode the JavaScript so that it works as a value in the HTML attribute.
Example:
string code =
"<a onClick=\"" +
HttpUtility.HtmlEncode(
"alert('" +
myContentGoesHere.Replace("'", "\\'").Replace("\\", "\\\\") +
"');"
) +
"\">View Error</a>";
If the string can contain control characters, you would need to replace them too. Add the ones that you need from:
.Replace("\r", "\\r")
.Replace("\n", "\\n")
.Replace("\b", "\\b")
.Replace("\t", "\\t")
.Replace("\v", "\\v")
.Replace("\f", "\\f")
I am serializing form data with jquery serialize
var address = $('#formdata').serialize();
and then I do
decodeURIComponent(address);
so my address looks like this
1762+north+street
it decodes it but instead of spaces it adds + . What can I do (instead of of course replace + with space, bad solution) to decode it properly
thanks