I'm trying to make a simple multi-search tool for learning German. When I put in certain characters, they change. For example, ü is %FC, ä is %E4, ö is $F6, ß is %DF. I assume somewhere the characters are being converted to some other character set other than Unicode
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<script language="javascript" charset="UTF-8">
function basicSearch()
{
//document.basicForm.basicWord.value = '\u1495';
var basicSubmit=document.basicForm;
var basicWord = escape(basicSubmit.basicWord.value);
document.getElementById("demo").innerHTML = basicWord;
window.open("https://translate.google.com/#de/en/" + basicWord);
return false;
}
</script>
</head>
<body>
<form name="basicForm" onSubmit="return basicSearch();" accept-charset="UTF-8">
<input type="text" name="basicWord">
<input type="submit" name="SearchSubmit" value="Search">
</form><br>
<p id="demo"></p>
</body>
</html>
Its a good idea to consider http encoding any URIs you are manually constructing. In this case we can use encodeURIComponent on the text of the input to properly http encode data passed in the URI.
// früh -> early
var basicWord = encodeURIComponent(basicSubmit.basicWord.value);
// basicWord = 'fr%C3%BCh';
Other cases might warrant using encodeURI. See this question for more info.
var basicWord = escape(basicSubmit.basicWord.value);
JavaScript's escape()/unescape() encoding is a bizarre custom format you almost never want to use. For encoding URL parameters using the actual real URL rules, the function you want instead is encodeURIComponent().
document.getElementById("demo").innerHTML = basicWord;
Avoid writing HTML markup to the document, you get HTML-injection problems which can lead to cross-site scripting security holes. Write to textContent instead to write normal text.
window.open("https://translate.google.com/#de/en/" + basicWord);
(Incidentally Google Translate also accepts form parameters: q for text to translate, sl for source and tl for target language. So FWIW you could do this with a simple form without JS.)
Thank you both. If anyone is interested, below is the final coding. I made it to help create flash cards for ANKI using Gabriel Wyner's youtube vids and his multi-tool.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Page Title</title>
</head>
<body>
<script>
function basicSearch() {
var basicSubmit=document.basicForm;
var basicWord = encodeURIComponent(basicSubmit.searchterms.value);
window.open("https://de.wiktionary.org/w/index.php?search=" + basicWord + "&title=Spezial:Suche&go=Seite&searchToken=480i5tddc2tqpr6njyi8gx2oa");
window.open("http://forvo.com/search/" + basicWord + "/");
window.open("https://www.google.de/search?q=" + basicWord + "&biw=1280&bih=611&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiOydnfssfRAhVCqlQKHaPSDvoQ_AUIBigB#q=" + basicWord + "&tbm=isch&tbs=isz:m");
window.open("https://translate.google.com/#de/en/" + basicWord);
return false;
}
function actionSearch() {
var actionSubmit=document.actionForm;
var actionWord = encodeURIComponent(actionSubmit.searchterms.value);
window.open("https://www.google.de/search?q=" + actionWord + "&biw=1280&bih=611&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiiwtDttMfRAhVkx1QKHc6PCgMQ_AUIBigB#tbs=isz:m%2Citp:animated&tbm=isch&q=" + actionWord);
return false;
}
</script>
<form name="basicForm" onSubmit="return basicSearch();">
Search for a basic word:
<input type="text" name="searchterms">
<input type="submit" name="SearchSubmit" value="Search">
</form><br>
<form name="actionForm" onSubmit="return actionSearch();">
Search google for animation:
<input type="text" name="searchterms">
<input type="submit" name="SearchSubmit" value="Search">
</form><br>
German quotes/sayings
<h2>English links for gifs: (for verbs or other)</h2>
http://giphy.com/<br>
http://www.reactiongifs.com/<br>
https://www.reddit.com/r/gifs/<br>
https://www.reddit.com/r/reactiongifs/<br>
https://www.reddit.com/r/analogygifs<br>
https://www.reddit.com/r/HighQualityGifs/<br>
https://www.reddit.com/r/DANCEGIFS/<br>
http://www.gifbin.com/<br>
</body>
</html>
Related
It is my first post and hope it won't be already solved previously.
I'm using a call center software and also using Salesforce lightning.
When a caller calls, I would like to check in my CRM if it is a customer or not.
It was possible easily with the basic version of Salesforce but is not anymore because the link is coded with base64.
Please, read this post for more explanation : https://tomsmalara.blogspot.com/2019/01/create-lightning-component-that.html
So, I have to create a HTML page for collecting the caller phone number and compose + encrypt the Salesforce link and open the link encrypted.
<!DOCTYPE html>
<html>
<head>
<title>Waiting a call ...</title>
<style>
body {text-align: center;}
</style>
</head>
<body>
<form name="form1" onsubmit="event.preventDefault();return displayResult();">
<label for="name">Phone number:</label>
<input type="text" id="PhoneNumber" name="PhoneNumber" size="10">
<div id="myEncoding"></div>
</form>
<script>
function b64EncodeUnicode(PhoneNumber) {
// first we use encodeURIComponent to get percent-encoded UTF-8,
// then we convert the percent encodings into raw bytes which
// can be fed into btoa.
var Mytxt = '{"componentDef":"forceSearch:search","attributes":{"term":"'+PhoneNumber+'","scopeMap":{"resultsCmp":"forceSearch:resultsTopResults","label":"Top Results","type":"TOP_RESULTS","cacheable":"Y","id":"TOP_RESULTS","labelPlural":"Top Results"},"context":{"disableSpellCorrection":false,"SEARCH_ACTIVITY":{"term":1234567890}}},"state":{}}';
return btoa(encodeURIComponent(Mytxt).replace(/%([0-9A-F]{2})/g,
function toSolidBytes(match, p1) {
var MyResult = String.fromCharCode('0x' + p1);
return MyResult;
}));
}
function displayResult() {
var result = b64EncodeUnicode(PhoneNumber);
document.getElementById('myEncoding').innerHTML = result;
return false;
window.open("https://mycompany.lightning.force.com/one/one.app#" +result,,,true)
}
</script>
</body>
</html>
Something is wrong and tried different things without result.
I will really appreciate if someone can find what is wrong and explain it to me
Thank you in advance
PLease find the solution I found to remove the input steps ...
<!DOCTYPE html>
<html>
<head>
<title>Waiting a call ...</title>
<style>
body {text-align: center;}
</style>
</head>
<body onload=acceptParam()>
Waiting a call ...
<script>
function acceptParam(){
var hashParams = window.location.href.substr(1).split('?'); // substr(1) to remove the `#`
hashParams = hashParams[1].split('&');
var p = hashParams[0].split('=');
//document.getElementById('PhoneNumber').value = p[1] // Pour info
var stringToEncode = '{"componentDef":"forceSearch:searchPage","attributes":{"term":"'+p[1]+'","scopeMap":{"type":"TOP_RESULTS"},"context":{"disableSpellCorrection":false,"disableIntentQuery":false,"permsAndPrefs":{"SearchUi.searchUIPilotFeatureEnabled":false,"SearchExperience.LeftNavEnhancementEnabled":true,"Search.crossObjectsAutoSuggestEnabled":true,"SearchResultsLVM.lvmEnabledForSearchResultsOn":true,"MySearch.userCanHaveMySearchBestResult":false,"SearchResultsLVM.lvmEnabledForTopResults":false,"OrgPermissions.UnionAppNavSmartScope":false,"SearchUi.feedbackComponentEnabled":false,"SearchExperience.TopResultsSingleSOSLEnabled":false,"OrgPreferences.ChatterEnabled":true,"Search.maskSearchInfoInLogs":false,"SearchUi.orgHasAccessToSearchTermHistory":false,"SearchUi.searchUIInteractionLoggingEnabled":false,"MySearch.userCanHaveMySearch":false},"searchDialogSessionId":"bdded2dc-91d1-3b3e-11d7-ff339bce1727","searchSource":"INPUT_DESKTOP"},"groupId":"DEFAULT"},"state":{}}'
var encoded = window.btoa(stringToEncode);
//var output = "Encoded String : " + encoded;
//document.getElementById("myEncoding").innerHTML = "Original String: " + p[1] + "<br>" + output;
window.location.assign("https://mycompany.lightning.force.com/lightning/one/one.app?source=alohaHeader#"+encoded);
}
</script>
</body>
</html>
PLease, can you say me what do you think about it ? Maybe we can be more efficient ?
I am more the hardware guy and my programming skills really suck. I am trying to create things mostly by trial and error and the help of google. I am helping out some GFX-/Ad-Designers, who basically create stuff, place it on a website and have to run those websites thru severals browsers. I am trying to make this less manually handed.
This is run in a HTA. As I said, I am not a programming guy and this was something I could easly work with =/ probably some other language could do this by ease...but as said...
tl;dr
How do I get the value of id="text1" to be added at the end of the URL
shell.run("Firefox https://www.example.com=(text1.value)"); doesnt work.
I does work if I manually change the URL, but than I would not have a handy input-field and changing the URLs by hand...I guess the ad-creating ppl will mess up things.
So, thats what I have done so far...but I can't fix it.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Sub-Site Automation</title>
<hta:application applicationname="Run test on browsers" scroll="yes" singleinstance="yes">
<script type="text/javascript">
function openURL()
{
var input = document.getElementById("text1");
/* console.log(input); // Log
*/
var inputValue = input.value;
/* console.log(inputValue); // Log2
*/
var shell = new ActiveXObject("WScript.Shell");
shell.run("Firefox https://www.example.com=(text1.value)");
shell.run("Chrome https://www.example.com=(text1.value)");
shell.run("file:///C:\Users\*\AppData\Local\Vivaldi\Application\vivaldi.exe https://www.example.com=(text1.value)");
}
</script>
</head>
<body>
<input type="text" id="text1" Name="text1" value="Place ID of subwebsite here"><br>
<input type="submit" Value="Open in all Webbrowsers" onclick="openURL()">
</body>
</html>
Please help!
As I mentioned in the comments, the answer is in your code itself.
See the lines:
// This line gets the element you want
var input = document.getElementById("text1");
// This line gets it's value. You need this value
var inputValue = input.value;
The variable inputValue is what you need to replace there instead of using text1.value.
So your function would be as follows:
function openURL() {
var input = document.getElementById("text1");
var inputValue = input.value;
var shell = new ActiveXObject("WScript.Shell");
shell.run("Firefox https://www.example.com=("+inputValue+")");
shell.run("Chrome https://www.example.com=("+inputValue+")");
shell.run("file:///C:\Users\*\AppData\Local\Vivaldi\Application\vivaldi.exe https://www.example.com=("+inputValue+")");
}
the problem ist that you have no reference to the elements with id text1 so you can not access its value. A second problem is that you try to access a variable inside of a string literal which could be solved in es5 with string concatenation or in newer ecmascript versions with template literals.
Depending on the input value you should also use encodeURIComponent so that the resulting URL is valid.
One version that would work is the following:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Sub-Site Automation</title>
<hta:application applicationname="Run test on browsers" scroll="yes" singleinstance="yes">
</head>
<body>
<input type="text" id="text1" Name="text1" value="Place ID of subwebsite here"><br>
<input type="submit" Value="Open in all Webbrowsers" onclick="openURL()">
<script type="text/javascript">
function openURL()
{
var text1 = document.getElementById("text1");
var shell = new ActiveXObject("WScript.Shell");
shell.run("Firefox https://www.example.com=" + text1.value);
shell.run("Chrome https://www.example.com=" + text1.value);
shell.run("file:///C:\Users\*\AppData\Local\Vivaldi\Application\vivaldi.exe https://www.example.com=" + text1.value);
}
</script>
</body>
</html>
I have <meta charset="utf-8" /> on my website, my files are in UTF-8 encoding and I have put charset="utf-8" on the script tag - and it still doesn't work.
Below is my code
<input type="text" id="danewcontent1" name="danewcontent1"
value="£890">
<script charset="utf-8">
function escapePercent(str) {
return str.replace(/%/g, '%25');
}
$(function() {
var post_id = 1;
var daplaincontent = $("#danewcontent1").val();
alert(daplaincontent);
var danewcontent = escapePercent(escape(daplaincontent));
prompt("Copy the value below into http://urldecode.org and keep clicking decrypt", danewcontent);
// decode the URLEncode here, and keep clicking "decode"
// https://urldecode.org
});
</script>
It encodes £ as %25A3890 which is %A3890 decoded which is �890 decoded.
I have a JS Fiddle illustrating this problem here.
https://jsfiddle.net/desbest/dyz9zta6/
I think you need to stop trying to re-invent the wheel and use built-in browser encoding and decoding. Your simply handling the escape the way you do is not working for you.
$(function() {
var post_id = 1;
var daplaincontent = $("#danewcontent1").val();
alert(daplaincontent);
var encoded = encodeURIComponent(daplaincontent);
alert(encoded);
var decoded = decodeURIComponent(encoded);
alert(decoded); // this gives back the £890
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<input type="text" id="danewcontent1" name="danewcontent1"
value="£890">
I am working on a simple project that generates Facebook BBCode (or something like that) in images that you can use while chatting.
Here's my full code:
<html>
<head>
</head>
<body>
<script type="text/javascript">
function gear()
{
var textArea = document.getElementById("id");
var insertedText = theForm.theText.value;
var charChanger = insertedText.replace(/a/ig, "[[f9.cha]] ").replace(/b/gi, "[[f9.chb]] ").replace(/c/gi, "[[f9.chc]] ").replace(/d/gi, "[[f9.chd]] ").replace(/e/gi, "[[f9.che]] ").replace(/f/gi, "[[f9.chf]] ").replace(/g/gi, "[[f9.chg]] ").replace(/h/gi, "[[f9.chh]] ").replace(/i/gi, "[[f9.chi]] ").replace(/j/gi, "[[f9.chj]] ").replace(/k/gi, "[[f9.chk]] ").replace(/l/gi, "[[f9.chl]] ").replace(/m/gi, "[[f9.chm]] ").replace(/n/gi, "[[f9.chn]] ").replace(/o/gi, "[[f9.cho]] ").replace(/p/gi, "[[f9.chp]] ").replace(/q/gi, "[[f9.chq]] ").replace(/r/gi, "[[f9.chr]] ").replace(/s/gi, "[[f9.chs]] ").replace(/t/gi, "[[f9.cht]] ").replace(/u/gi, "[[f9.chu]] ").replace(/v/gi, "[[f9.chv]] ").replace(/w/gi, "[[f9.chw]] ").replace(/x/gi, "[[f9.chx]] ").replace(/y/gi, "[[f9.chy]] ").replace(/z/gi, "[[f9.chz]] ");
textArea.innerHTML = charChanger;
}
</script>
<div align="center"><form name="theForm">
<textarea rows="5" name="theText" cols="120" onkeyup="gear();"></textarea>
<br>
<textarea readonly id="id" rows="20" cols="120"></textarea>
</form></div>
</body>
</html>
There are two <textarea>s. The first one is filled with strings, and the second replaces the strings by their replacement values.
And the function starts working after keyup event. It should work perfectly, but it returns some weird replacements starting from a character to g (the rest is working).
So is there a fix? Or another way, like replacing using arrays?
You don't need 100 replacements, just one will do.
insertedText.replace(/([a-z])/gi, '[[f9.ch$1]]')
http://jsfiddle.net/PRYWm/1/
Is there a way in JavaScript or MooTools to retrieve the actual text in the value from an input element without the browser interpreting any html special entites? Please see the example included below. My desired outcome is:
<div id="output">
<p>Your text is: <b>[<script>alert('scrubbed');</script>]</b></p>
</div>
Note that it works if I type/copy <script>alert('scrubbed');</script> directly into the text input box, but fails if I insert right after loading the page.
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>scrubtest</title>
</head>
<body id="scrubtest" onload="">
<script type="text/javascript" language="JavaScript" src="/js/mootools-core.js"></script>
<input type="text" name="scrubtext" value="<script>alert('scrubbed');</script>" id="scrubtext"/><br />
<input type="button" value="Insert" onclick="insertText();"/><br />
<input type="button" value="Get via MooTools" onclick="alert($('scrubtext').get('value'));"/><br />
<input type="button" value="Get via JavaScript" onclick="alert(document.getElementById('scrubtext').value);"/><br />
<div id="output">
</div>
<script type="text/javascript" charset="utf-8">
function insertText()
{
var stext = $('scrubtext').get('value');
var result = new Element( 'p', {html: "Your text is: <b>["+stext+"]</b>"} );
result.inject($('output'));
}
</script>
</body>
</html>
{html: "Your text is: <b>["+stext+"]</b>"}
That's your problem: you're taking a plain text string and adding it into HTML markup. Naturally any < characters in the text string will become markup, and you give yourself a potential client-side cross-site-scripting vulnerability.
You can HTML-escape, but there's no built-in function to do it in JS, so you have to define it yourself, eg.:
// HTML-encode a string for use in text content or an attribute value delimited by
// double-quotes
//
function HTMLEncode(s) {
return s.replace(/&/g, '&').replace(/</g, '<').replace(/"/g, '"');
}
...
var result = new Element('p', {html: "Your text is: <b>["+HTMLEncode(stext)+"]</b>"});
However, it is generally simpler to use DOM methods to add plain text without the bother of string hacking. I believe Moo would do it like this:
var bold= new Element('b', {text: stext});
var result= new Element('p', {text: 'Your text is: '});
bold.inject(result);
escape & like this: &
<input type="text" name="scrubtext" value="<script>alert('scrubbed');</script>" id="scrubtext"/>
You can change the & characters into & by using
var result = new Element( 'p', {html: "Your text is: <b>["+stext.replace(/&/g,'&')+"]</b>"} );
Addition: I would go with bobince on the benefit of using the DOM node properties, instead of injecting arbitrary HTML.
function htmlspecialchars_decode(text)
{
var stub_object = new Element('span',{ 'html':text });
var ret_val = stub_object.get('text');
delete stub_object;
return ret_val;
}