Escaping & for display in mail client (mailto link) - javascript

I have a JavaScript function like so:
var strBody = encodeURI(window.location.href);
var strSubject = encodeURI(document.title);
var mailto_link = "mailto:?subject=" + encodeURI(strSubject) + "&body=" + strBody;
This code is executed on a hyperlink's onclick event, and opens the mail client (mailto://). However, the title of the page has several & symbols, but the title is only picked up until the first &. The url is always picked up.
What is the correct JavasSript to escape the & and display it in the mail client's subject line?

var encoded_body = encodeURIComponent(window.location.href);
var encoded_subject = encodeURIComponent(document.title);
var mailto_link = "mailto:?subject=" + encoded_subject + "&body=" + encoded_body;
should do it (encodeURIComponent instead of encodeURI).
In your original code you were also incorrectly double encoding the subject (once on line 2, and then again on line 3).
I took the liberty of renaming your variables to make it clearer that they contain the encoded subject and body, as opposed to the original text.

You want encodeURIComponent not encodeURI.

Related

Chrome doesn't send line breaks xhttp/javascript

When sending input from a multiline textbox with an xhttp request through javascript, chrome blocks out new lines as part of some new exploit prevention. I have tried using encodeURI, which did nothing, and trying to send also causes this error. I am allowing users to submit html through the textbox.
Edit:
Javascript code:
var taskid = 'task=' + notes;
var cont = '&content=' + po.value;
var head = '&head=' + pp.value;
var comb = taskid+cont+head;
var nlink = 'create.note.php?'+comb;
var encoded = encodeURI(nlink);
xhttp.open('GET', encoded + comb, true);
Chromes response:
[Deprecation] Resource requests whose URLs contained both removed whitespace
(`\n`, `\r`, `\t`) characters and less-than characters (`<`) are blocked.
Please remove newlines and encode less-than characters from places like
element attribute values in order to load these resources. See
https://www.chromestatus.com/feature/5735596811091968 for more details.

Javascript & problems

I have the following code:
var artist = document.getElementById("txtBoxArtist").value;
When value is plain text, e.g. Biffy Clyro, artist = Biffy Clyro
When value contains &, e.g. Mumford & Sons, artist = Mumford
I the send artist value using AJAX, and recover the value on another php page like this:
var data = "nameTitle=" + title + "&nameArtist=" + artist;
[...]
$nameArtist=$_POST['nameArtist'];
Why does this happen and how to avoid it? It is giving me lots of problems this &symbol...
Thank you all!
You need to encode the values before sticking them on the URL.
var data = "nameTitle=" + encodeURIComponent(title) + "&nameArtist=" + encodeURIComponent(artist);
You should also see this.
Some characters are special and need 'escaping' to encode their values - as you are showing using & instead of &.
However, these escaping principles are different for HTML content and for URLs/URIs.
In URI, & is escaped as %26 and not as & - so you should either use that or the appropriate encoding/decoding functions, not the HTML entity encoding/decoding.
I guess you can encode valiables before sending them like this:
artist = encodeURIComponent(artist);
title = encodeURIComponent(title);
var data = "nameTitle=" + title + "&nameArtist=" + artist;
hope this helps.

Passing Parameters to a Batch File from Javascript Inside Hyperion Interactive Reporting Studio

Inside of Hyperion Reporting Studio I have a document level script where I wish to call a batch file and pass arguments to the batch file.
Here is the code I have:
var Path = "W:\\directory\\Reference_Files\\scripts\\vbs\\SendEmail.bat"
var Email = "my.email#xxx.com"
var Subject = "My Subject"
var Body = "My Body"
var Attach = "W:\Maughan.xls"
Application.Shell(Path + " " + Email + " " + Subject + " " + Body + " " + Attach)
This code does not open the file, but gives the error message The filename, directory name, or volume label syntax is incorrect.
If I pass Path by itself my bat file runs (giving me a warning because no parameters are passed) and I when I run the same code from the Shell Command, it works flawlessly.
Can anyone provide any insight into the correct syntax to pass into the Application.Shell method so that it reads my parameters and passes them to the batch file? I have been searching high and low online to no avail.
Because var Attach = "W:\Maughan.xls" should be var Attach = "W:\\Maughan.xls".
Within a string the escape character \ just escapes the next character so Attach will contain just W:Maughan.xls. To add \ you need to use \ twice.
Update:
It may have no difference in this particular case, because W:Maughan.xls means to look for Maughan.xls in the current directory on the drive W which is most likely \.
But what is definitely important are quotes around the parameters Subject and Body. In you code the constructed command is
W:\directory\Reference_Files\scripts\vbs\SendEmail.bat my.email#xxx.com My Subject My Body W:Maughan.xls
I sure that the bat file cannot distinguish between the subject and body (unless it expect exactly two words in each of them) so the right command most likely is
W:\directory\Reference_Files\scripts\vbs\SendEmail.bat my.email#xxx.com "My Subject" "My Body" W:\Maughan.xls
and you can check it by running the command above in cmd.
To construct it the parameters should be modified as follows:
var Path = "W:\\directory\\Reference_Files\\scripts\\vbs\\SendEmail.bat"
var Email = "my.email#xxx.com"
var Subject = "\"My Subject\""
var Body = "\"My Body\""
var Attach = "W:\\Maughan.xls"
(this correction was inspired by impinball's answer)
Try putting an escaped quote on either side of the variable values. Depending on where the directory is, that may make a difference. The outside quotes in strings aren't included in the string values in JavaScript. Here's an example of what I'm talking about:
var Path = "\"W:\\directory\\Reference_Files\\scripts\\vbs\\SendEmail.bat\""
instead of
var Path = "W:\\directory\\Reference_Files\\scripts\\vbs\\SendEmail.bat"

how to escape single quote in dynamically created HTML tag content

In my javascript code,
I have a variable which have a string. String contains ' or quote in it. Example
var name= "hi's";
I am creating a link dynamically in a code. where it is written as a string i.e a variable content will be used dynamically to create a link on html page.
content= '<a onclick="javascript:fun(\'' + name + '\');">'
Here it is giving problem that quote in variable name completes the string in content. and hence rest portion of content is not recognised..
similar problem arises if var name = 'hi"s';
i.e. if double quote is present in it.
plz help
This is how you would create an anchor properly and completely avoid the need to escape anything.
var name = "Hi's",
anchor = document.createElement('a');
// should have an href
// links will be displayed differently by some browsers without it
anchor.href = '#';
// using onclick for pragmatic reasons
anchor.onclick = function() {
fun(name);
return false;
}
anchor.innerHTML = 'hello world';
// later
mydiv.appendChild(anchor);
Btw, the onclick attribute shouldn't start with "javascript:" at all; that's already implied.
Update
If you're still interested in the inline version, variables need two steps of encoding:
The first is to serialize the variable properly; I would use JSON.stringify() for that
The second is HTML escaping; the simplest form is simply to replace double quotes with their proper encoded values.
For example:
var content = '<a href="#" onclick="fun(' +
JSON.serialize(name).replace(/"/g, '"') + ');">hello</a>';

Why I get some numbers added to a String variable in Javascript?

I'm trying to concatenate some String variables in Javascript in order to make it contain a file path which has to be calculated to load some flash charts.
If I alert the variable it shows properly but when i invoke the method to load the chart I get an error cause the path it receives isn't the one I see on the alert and thus the one it should be. It's the same string but with some numbers added at the end preceded by an interrogation mark, like '?1297931086408' for example.
Therefore the path is the right path plus this substring which is 'unloadable'.
Thanks in advance for your help!
The problem is not on your javascript. It's on your server.
For a server, this path:
/path/to/my_file.csv
Should be equivalent to this other path:
/path/to/my_file.csv?1425432456
Inside a url, the part to the left of the question mark references the resource being requested. The part to the right are parameters.
That "random number" at the end is a parameter that prevents caching. If it wasn't there, most browsers will say "hey, I already know what is on /path/to/my_file.csv, I don't need to get it again" and will use a cached version of the data. Chances are that flashmovie.reloadData is adding that parameter itself.
Make sure that the file get downloaded if you type its address directly into the browser url bar. Then, try adding a question mark and some random numbers. If that doesn't work, then your server is being overzealous on its url validation.
The code is pretty simple:
function setDataModified(businessUnit){
var path = "https://....";//Complete path
var csvPath;
var xmlPath = path + "Monthly%20Charts/" + businessUnit + "/";
var csvPath = "";
csvPath = path + "Monthly%20Charts/";
//Take data from the form
var selectedMonth = document.getElementById("monthForm").value;
var selectedYear = document.getElementById("yearForm").value;
//Generate csv's path
csvpath += selectedYear + "/" + selectedMonth + "/Monthly_" + businessUnit + "standardChart__" + selectedMonth + "_" + selectedYear + ".csv";
//setData call
var flashMovie = document.getElementById("amcolumn1");
alert(csvPath);
flashMovie.reloadData(csvPath);//csvPath contains the path and also some numbers like '?129..'
}
When I try to load the new chart i get and error message pointing out the error and the wrong path, i.e. with the added numbers at the end.
Thanks!

Categories