How to show exact URL with escaped characters in Safari? - javascript

I have a url like this : http://www.refskou.dk/safari-%F8.html
The file is named like this: safari-ø.html
The file consists of this:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script>
alert(this.location);
</script>
</head>
<body>
</body>
</html>
But it does not print out /safari-%F8.html nor safari-ø.html
It prints out the question mark indicating that it does not know of the character "ø".
All I want is to print out the URL as I see it in the address bar.
Please give me a hint. This is only a problem in Safari as far as I have testet.
I need to tell you that I do not have control over what kind of charset used on the page. I can only execute javascript :-)
In response to this answer.
The reason for the lack of control, is that I do a script that can be included to hopefully any webpage, and so I have no control over what kind of charset used. The included script can ofcouse have its own charset, introduced by the charset attribute on the "script" tag but I cannot get it to work.

unescape('/safari-%F8.html') == 'safari-ø.html'
Note that Safari still gives you a ?, but Chrome shows either a %F8 or ø
In Safari (nevermind):
var str = '/safari-%F8.html';
alert(str.replace(/%[A-F0-9]{2}/g, function(v){ return String.fromCharCode(parseInt(v.substr(1), 16)); }));
The above works on normal strings, but Safari is seeing that character as unicode 65533, and I'm not sure how to convert that back to ASCII 248...

Try the unescape javascript function:
alert(unescape(this.location));

I believe you'll need to specify a character set.
The first thing in your Head section...
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
More Info Here
EDIT: I missed the part where the OP states he has no control over the character set on the page. I believe this is the root of the problem and wonder why he has no control over this.

Well I finally got it working. For some reason Safari cannot understand the strange characters when asking from this/window.location. But moving down a level to the document object and asking for the URL gives me just what I need. Why this is, I cannot tell you, but it solves the problem.

Related

DOM Based Cross-site Scripting example: Java Script does not get executed

I have recently read the following article about a DOM-based XSS:
https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/
But the examples provided in the article are not working as described. I created the HTML example file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head></head>
<body>
<script>
document.write("<b>Current URL</b> : " + document.baseURI);
</script>
<h1> Welcome on my Example Page </h1>
</body>
</html>
I have put the above file in an application folder of a Web-Application deployed on the JBoss server and I have called the resource from my browser ( I have tried both IE 11 and Firefox). IE 11 shows the resulting HTML content like this:
Current URL : undefined
Welcome on my Example Page
while Firefox shows the resulting HTML content like this:
Current URL : https://localhost:8443/ukvlei/example.html
Welcome on my Example Page
In both cases, I can not force any of the browsers to execute the java script function after the # sign, as described in the article. When I type
https://localhost:8443/ukvlei/example.html#<script>alert(1)</script>
in the address bar of the browser, I get the following HTML content:
under IE 11:
Current URL : undefined
Welcome on my Example Page
under Firefox:
Current URL : https://localhost:8443/ukvlei/example.html#%3Cscript%3Ealert(1)%3C/script%3E
Welcome on my Example Page
What am I doing wrong, so that I cannot execute the java script in any of the browsers?
Thank you!
You haven't run the URI through decodeURIComponent so that the URI syntax is converted back to text.
I want to thank both #scagood and #Quentin, with whose help I got my question answered. So, the answer is:
1.) Apperantly the provided example in the article is out of date, as it is around three years old, so:
2.) Use window.location.href instead of document.baseURI;
3.) To make the example run both under IE and Firefox, decode the URL using decodeURIComponent.
So, the working example HTML file now looks like this:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head></head>
<body>
<script>
document.write("<b>Current URL</b> : " + decodeURIComponent(window.location.href));
</script>
<h1> Welcome on my Example Page </h1>
</body>
</html>

string.split not working as intended in Firefox? Works fine in Chrome

having a bit of an issue here. I have this code:
//phoneNumber is a string ie ('01☂916☂5234321')
var phoneNumberSplit = phoneNumber.split('☂');
console.log(phoneNumberSplit);
//in Chrome this returns as ["01", "916", "5234321"], in Firefox this returns as
//[ "01☂916☂5234321" ]
I later call phoneNumberSplit[1] which in Chrome is fine, but in Firefox it says it's undefined. Why does string.split return two different things depending on which browser I'm in? The documentation says that it works in both Firefox and Chrome. Any help?
edit oooook I figure out what my issue was. On the page I was testing this on the charset="UTF-8" was missing from the meta tag and wasn't reading the unicode character. In Chrome I guess they have UTF-8 on by default and in Firefox they do not, or something. Whoops.
I figured out what my issue was. On the page I was testing this on the charset="UTF-8" was missing from the meta tag and wasn't reading the unicode character. In Chrome I guess they have UTF-8 on by default and in Firefox they do not, or something. Whoops.
The meta tag is required to tell the browser the character encoding. Firefox 39 did give the correct result but also a warning in the console that the character encoding was incorrect. Try this code with the meta tag included/removed to see the difference.
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
</body>
<script>
//phoneNumber is a string ie ('01☂916☂5234321')
var phoneNumber='01☂916☂5234321';
var phoneNumberSplit = phoneNumber.split('☂');
console.log(phoneNumberSplit);
//in Chrome this returns as ["01", "916", "5234321"], in Firefox this returns as
//[ "01☂916☂5234321" ]
</script>
</html>

escape vs encodeURIComponent [duplicate]

I thought values entered in forms are properly encoded by browsers.
But this simple test file "test_get_vs_encodeuri.html" shows it's not true:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title></title>
</head><body>
<form id="test" action="test_get_vs_encodeuri.html" method="GET" onsubmit="alert(encodeURIComponent(this.one.value));">
<input name="one" type="text" value="Euro-€">
<input type="submit" value="SUBMIT">
</form>
</body></html>
When hitting submit button:
encodeURICompenent encodes input value into "Euro-%E2%82%AC"
while browser into the GET query writes only a simple "Euro-%80"
Could someone explain?
How do i encode everything in the same way of the borwser's FORM (windows-1252) using Javascript??? (escape function does not work, encodeURIComponent does not work either)?
Or is encodeURIComponent doing unnecessary conversions?
This is a character encoding issue. Your document is using the charset Windows-1252 where the € is at position 128 that is encoded with Windows-1252 as 0x80. But encodeURICompenent is expecting the input to be UTF-8, thus using Unicode’s charset where the € is at position 8364 (PDF) that is encoded with UTF-8 0xE282AC.
A solution would be to use UTF-8 for your document as well. Or you write a mapping to convert UTF-8 encoded strings to Windows-1252.
I think the root of the problem is character encodings. If I mess around with charset in the meta tag and save the file with different encodings I can get the page to render in the browser like this:
(source: boogdesign.com)
That € looks a lot like what you're getting from encodeURIComponent. However I could find no combination of encodings which made any difference to what encodeURIComponent was returning. I can make a difference to what the GET query returns. This is your original page, submitting gives an URL like:
test-get-vs-encodeuri.html?one=Euro-%80
This is a UTF-8 version of the page, submitting gives an URL that looks like this (in Firefox):
http://www.boogdesign.com/examples/encode/test-get-vs-encodeuri-utf8.html?one=Euro-€
But if I copy and paste it I get:
http://www.boogdesign.com/examples/encode/test-get-vs-encodeuri-utf8.html?one=Euro-%E2%82%AC
So it looks like if the page is UTF-8 then the GET and encodeURIComponent match.

How to print special characters with jquery?

I am designing web page in slovak language. To be able to use meantioned language special characters such as á or ž, I am using this html code:
<html lang="sk">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
Now it works as expected but only when I hard code that kind of text into html file.
As soon as I use jquery to print them it breaks down and those characters are not correctly shown.
$("#myDiv").html("áž");
Am I supposed to specify something in jquery or is there another way to overcome this problem?
You can pass the numeric entity for that character into the html() function to achieve that,
Try a sample,
$('body').html('Ξ');
DEMO
I think you may be use some tricks here
Try this
$("#myDiv").html($("<div>").html("áž").text());
Or simply try this
$("#myDiv").text("áž");
It is quite Easy you can do the following
Use any special Character u want
$("#mydiv").text("*&^&*^*&^*");
Here is the Demo

How can I do a script to catch strings as input and open them on a firefox document?

How can I do a script to catch strings as input and open them on a Firefox document? Each link would go to a different window or tab. Any ideas would be much appreciated.
I just want to be able to take some links and open them. For example I have 50 Links. And copying and parsing those 50 Links take a really long time and also a lot of work. If I can just write a script to read those links and let the computer do the work, it will be very helpful for me. I just don't know how to write that or where because it does not sound too hard (just gotta know how to). Thanks for any suggestions.
if i got you right, i guess you could do something like this. This will open the four urls listed but it will probably be blocked by the popup blocker.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Documento sin título</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<script>
<!--
var dir = new Array();
dir[0] = "http://www.creativecorner.cl/";
dir[1] = "http://www.sourcing.cl/";
dir[2] = "http://www.feeds.cl/";
dir[3] = "http://www.neonomade.com/";
for(i = 0 ; i < dir.length ; i++){
window.open(dir[i],'autowindow' + i,'width=1024,height=768');
}
-->
</script>
</body>
</html>
Write this to a file names "links.html" on your hard disk:
<html>
<head><title>Your links</title></head>
<body>
Your links:<br />
XXX<br />
</body>
</html>
Replace the two "XXX" with one link and emit one "link" (a) line per link. You should be able to do that in most text editors with a little search'n'replace. After you're done, save the file and open it in your browser.
Another option is to look at the bookmark file of your browser and to duplicate the format. You can usually ignore things like "last visited", etc. Just add the links.
If you want to do this in JavaScript, you will need to use a form with a textarea. Create a small HTML document with a form, the JavaScript, the textarea and a div for the result.
Add a button which calls a JavaScript function which takes the text from the textarea, split it into lines and create the HTML above (only the link-lines) as a String. Now assign this string to the attribute innerHTML of the div to make the links clickable.

Categories