I have an ASP.NET MVC web app which includes the facility for clients to upload/download documents from a folder on the server.
I'm having a problem with people uploading file names containing an ampersand character (possibly other characters too, this is the only one I've discovered so far).
The result is I'm getting javascript redirects looking something like:
window.location.href = 'MyController/DownloadDocument?filename=Dog & Cat.pdf';
which obviously doesn't work.
What's the easiest work around for something like this? Is there any way to escape the ampersand in the query string?
Use encodeUriComponent (which will also fix the problem of the spaces, which aren't allowed in URIs)
Related
I don't have to HTML encode the string. I was trying various solutions, but the problem is still, how do you handle the semicolon entered by the user if you need to do a JS str.indexOf(";"); later on.
I’m using System.Net.WebUtility.HtmlEncode(test); encode my string,which adds semicolons (as you would expect for html encoding).
Later down the process this string gets utilized to create JavaScript commands that end with ';'. These commands are separated by doing a str.indexOf(";");
My issue is that the user is allowed to enter semi-colon in the field,which breaks the aforementioned indexof(";"), which I use to dynamically create the JavaScript commands.
How can I support users entering in semicolons into a string if I need to do a JS indexof(";") to separate the JS commands?
I tried in the C# side doing a
string myString = System.Net.WebUtility.HtmlEncode(test);
but that just makes the situation worse by adding even more semicolons as you would expect for HTML enconding.
The solution I came up with was to do a replace on the the C# side. In C# I do a .Replace of all % and (other problematic characters) with their URL encoded string versions before the JavaScript command ending ";" gets inserted(i.e. myString.Replace(";","%3B").Replace("=","%3D");).
Once it hits the JavaScript side I do the complete opposite, thus leaving my JS semicolons intact.
The aforementioned solution allowed me to distinguish between a user inserted semicolon and one entered in programmatically.
I'm having some difficulty narrowing down the problem, I am wondering if anyone can help.
We are storing a URI in a element href attribute. This URI is dynamically created. One of the URI path variables maps to an id of an element in our database. Recently, we have started to use ampersands on special occasions in the id. The URI looks something like "/{entityType}/{entityId}/moderation".
When the URL is built, we use the encodeURIComponent javascript function, effectively turning the ampersand into '%26'. By examining the data stored in the href attribute via a web development tool, it looks like it is stored correctly. However, when I mouse hover it only displays the ampersand in the url.
Other ids work fine, including things like single apostrophes, but with an ampersand, it looks like it is getting a page redirection error (I'm guessing the ampersand is making the url invalid). I've tried escaping the percent sign, making the ampersand turn into '%2526', thinking that the %25 portion will be decoded to just the percent sign (making the final result %26).
So far none of my tinkering has worked. Anyone have a suggestion for next steps or what may be going on? Any help appreciated!
In my rails app, I'm adding text dynamically to the page using something like this
$('.container').append('<div class="test"><%=description%></div>')
The issue is that sometimes the ruby variable "description" contains single quotes (for example, it might container the word "I'm"), which leads to errors when the page tries to render the text.
What's the best way to avoid this problem by escaping quotes in description?
Checkout Rails' JavaScript Helper, in particular escape_javascript(javascript)
Escapes carriage returns and single and double quotes for JavaScript
segments.
Also available through the alias j(). This is particularly helpful in
JavaScript responses, like:
$('some_element').replaceWith('<%=j render 'some/element_template'
%>');
I have a javascript script which is calling a php page to supply an ajax form with suggestions. The suggestions are returned fine by the php page, but for some reason, when i set the responsetext of the javascript object request as an element in my HTML page, all the special characters (ie. á or ã) show up as this question mark. Is there a function II must run on the response text of the request to make sure these are read properly?
Thanks.
If you are not serving your HTML pages as UTF-8, the browser will guess an encoding, typically a single-byte Windows codepage depending on the user's locale.
But this doesn't happen for AJAX. With XMLHttpRequest, unless you specifically state an encoding in the Content-Type: ...; charset= parameter, the browser will treat it as UTF-8. That means if you are actually serving Windows code page 1252 (Western European) content, you will get an invalid UTF-8 sequence and consequent question mark.
You don't want to be using a non-UTF-8 encoding! Make sure you are using UTF-8 throughout your application. Serve all your pages with Content-Type: text/html; charset=utf-8, store your data in UTF-8 tables, use mysql_set_charset() to choose UTF-8, etc.
In any case consider passing AJAX responses using JSON. The function json_encode() will create a JSON string that uses JavaScript escape sequences for non-ASCII characters, which avoids any problem of encoding mismatch. Also this is easier to extend to add functionality than returning raw HTML.
I would try, in your php script, to encode everything as html entities.
This can be easily tested by doing something like this before returning the results to javascript:
$results = htmlentities($htmlstring);
There's also the htmlspecialchars function you might try.
More about this here:
http://php.net/manual/en/function.htmlentities.php
I have an html page were i can fill in some text and send (with javascript) this to an sql-database.
On my pc, everything works fine, but on another one (a french windows), it doesn't save my chars correctly.
french chars like é, è, â,.. were saved as 'É', or something like that.
I googled a lot but still did not found any solution, i'm also not able to reproduce the problem on my own pc..
"É" occurs when a character encoded in utf-8 (2 bytes) is read as latin (1 byte). The problem can be on the client side (e.g. by the use of escape) or on the server side (wrong parsing of the form's POST data, database encoding).
Make sure that your html pages encoding is set to something like UTF-8, UTF-16, etc... Also make sure that your strings are escaped properly in javascript.
You need to encode the file in ANSI. I do this my self. For example in notepad 2 you would click File->Encoding->ANSI and then save.