I've got this string that I want to send to a backend. In this string, there are several forward slashes, that is basically code that is commented out. It could look like:
val string = "// SOME STUFF
// OTHER TEXT ***************************************************
// THIS WOULD CONTINUE FORWARD"
So to escape this entire String, I'm using Gson().toJson(string). This would give a result like
"// SOME STUFF\r\n\r\n// OTHER TEXT ***************************************************\r\n// THIS WOULD CONTINUE FORWARD"
But if I put this into a website that can escape strings for me, I would get
"\/\/ SOME STUFF\r\n\r\n\/\/ OTHER TEXT ***************************************************\r\n\/\/ THIS WOULD CONTINUE FORWARD"
This bottom part, is what the backend would accept, and the top part it rejects. Is there any way I can do this in a different way, to make Gson look like the bottom part? This is sent as JSON btw, so as
{
"stuff": "THE ESCAPED STRING"
}
I kind of failed, and the Gson library didn't help at all. Ended up using Apache's StringEscapeUtils to fix the issue for me, with the StringEscapeUtils.escapeJson method.
Related
So I have a set of strings, with some "custom markdown" that I have created. My intention is to render these strings as HTML in the frontend. Let's say, I have this string:
This is a string <color>that I need</color> to\nrender <caution>safely in the browser</caution>. This is some trailing text
I would be expecting to get something like:
This is a string <span class="primaryColor">that I need</span> to<br>render <div class="caution">safely in the browser</div>. This is some trailing text
And the way I do it right now is with some basic Regex:
toHtml = text
.replace(/<color>(.*)<\/color>/gim, "<span class='primaryColor'>$1</span>")
.replace(/\\n/g, "<br>")
.replace(/<caution>(.*)<\/caution>/gims, "<div class='caution'>$1</div>")
This works fine and returns the correct string. And then for printing, in the template I just:
<div id="container" v-html="result"></div>
My problem is that at some point I expect users to be able to enter this strings themselves, and that would be displayed to other users too. So for sure, I am gonna be vulnerable to XSS attacks.
Is there any alternative I can use to avoid this? I have been looking at https://github.com/Vannsl/vue-3-sanitize which looks like a good way of just allowing the div, span and br tags that I am using, and set the allowed attributes to be only class for all the tags. Would this be safe enough? Is there something else I should do?
In that case, I believe it will not be necessary to sanitize it in the backend too, right? Meaning, there will be no way for the web browser to execut malicious code, even if the string in the server contains <script>malicious code</script>, right?
My problem is that at some point I expect users to be able to enter this strings themselves
So, Do we have a form input for the users to enter the string which you mentioned in the post ? If Yes, My suggestion is that you can sanitize the user input at first place before passing to the backend. So that in backend itself no malicious code should be stored.
Hence, By using string.replace() method. You can first replace the malicious tags for ex. <script>, <a, etc. from the input string and then store that in a database.
Steps you can follow :
Create a blacklist variable which will contain the regex of non-allowed characters/strings.
By using string.replace(), replace all the occurrence of the characters available in the string as per the blacklist regex with the empty string.
Store the sanitized string in database.
So that, You will not get worried about the string coming from backend and you can bind that via v-html without any harm.
I'm trying to parse my URL with wildcards. The problem appears when I try to parse long strings with a wildcard. For example, my URL looks like this:
http://testapi.com/v1/cards/%s/reissue?DesignId=%s&Comment=%s
and this is my code:
get_object.setRestUrl(String.format(url, card_id, design_id, comment))
When comment = "Something" it works, but when comment = "Something something", it goes on an error and says that it is "Unable to parse HTTP request".
How is it possible to make suitable my code with long strings with wildcards? I know that when typing long string it gives URL that looks like this:
http://testapi.com/v1/cards/1/Block?reasonId=1&comment=Something%20like%20that%20example
Just needed to modify with comment.replace(" ", "%20"), and now it works fine, even when there are no spaces.
Source : https://forum.katalon.com/t/getting-an-error-unable-to-parse-http-request/17685
P.S
If it is not allowed to post answer from another site, I will remove it.
You could try it:
get_object.setRestUrl(String.format(url, card_id, design_id, comment.replace(" ", "%20")))
More information could be found at https://forum.katalon.com/t/getting-an-error-unable-to-parse-http-request/17685
I'm trying to get the funcList visual studio code extension plugin to work with a proprietary language that I use and I'm having a problem getting the regex to work. The plugin documentation can be found here: https://marketplace.visualstudio.com/items?itemName=qrti.funclist and describes creating a settings.json file inside the .vscode folder of your project. My problems arise when trying to modify the regex expressions for the funcList.nativeFilter and funcList.displayFilter configuration values. Here is my current settings.json file:
{
"funcList.nativeFilter": "/(?:^|\\s)Function\\s+\\w+\\(/mg",
"funcList.displayFilter": "/\\s*Function\\s+(.*)/1",
"funcList.sortList": 1,
"funcList.doubleSpacing": false
}
I believe the main problem is the part of \\w+ in the nativeFilter property. This seems to only match on characters/numbers but not any special characters. Here is a snippet of a piece of code that I would like to work with this Function List:
Function Do.Something(paramOne, paramTwo)
'...
End Function
Method Do.Something_Else(paramOne, paramTwo)
'...
End Function
Ideally, the nativeFilter would capture Function Do.Something(paramOne, paramTwo) .. until End Function and then the displayFilter would only capture the first line (ie. Do.Something(paramOne, paramTwo))
Note: according to the docs, nativeFilter does not allow regex groups, but displayFilter allows groups 0-9.
I use this for javascript and the funcList extension. It is similar to what you are trying to do:
// so that "function someName(arg1, arg2) is captured
"funcList.nativeFilter": "/^[a-z]+\\s+\\w+\\s*\\(.*\\)/mgi",
// now display "someName(arg1, arg2)"
"funcList.displayFilter": "/\\S* +(\\w+\\s*\\(.*\\))/1",
You obviously have capital letters, periods and underscores to worry about but hopefully this helps you to some degree. [I see I did not need to actually put the function keyword in to make it work...]
[EDIT] Try this, it seems to work:
"funcList.nativeFilter": "/^Function \\w+.\\w+\\(.*\\)?/mg",
"funcList.displayFilter": "/\\S* +(\\w+.\\w+\\(.*\\))/1",
You just needed the . as it is not included in \w
This seems to be working for my needs:
{
"funcList.nativeFilter": "/^(Function|Method|Macro)\\s+[a-zA-Z0-9.+(){}\\/\\\\[\\],_\\-=:;!##$%^&*|,.<>? ]*\\).*$/mg",
"funcList.displayFilter": "/\\s*((Function|Method|Macro)\\s+[a-zA-Z0-9.+(){}\\/\\\\[\\],_\\-=:;!##$%^&*|,.<>? ]+)/1"
}
With this plugin, you need to capture the entire line in order to get the navigation to work when clicking on a function list.
i have this url, http://www.poer.com/oneup.htm?zip={zip}.
I need the {zip}, because in my code, when this page opens, I replace the {zip} with a zipcode say 10001.
But in aspx, when i put validation for that txtbox, it wont let the {} pass through.
This is the validation - ValidationExpression="http://([\w-]+.)+[\w-]+(/[\w- ./?%&=]*)?"
regularexpressionvalidator.
How can i get the curly brackets in sql server? which is my db in backend
I don't know ValidationExpression but it looks like just a regex so can't you just add the ={zip} to the end of it?
ValidationExpression="http://([\w-]+.)+[\w-]+(/[\w- ./?%&=]*)?={zip}"
I want to read the clipboard, if it's an url do some stuff. Problem is url? doesn't do the job as:
url? to-url "any string" will return true
Is this normal ? How do I do the detection I want then ?
to-url makes a string into a REBOL datatype of URL!
What you want is to detect if a string conforms to the rules for a URL. That is nor easy or fool proof as many strings can be URLs in the real world, eg:
http://xxx
ftp://xxx
frag
cgi-bin/script.php
If you want to capture the more common cases (eg those that start with http://, https:// etc), then consider using parse.
This script almost does the job:
link text
What it missing is some charset definitions (I think the code must have been hurriedly cut'n'pasted from somewhere else)....
alpha: charset [#"a" - #"z" #"A" - #"Z"]
digits: charset [#"0" - #"9"]
alphadigit: union alpha digits
...and an example of how to use it: Assuming you have saved it locally as uri.r:
url-parse: do %uri.r
parse "http://sss" parse-url/url
== true
parse "sss" parse-url/url
== false
You can use:
url? load "any://string"`
or
url? attempt [load "any string"]
To use REBOL's definition of a URL.