I want to read the clipboard, if it's an url do some stuff. Problem is url? doesn't do the job as:
url? to-url "any string" will return true
Is this normal ? How do I do the detection I want then ?
to-url makes a string into a REBOL datatype of URL!
What you want is to detect if a string conforms to the rules for a URL. That is nor easy or fool proof as many strings can be URLs in the real world, eg:
http://xxx
ftp://xxx
frag
cgi-bin/script.php
If you want to capture the more common cases (eg those that start with http://, https:// etc), then consider using parse.
This script almost does the job:
link text
What it missing is some charset definitions (I think the code must have been hurriedly cut'n'pasted from somewhere else)....
alpha: charset [#"a" - #"z" #"A" - #"Z"]
digits: charset [#"0" - #"9"]
alphadigit: union alpha digits
...and an example of how to use it: Assuming you have saved it locally as uri.r:
url-parse: do %uri.r
parse "http://sss" parse-url/url
== true
parse "sss" parse-url/url
== false
You can use:
url? load "any://string"`
or
url? attempt [load "any string"]
To use REBOL's definition of a URL.
Related
So I have a set of strings, with some "custom markdown" that I have created. My intention is to render these strings as HTML in the frontend. Let's say, I have this string:
This is a string <color>that I need</color> to\nrender <caution>safely in the browser</caution>. This is some trailing text
I would be expecting to get something like:
This is a string <span class="primaryColor">that I need</span> to<br>render <div class="caution">safely in the browser</div>. This is some trailing text
And the way I do it right now is with some basic Regex:
toHtml = text
.replace(/<color>(.*)<\/color>/gim, "<span class='primaryColor'>$1</span>")
.replace(/\\n/g, "<br>")
.replace(/<caution>(.*)<\/caution>/gims, "<div class='caution'>$1</div>")
This works fine and returns the correct string. And then for printing, in the template I just:
<div id="container" v-html="result"></div>
My problem is that at some point I expect users to be able to enter this strings themselves, and that would be displayed to other users too. So for sure, I am gonna be vulnerable to XSS attacks.
Is there any alternative I can use to avoid this? I have been looking at https://github.com/Vannsl/vue-3-sanitize which looks like a good way of just allowing the div, span and br tags that I am using, and set the allowed attributes to be only class for all the tags. Would this be safe enough? Is there something else I should do?
In that case, I believe it will not be necessary to sanitize it in the backend too, right? Meaning, there will be no way for the web browser to execut malicious code, even if the string in the server contains <script>malicious code</script>, right?
My problem is that at some point I expect users to be able to enter this strings themselves
So, Do we have a form input for the users to enter the string which you mentioned in the post ? If Yes, My suggestion is that you can sanitize the user input at first place before passing to the backend. So that in backend itself no malicious code should be stored.
Hence, By using string.replace() method. You can first replace the malicious tags for ex. <script>, <a, etc. from the input string and then store that in a database.
Steps you can follow :
Create a blacklist variable which will contain the regex of non-allowed characters/strings.
By using string.replace(), replace all the occurrence of the characters available in the string as per the blacklist regex with the empty string.
Store the sanitized string in database.
So that, You will not get worried about the string coming from backend and you can bind that via v-html without any harm.
I've got this string that I want to send to a backend. In this string, there are several forward slashes, that is basically code that is commented out. It could look like:
val string = "// SOME STUFF
// OTHER TEXT ***************************************************
// THIS WOULD CONTINUE FORWARD"
So to escape this entire String, I'm using Gson().toJson(string). This would give a result like
"// SOME STUFF\r\n\r\n// OTHER TEXT ***************************************************\r\n// THIS WOULD CONTINUE FORWARD"
But if I put this into a website that can escape strings for me, I would get
"\/\/ SOME STUFF\r\n\r\n\/\/ OTHER TEXT ***************************************************\r\n\/\/ THIS WOULD CONTINUE FORWARD"
This bottom part, is what the backend would accept, and the top part it rejects. Is there any way I can do this in a different way, to make Gson look like the bottom part? This is sent as JSON btw, so as
{
"stuff": "THE ESCAPED STRING"
}
I kind of failed, and the Gson library didn't help at all. Ended up using Apache's StringEscapeUtils to fix the issue for me, with the StringEscapeUtils.escapeJson method.
I'm creating a REST API in Yii and I'd like to build my URLs like this:
/api/my_model
/api/my_model.xml
/api/my_model.json
Where the first one returns the HTML view, .xml returns XML and .json returns JSON.
This is what I have in the rules for urlManager in main.php:
array('api/list/', 'pattern'=>'api/<model:\w+>', 'verb'=>'GET'),
I figure if I pass a format variable, then if it's blank I know it should return HTML, or json/xml if a format is passed. I tried this:
array('api/list/', 'pattern'=>'api/<model:\w+>.<format:(xml|json)>', 'verb'=>'GET'),
And it works great for .xml and .json, but not when my url is just /api/list
My question is how do I setup the URLs in urlManager to make this work?
In php regular expressions, ? is used to match 1 or none of the previous character, so
a? means zero or one of a
Then we can use that in the rule:
array('api/list/', 'pattern'=>'api/<model:\w+>.<format:(xml|json)>?', 'verb'=>'GET'),
// notice the ? at the end of format:
However the above will also allow urls of type : api/my_model.
To avoid that you can move the dot into the format variable :
array('api/list/', 'pattern'=>'api/<model:\w+><format:(.xml|.json)>?', 'verb'=>'GET'),
But that will result in format being .xml or .json. So, we have another alternative:
array('api/list/', 'pattern'=>'api/<model:\w+>(.<format:(xml|json)>)?', 'verb'=>'GET'),
This should work with all urls, you wanted, and also match format as either xml or json.
I followed Ryan Bates screencast of how to use permalinks in a Rails application. Unfortunately I am stuck with an issue when some of my permalinks contain slashes. Is there anything that I can do in the controller to encode those on the fly, or do they need to be encoded in the database?
You can use Rack::Utils.escape to return a clean, friendly URI. For instance:
Rack::Utils.escape("This/is/not/a/good/url")
will return
"This%2Fis%2Fnot%2Fa%2Fgood%2Furl"
and
Rack::Utils.unescape("This%2Fis%2Fnot%2Fa%2Fgood%2Furl")
converts it back to the original string:
"This%2Fis%2Fnot%2Fa%2Fgood%2Furl"
You'll have to wire those methods into the find methods in the controller, but should work out for you.
To generate permalinks that are safe, use something like this. It will create a 4 character long, url safe permalink and check to make sure there are no duplicates.
def create_permalink
loop do
self.permalink = SecureRandom.urlsafe_base64(4).downcase
break permalink unless ModelName.find_by_permalink(permalink)
end
end
I thought using colons in URIs was "illegal". Then I saw that vimeo.com is using URIs like http://www.vimeo.com/tag:sample.
What do you feel about the usage of colons in URIs?
How do I make my Apache server work with the "colon" syntax because now it's throwing the "Access forbidden!" error when there is a colon in the first segment of the URI?
Colons are allowed in the URI path. But you need to be careful when writing relative URI paths with a colon since it is not allowed when used like this:
<a href="tag:sample">
In this case tag would be interpreted as the URI’s scheme. Instead you need to write it like this:
<a href="./tag:sample">
Are colons allowed in URLs?
Yes, unless it's in the first path segment of a relative-path reference
So for example you can have a URL like this:
https://en.wikipedia.org/wiki/Template:Welcome
And you can use it normally as an absolute URL or some relative variants:
Welcome Template
Welcome Template
Welcome Template
But this would be invalid:
Welcome Template
because the "Template" here would be mistaken for the protocol scheme.
You would have to use:
Welcome Template
to use a relative link from a page on the same level in the hierarchy.
The spec
See the RFC 3986, Section 3.3:
https://www.rfc-editor.org/rfc/rfc3986#section-3.3
The path component contains data, usually organized in hierarchical
form, that, along with data in the non-hierarchical query component
(Section 3.4), serves to identify a resource within the scope of the
URI's scheme and naming authority (if any). The path is terminated
by the first question mark ("?") or number sign ("#") character, or
by the end of the URI.
If a URI contains an authority component, then the path component
must either be empty or begin with a slash ("/") character. If a URI
does not contain an authority component, then the path cannot begin
with two slash characters ("//"). In addition, a URI reference
(Section 4.1) may be a relative-path reference, in which case the
first path segment cannot contain a colon (":") character. The ABNF
requires five separate rules to disambiguate these cases, only one of
which will match the path substring within a given URI reference. We
use the generic term "path component" to describe the URI substring
matched by the parser to one of these rules. [emphasis added]
Example URL that uses a colon:
https://en.wikipedia.org/wiki/Template:Welcome
Also note the difference between Apache on Linux and Windows. Apache on Windows somehow doesn't allow colons to be used in the first part of the URL. Linux has no problem with this, however.