403 Forbidden while sending data from JavaScript - javascript

It is neither issue of file permission nor existence of file.
While sending formData through jquery data is passing successfully, but when I try with pure javascript then it returns error POST 403(Forbidden).
It is sure that problem is generated from ckeditor content. because if I pass following parameters
var heading = document.getElementById('heading').value;
var date = document.getElementById('date').value;
And pass as follow
http.send('heading='+heading+'&date='+date);
It returns no error, works fine.
But if I add following parameters
var content = CKEDITOR.instances.editor.getData();
And pass as follow
http.send('heading='+heading+'&date='+date+'&content='+encodeURIComponent(content));
It returns error.
POST 403(Forbidden)
I think special characters that are inserted in textarea are the cause of problem. Because if variable content is empty there would no error. Jquery is passing data, but why forbidden issue while using javascript ? I need to pass special characters without escaping. Because I can't control ckeditor output, becuase it is user input.

Related

How to change : Fullcalendar generates GET request

I am implementing fullcalendar on my website.
I have created a div with calendar as id.
I have put data from a SQL query in a php variable and used json encode to get the right format.
This is how I create the calendar :
$html .= "<script src='/wp-content/plugins/biobelt/moment.min.js'></script>
<script src='/wp-content/plugins/biobelt/fullcalendar.min.js'></script>
<link rel= 'stylesheet' href='/wp-content/plugins/biobelt/fullcalendar.css' type='text/css'>
<script>
jQuery(document).ready(function() {
var bevents = '".$buildingevents."'
console.log(bevents)
jQuery('#calendar').fullCalendar({
defaultDate: '" . $_SESSION['statDateFrom'] ."',
editable: true,
events: bevents,
});
});
</script>";
The console log gives me an output of the array that I am passing to events, and it is the correct format :
[{"id":"1","titre":"1","start":"2018-04-09 07:00:01","stop":"2018-04-09 11:00:00"},{"id":"2","titre":"1","start":"2018-04-09 07:00:01","stop":"2018-04-09 11:00:00"},{"id":"3","titre":"2","start":"2018-04-09 16:00:01","stop":"2018-04-09 21:00:00"},{"id":"4","titre":"2","start":"2018-04-09 16:00:01","stop":"2018-04-09 21:00:00"}, etc...
What I get from this is :
GET 403 Forbidden Error
I checked in apache logs, this is because the URL is too long since every field of the array is put into the url.
For some reason I don't want to change the limit request line in apache conf file.
I want to generate a POST instead of GET request.
And I would like to know how it generates a GET request since I didn't put GET anywhere in my files.
EDIT :
according to : https://fullcalendar.io/docs/events-json-feed
Fullcalendar create the get request and the URL. The problem persists since the URL is too long and I want to create a POST request instead. How to do that?
You seem to have misunderstood the documentation somewhat.
You said
The console log gives me an output of the array that I am passing to events, and it is the correct format
And indeed what you've showed does look like a Javascript array. So...it's a static array and not a URL. You do not have any kind of server endpoint to which you can make a separate ajax call to get your events. Therefore the article you linked to (https://fullcalendar.io/docs/events-json-feed) is not relevant. Instead you are providing a static list of events as per the method described at https://fullcalendar.io/docs/events-array).
Except that...you're not. Due to the way you've written your code, you're providing a string instead of an array. That is causing fullCalendar to assume you're providing a URL, and then trying to call that URL, and it's no surprise that it errors.
If you simply remove the single quotes from
var bevents = '".$buildingevents."'
so that it becomes
var bevents = ".$buildingevents.";
then your code should work ok, because this will inject a hard-coded array into the JavaScript instead of a string.

"Unexpected end of JSON input" error on loading JSON file from local file system

Hi I'm trying to retrieve data from a title.JSON file into an index.html file using AJAX calls.Both these files resides in my local file system.I have created a new instance of the chrome and 've set its target property as "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"--disable-web-security --user-data-dir="c:/chromedev"(I'm aware that this is not a good practice. Just trying out a server less way).Below is my code
<h1><a id="headName" href="#">Name</a></h1>
<p onclick="spaLoad()">NameChange</p>
function spaLoad(){
var xhr = new XMLHttpRequest();
xhr.open('GET','title.json',true);
xhr.send();
xhr.onreadystatechange=function () {
//var obj=xhr.responseText;
var obj = JSON.parse(xhr.responseText);
console.log(obj);
console.log(xhr.readyState);
console.log(xhr.status);
console.log(xhr.statusText);
//document.getElementById('headName').innerHTML = obj;
document.getElementById('headName').innerHTML = obj.name;
}
}
title.json
{"name":"stackoverflow","age":"100"}
I get my h1 updated as "stackoverflow" through an ajax call along with the error
Uncaught SyntaxError: Unexpected end of JSON input
at JSON.parse ()
at XMLHttpRequest.xhr.onreadystatechange
Here are my doubts:
1.I hope AJAX is for the communication between the client and the server. Though I have avoided using a server by modifying the browser settings, how did the ajax call work for me?Is it logical?
2.The JSON file contains the data as objects.Then why should I use JSON.parse(responseText)?(JSON.parse() is for converting the string from server into object for client I hope).If i directly give var obj=xhr.responseText;I get undefined.
3.readystate is changing to 4, but status is always 0.Why is it so?How could I resolve it.
Please give a brief explanation of how this server less ajax call works.I'm very new to ajax and is confused with this.
It is because readystate change fires multiple times and you expect it to fire once. You would need to check for readystate to be equal to 4 and the status to be 200 (or zero in your case since you are on the file protocol). Or use the onload and onerror events instead.
And if you still get a parsing error than you need to debug what is being returned.
//see what is returned
console.log(xhr.responseText)
//Look to see if you have hidden characters in the file.
console.log(escape(xhr.responseText))
Parsing errors occur either the file you are loading returns something else like an error page OR it has special hidden characters that cause the parser to choke.

How to escape initial json data in jade?

I use nodeJS/express as the backend and jade as a template engine. My Javascript part required some variables from the server. Generally, this can be done like this:
script(type='text/javascript').
var user = !{JSON.stringify(userObject)};
All works fine except the case when userObject has <script>[some text]</script> block. Please don't ask why this block appears in userObject because this is an internal thing and I just want to handle this case.
Because of the fact that the Javascript parser executes earlier than the HTML parser my embedding gets broken with the error:
<script>
var user = {
name: 'Erik',
about: '<script>about me</script>'
};
</script>
Uncaught SyntaxError: Invalid or unexpected token
The error happens due to the about me</script> line because it closes the main <script> tag.
So my question is: what is proper way to handle this error?
If you don't want to add an endpoint and do a GET request to it for the data, there are two more crude solutions. Note that these are kludgey hacks. I still think the best way to solve this is with an AJAX request to an API endpoint with the required data within the <script> tag.
1) Have functions that strip out the < and > characters and apply them before and after.
E.g. In the Express endpoint:
function replaceTags(aboutSection) {
aboutSection = aboutSection.replace(/</g, '%StartBracket%');
aboutSection = aboutSection.replace(/>/g, '%CloseBracket%');
return aboutSection;
}
In the client side code:
function undoReplace(aboutSection) {
aboutSection = aboutSection.replace(/%StartBracket%/g, '<');
aboutSection = aboutSection.replace(/%CloseBracket%/g, '>');
return aboutSection;
}
I'm using regex with the g tag to make sure everything, not just the first instance, is replaced.
2) If you don't need the about section, you could delete it before passing it to the endpoint.

DataCloneError: An object could not be cloned

I need to pass a Hash function by using the javascript postMessage. I'm using the browser Firefox. When I'm sending this I'm getting the below exception.
'DataCloneError: An object could not be cloned' The code which I have implemented so far is as below.
var mes = CryptoJS.SHA256(clientId + origin + sessionState);
opIFrame.postMessage(mes,endPoint);
When I'm sending a string value this works successfully. I tried to send mes.toString() but it still gives the same error. I saw several threads on this topic. But could not configure a solution. Please advice me on this.
Ensure that the mes variable contains a WordArray object after the call to CryptoJS.SHA256 by logging it into the console. It looks like the object you're trying to send via postMessage() is not what you're expecting (possibly an Error or a Function object).

JMeter modifying output to file from XML Stream

I'm attempting to write a JMeter script which after receiving and XML response from a server, extracts a string from it on the fly (drops the first part of the response) and writes it to a file.
Currently I use a Save Response Data to write to ChannelData_UAT_1 (filename). All good, it writes happily.
Then I add a BSF PreProcessor BEFORE it, and use javascript to try and extract the string. It's a bunch of XML tags, I want everything from "<Markets>" onwards.
I use:
function extract_markets(str)
{
marketIndex = str.indexOf("<Markets");
__log(marketIndex);
length = str.length;
marketString = str.substring(markeIndex, length-1);
return str;
}
vars.put('ChannelData_UAT_1', extract_markets(vars.get('ChannelData_UAT_1')));
As far as I can tell, ChannelData_UAT_1 is the variable the data is in. However this is only mentioned in the Save Response Data. But I can't do it afterwards otherwise it'll have already written to the file.
The current performance is for it to receive the response and write to the file. No filtering is done - as if my javascript didn't exist.
Anything small or obvious that I've missed? Suggestions?
I believe the issue stems from the fact that ChannelData_UAT_1 is not a variable and how Save Response Data works.
ChannelData_UAT_1 is the file name, not the content of the file.
You need to modify the contents of the "Response". You can replace the value of the page response with the value of your function.
I think the code would look something like this:
import org.apache.jmeter.util.JMeterUtils;
import org.apache.jmeter.samplers.SampleResult;
prev.setResponseData(extract_markets(vars.get('ChannelData_UAT_1')));
Source:
http://www.javadocexamples.com/java_examples/org/apache/jmeter/samplers/SampleResult/

Categories

Resources