JDBC in Google Script "&" to "&" - javascript

When getting the values from MySql database in Google Spreadsheets using JDBC service and I get the ampersand character as & instead of &. I would like to know how should I make the call so I directly get & as value.
I am using the following connection: "jdbc:mysql://ip:port/server?useUnicode=true&characterEncoding=UTF-8". Also, I am using rs.getString() method to take the data from the query.
Thanks a lot!

I am not sure where you are outputting your data, but this is usually a cause:
In HTML, the ampersand character (“&”) declares the beginning of an
entity reference (a special character). If you want one to appear in
text on a web page you should use the encoded named entity “&”
This seems like a simple rule, but what about urls in HTML, javascript files, javascript in HTML, etc… Here’s a little guide to help clear up that ampersand HTML confusion:
Text in HTML:
<p>Jack & Jill ran up the hill.</p>
A link in HTML (or any HTML attribute value):
tired meme
A link in javascript:
window.location = 'http://google.com/?l=1&q=rick+roll';
If you’re using a web framework that escapes variables for you and you pass in a url as a variable into javascript, then you’ll have to make sure it doesn’t encode the ampersands. In Django, you would write something like this: window.location = '{{ url|escapejs }}';
Also, if this is inline javascript—in an HTML document, not a separate .js file—then you still shouldn’t escape the ampersand, which means the document will not validate as XHTML. Either throw it into a separate .js file or stop worrying so much about validating your code.
Inside an onclick in HTML:
<a href="#" onclick="window.location='?l=1&q=rick+roll';return false">
kablammo!
</a>
This is redundant to the second example, but worth pointing out since it’s javascript inside an attribute of an HTML tag.
Dynamically in Javascript (example using jQuery):
$('#result').text('Jack & Jill'); // .text() escapes the text for you
$('#result').html('Jack & Jill'); // .html() sets the HTML directly
document.getElementById('result').innerHTML = 'Jack & Jill';
Reference information: Click Here

Related

Passing C# Inline Variable to Javascript Function in ASP.Net Application

I have a very simple button click event in an ASP.Net application that calls a very simple javascript function to export the string of text passed to the function to a csv file. The button click event and the function it calls works perfectly if I pass it a raw string like this:
<button onclick="download_csv('TEST')">Download CSV</button>
However, if I pass a C# inline string variable like this, it breaks.
<button onclick="download_csv(<%=csvExport%>)">Download CSV</button>
This is the javascript function.
function download_csv(x) {
var hiddenElement = document.createElement('a');
hiddenElement.href = 'data:text/csv;charset=utf-8,' + encodeURI(x);
hiddenElement.target = '_blank';
hiddenElement.download = 'pricing.csv';
hiddenElement.click();
}
The csvExport variable is declared in the .cs file behind the .aspx file and it is filled with a simple string of text; I've actually got it set to "Test" right now for testing. I've tried wrapping csvExport with single quotes, but that doesn't seem to work either. I must be missing something really simple.
it is filled with a simple string of text
Strings require quotes, whether in C# or in JavaScript. Your hard-coded example has them:
<button onclick="download_csv('TEST')">Download CSV</button>
But your dynamic example doesn't:
<button onclick="download_csv(<%=csvExport%>)">Download CSV</button>
Look at your generated page source to see the value:
<button onclick="download_csv(Test)">Download CSV</button>
And the resulting syntax error in your browser's development console. (Both of which should always be the first place you look. If you're not familiar with your browser's development tools, press F12 in Chrome. There is a lot of development and debugging capability there.)
I've tried wrapping csvExport with single quotes
You don't show that attempt, but from that description it sounds like you tried to do that in the server-side code. Which would just output the string value "csvExport" but without quotes in your JavaScript code it would fail the same way for the same reason.
Just put your quotes back:
<button onclick="download_csv('<%=csvExport%>')">Download CSV</button>
Basically you're missing quotes around your text. You can debug this by using Chrome's dev tools to inspect the source of the page and see what .net is actually outputting.
Also, if your download link can ever contain user data, it's very important that you escape it to prevent XSS using HttpUtility.JavaScriptStringEncode
<button onclick="download_csv('<%= HttpUtility.JavaScriptStringEncode(csvExport) %>')">Download CSV</button>

Server side code encode characters automatically when used in Javascript

I have an MVC Application wherein on page load I am initializing javascript function call with a Model value received from the server.
Something like this :
myFunction('#Model.ServerUnicodeCharacters');
Now, when I set to value
Model.ServerUnicodeCharacters = 'Côte d'Ivoire'
Inside javascript I get "C &#244 ;te d&#39 ;Ivoire"
(Intentionally added space before semicolon to show the output)
Is there any way to skip this character encoding which is default in ASP.NET MVC?
try replacing:
myFunction('#Model.ServerUnicodeCharacters');
with:
myFunction('#Html.Raw(Model.ServerUnicodeCharacters)');
Taken from MSDN:
The Razor syntax # operator HTML-encodes text before rendering it to the HTTP response. This causes the text to be displayed as regular text in the web page instead of being interpreted as HTML markup.
MSDN Reference

Adding JavaScript Function with arguments to an element from code behind

Hi Guys I've been dealing with an estrange thing while trying to pass string parameters to a JavaScript function from code behind, this is what I have actually in code behind which is wrong:
thumbnail = "<a href = 'javascript:RemovePirctureDetail(" + field1 + ",'" + tempname + "');' class='label label-default' rel='tooltip'>Remove</a>";
So this is the bad result I'm getting in the browser:
Remove
Meas that for some reason when I try to pass the string parameter, the html comes out bad formatted. The result should looks like this:
Remove
I tried already send the quotation marks like this /' from code behind, it did not work neither. How can I achieve this?
Thanks.
string thumbnail = "Remove";`
You need to use \ to escape the quotes inside, not /..
With javascript attribute I wouldn't use single quote, because it could be messy
Try to change in this way:
thumbnail = "Remove";
PS: Actually, I would NEVER use single quotes with attributes, it will cause an HTML validation error, HTML is not well formed with single quotes for attributes (although with inspection tools you see double quotes.. because inspection tools have the need to work with a well formed HTML, so if you want to see the real HTML of your page, view the source code (generally the option is on right-click on the page)

Remove white spaces in html contents apart from using str.replace(/\s+/g, '');

I am developing a web application using codeigniter and am generating a letter content using html and javascript.What i do is that i get the html content using .html in javascript and assign it in a javascript variable and then remove white spaces using str.replace(/\s+/g, ' ') and then pass the content using jquery to my controller method so that i generate a PDF file format document as a response letter and then send it to user.When i post the content to my controller function and view them in a chrome console or using mozila firebug i see the post data but when i do var_dump in the controller function the content is empty and it only happens for some cases one or two.
Is there any better way i can do it without getting these few cases...
Thanks in advance,will be grateful
I have found a solution to my question
I ad to replace the white spaces with a hashtag(#) from my codeigniter view as
content_with_hashtag = content_with_hashtag.replace(/\s+/g, '#');
and then pass the data to the controller function via javascript and then to the controller i had to replace the hashtag(#) with a space as
$content_with_hashtag = $this->input->get_post('content_with_hashtag');
$content_with_hashtag = preg_replace('/#+/', ' ', $content_with_hashtag);
and i was able to generate the content in PDF format

Why does %26 get decoded to & when passed as a parameter to a JavaScript function from a link?

We've got a menu in out web app that uses <a> tags to load pages in the main frame.
A typical item in the menu would be something like:
<a target="mainframe" href="/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4">Menu Item 1</a>
We needed to add some JavaScript validation before the link is requested so I changed it to:
<a target="mainframe" href="javascript:validate('/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4')">Menu Item 1</a>
(I know that javascript:function in a link is bad practice but we use a 3rd party library to generate the menu so I can't change this part of the code)
Servlet1 expects:
param1='val1'
param2='servlet2?s2p1=val2%26s2p2=val3'
param3='val4'
Servlet1 then forwards to the value of param2 so Servlet2 expects:
s2p1='val2'
s2p2='val3'
However when I put an alert in my validate function to check what is passed in:
function validate(href) {
alert(href);
...validation code...
}
it is giving:
/servlet1?param1=val1&parma2=servlet2?s2p1=val2**&**s2p2=val3&param3=val4 (note the bold & which was %26 in the above function call)
The %26 is getting converted to an & when it is passed into the JS function which would not normally happen until the request is forwarded to Servlet2. Because the %26 has already been changed to an & the s2p2 request parameter gets picked up by servlet1 instead of servlet2.
Basically my question is why does the %26 get converted to a & at this point just by passing it as a parameter to the function from the href attribute when if you do onClick="validate('/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4')"
it stays as %26 as you'd expect?
<a target="mainframe" href="javascript:validate('/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4')">Menu Item 1</a>
Urgh. You have a URL, embedded in a URL, all embedded in another URL! That's too many levels of escaping for the human mind to cope with.This:
javascript:validate('/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4')
is itself a URL. Albeit a javascript: pseudo-URL, which you should never use. It is decoded to the JavaScript command:
validate('/servlet1?param1=val1&parma2=servlet2?s2p1=val2&s2p2=val3&param3=val4')
at which point you have already lost the %26. Now when you use that as a URL itself, it will fail.
Avoid multiple-encoding problems by moving the scripting out into a JavaScript block (or external script) instead of an HTML attribute:
<a target="mainframe" class="validateme" href="/servlet1?param1=val1&parma2=servlet2?s2p1=val2%26s2p2=val3&param3=val4">Menu Item 1</a>
(Note here also the necessary HTML-escaping of ampersands.) Then from script do:
// find 'validateme' links and add event handler
//
for (var i= document.links; i-->0;)
if (document.links[i].className==='validateme')
document.links[i].onclick= validate;
Then in your validate function simply return true if all is OK and you want the link to be followed, or false to stop it.
No, the %26 is (correctly) interpreted as & when the HTML file is first read into the browser, and not when passed into the JavaScript function. If you want the literal sequence of characters "percent two six", then you must encode that as %2526.
The javascript: protocol is still considered a valid URL, so the browser is properly encoding it. It's easy to decode it in your Javascript...
alert(decodeURIComponent(href));

Categories

Resources