Underscore parameter for ping and negotiate - javascript

Where is the underscore parameter generated from on SignalR URLs?
e.g. the XHR GETs to /signalr/negotiate?_=1234561234 and /signalr/ping?_=789012341234
It doesn't appear to be passed from the server so I am wondering if it is a purely client side generated value?
I am asking as am I attempted to write a script to performance test the application but I do not know what to use for these parameter values. I guessed that this might be randomly generated but I wish to confirm or disconfirm this. Usually these are based on time, but they don't seem to be the usual UNIX epoch time format.
Please answer with specific reference to SignalR and if possible the code snippet where this is generated.

Most libraries when provided a no caching flag use _ as a key to suffix random query parameter to avoid url caching.
e.g if in jQuery, you do $ajaxSetup -> cache:false, then a key _ with value equal to current timestamp gets appended in every url call.
So yes, this is most probably client side addition.

Related

Culture-sensitive string sorting

In my .NET c# code, I would like to sort some strings - specifically, currently my app support two locales, English and Chinese (possibly more in future). And I would like to return a list of names to the client side.
right before the list of strings is returned to the client, I would like to sort the strings.
I basically need to do what Javascript does for "localeCompare". Is that something that can be done on the C# code? I found some thing related to CultureInfo, but it seems to me that I need to set that value dynamically.
There is a Sort overload, accepting an IComparer, that can be used culture aware.
Your client should pass it‘s desired language via Accept-Language request-header when requesting the API or it could be a claim or setting for the logged in user.
Here is an example within your controller on the API side:
var requestLanguage = "zh-Hans"; // pass the correct one
namesList.Sort(StringComparer.Create(new CultureInfo(requestLanguage), true));
The true parameter indicates that it’s case sensitive. You can find the cultureinfo on MSDN.
Docs about the String Comparer.

# character became %40 after setting in a $.param

I am using angularJS in my project. One of the function in my controller is to check if the inputted email already exist in the database.If it exists, the system will notify the user that it is already been used. To do that, I have to use $http with $params. However, even if the inputted email already exist, no feedback is given by the system. So I checked what's the value being checked by alerting the $params.
$scope.pop=function(email){
$params=$.param({
'email':email
})
alert($params)
}
I found out that the # character in the email became %40. For example: I input d_unknown#yahoo.com, it became d_unknown%40yahoo.com.
I tried to check the original data by:
$scope.pop=function(email){
alert(email)
}
And it looks fine, nothing changes.
How can I solve this?
It's the server's job to turn the URL encoded email address back into its original value. So your JavaScript is working perfectly, there's nothing to do there. Your server code is what needs to be fixed.
And if the application on the server isn't even decoding parameters before it's running the query against the database, it makes me feel like you may have some security issues to fix as well. Make sure that your parameters are decoded and cleaned before they are used in SQL queries. You can read more on cleaning parameters and SQL injection here.
Well, it's not really a problem, as you can see from RFC 2936, section 2.4:
For original character sequences that contain non-ASCII characters,
however, the situation is more difficult. Internet protocols that
transmit octet sequences intended to represent character sequences
are expected to provide some way of identifying the charset used, if
there might be more than one [RFC2277]. However, there is currently
no provision within the generic URI syntax to accomplish this
identification. An individual URI scheme may require a single
charset, define a default charset, or provide a way to indicate the
charset used.
However, if you really want to do this, you could use the method decodeURIComponent() to decode this URL this way:
var email = "d_unknown%40yahoo.com";
console.log(decodeURIComponent(email));
That is beacause all special characters get encoded.
But you can decode the string before you use it with decodeURIComponent() (in js, but there are functions for php and all the others to)

sending query strings using Javascript

suppose that I have two pages ( A and B ) , and I want to pass insensitive data from A to B , why I shouldn't set a query string variables containing my data in the target page URL(B) , and then retrieve my data from there using javascript (window.location.href) too , I mean why I should use PHP $_GET array ?
Putting my comments as the answer as suggested by OP,
php is server side, javascript is on client side.. Thumb rule- be it sensitive or insensitive data, use server side implementation for retrieving and changing..!
You can definitely use js.. it's more about perception, style and taste of your programming/coding(keeping this question in context). You can pass data using js(URLs as you have mentioned) or use server side implementation, it's up to you. However why server side should be preferred is because of security reasons, javascript can be modified at run time. But as you have stated the data is insensitive, you can absolutely go ahead with using js, if you feel comfortable with it.
And as #MonkeyZeus has commented, you could end up with ugly, long URLs. Especially if you have space(s) within a String that you are trying to pass as the data. It could look messy with (%20)s and stuff being added in the URL.

Executing self-contained javascript from.... javascript

I have javascript that is being generated at design time that needs to be executed to find a value at run time. The code is stored as a string in an object and I would like to be able to execute it and retrieve the value and then scrap the code. Is there a way to do this? Do I have to use eval()?
You can use eval(String)
Or use new Function (String)
Or use document.createElement
[edited]
Depend on how it was done your code
1 -
if those strings are saved in shared across different pages (with cookies or database), then SERVER-SIDE you can generate a tag <script> with the values ​​saved in a JSON for quick access.
2 -
If the strings are saved only at runtime (ie in pagination are not recoverable values) you may not need to save these values ​​in Strings, talves you can create a global Json in Window Object (eg. window.MyObjectGlobal), making the values ​​accessible at any time on the page (since there is no paging) - is idea can also be reused in case of using the SERVER-SIDE, combined with Ajax (ajax only to save the data in your database), or document.cookie (but will have to use document.createElement("script") or eval)
Good luck
Yes, you can do that using eval.
However, remember evalis evil and it could potentially introduce security risks.
Anyway, if you know what you're doing, that's the way to go

How does position of parameters in a Query string affect the page?

I have an application with most of the code written in javascript. I am encountering a strange problem. I have a query string and my app reads it to perform various actions. Yesterday I changed the ordering of the query string parameters and the application stopped working. If I put the original order back then it starts working. What could be the reason? I thought that the effect of ordering of parameters should not matter. But, apparently it does matter for some reason. I am still trying to dig out what can be the issue but wanted to know if any one here has encountered a similar problem?
Thanks.
A properly written application will find a given query parameter in any order and will not be order sensitive. It is possible though to have poorly written parsing code that would only find a given parameter at the beginning, at the end, or only if after some other parameter. Without seeing the code that parses the query parameters, we can't really say what problem it has, but it is possible to have poorly written code that is position-sensitive.
If you post the code that parses the query parameters and the query string that works and the one that doesn't, we could advise more specifically. You should also check to make sure that your query parameters don't have any characters in them that are supposed to be encoded that could be throwing things off.
I have seen that kind of problem when the developer used the query string, as is, as a key to a cached object. When the query string changed, the key was not the same and the cache mechanism was failing (due to another bug).
It should not be a problem. Something else causes the error. Or you have some dependencies on the location variable that contains the URL.

Categories

Resources