Javascript Decryption during Download - javascript

I'm building an ASPX website that should allow the user to download a CSV/Excel file (including the 'Save To' dialog). The CSV contains encrypted data - the decryption key is available at user side and should be kept secret against the webservice.
So decryption actually should be performed within the browser, a javascript implementation (sjcl) has proofed to work fine.
But how can the incoming datastream during a file download be influenced? Something like a browser hosted proxy performing the javascript decryption?
#closure: thanks a lot! Ajax is no problem, and the idea
<a href='data:application/csv;base64,aGVsbG87d29ybGQNCg=='>click</a>
is really cool, but it has two problems: it seems not work with IE and it is not the right approach for really huge tables. The solution should be able to handle many thousands of records, therefore we need some sort of download stream encoder/decrypter.

Here are the steps to achieve this:
Instead of downloading the CSV directly to the client machine, fetch it via ajax
Once the data is received in via Ajax, parse the CSV via many available functions on internet. Let me know, if you need help on this. This function will convert the CSV to native Javascript Arrays.
Walk through the Array and covert the encrypted data to unencrypted data. Do it natively in the same Array.
Convert the array to CSV (Again there are functions in public domain)
Make a link (a element) and set the href to local data like data:text/csv;charset=utf-8, + encodeURIComponent(csv)
Present this link to the user and ask him to click on it to save the file locally.

Related

Client vs server image process and shown

Client vs server imagen process.
We got a big system which runs on JSF(primefaces) EJB3 and sometimes JavaScript logic (like for using firebase and stuff).
So we run onto this problem, we have a servlet to serve some images. Backend take a query, then extract some blob img from DB, make that BLOB into array of bytes, send it to browser session memory and servlet take it to serve it in ulr-OurSite/image/idImage. Front end calls it by <img>(url/image/id)</img> and works fine so far.
Then we are using a new direct way to show img, we send BLOB/RAW data to frontend and there we just convert them into Base64.imageReturn. and pass it to html.
Base64 codec = new Base64();
String encoded = codec.encodeBase64String(listEvidenciaDev.get(i).getImgReturns());
Both work, for almost all cases.
Note: We didn't try this before because we couldn't pass the RAW data through our layers of serialized objects and RMI. Now we can of course.
So now there are two ways.
Either we send data to servlet and put it on some url, which means the backend does all the job and frontend just calls url
or we send data to frontend which is going to make some magic and transform it to img.
This brings 2 questions.
If we send to frontend RawObject or make them call URL to show his image content, final user download the same amount of data? This is important because we have some remote branch offices with poor internet connection
Is worth pass the hard work to frontend (convert data) or backend (convert and publish)?
EDIT:
My questions is not about BLOB (the one i call RAW data) being bigger than base64
It is; passing the data as object and transform it to a readable picture is more heavy to internet bandwidth than passing a url from our servlet with the actual IMG and load it on html ?
I did choose to close this answer because we did some test and it was the same bandwidth usage on front end.
Anyway we make use of both solutions
If we dont want to charge frontend making a lot of encode we set a servlet for that images (that comes with more code and more server load). We look for the best optimization on specific cases.

How can you access the HTTP response from a server using client-side JavaScript?

I'm trying to do client-side processing of some data sent in a server's HTTP response.
Here's what I'm working with: I have a web application that sends commands to a backend simulation engine, which then sends back a bunch of data/results in the response body. I want to be able to access this response using JavaScript (note..not making a new response, but simply accessing the data already sent from the server).
Right now, I am able to do this via a kludgy hack of sorts:
var responseText = "{{response}}";
This is using Django's template system, where I have already pre-formatted the template context variable "response" to contain a pre-formatted string representation of a csv file (i.e., proper unicode separators, etc).
This results in a huge string being transmitted to the page. Right now, this supports my immediate goal of making this data available for download as a csv, but it doesn't really support more sophisticated tasks. Also, I'm not sure if it will scale well when my string is, say, 2 MB as opposed to less than 1 KB.
I'd like to have this response data stored more elegantly, perhaps as part of the DOM or maybe in a cache (?) [not familiar with this].
The ideal way to do this is to not load the csv on document load, either as a javascript variable or as part of the DOM. Why would you want to load a 2MB data every time to the user when his intention may not be to download the csv everytime?
I suggest creating a controller/action for downloading the csv and get it on click of the download button.

Is fetching remote data server-side and processing it on server faster than passing data to client to handle?

I am developing a web app which functions in a similar way to a search engine (except it's very specific and on a much smaller scale). When the user gives a query, I parse that query, and depending on what it is, proceed to carry out one of the following:
Grab data from an XML file located on another domain (ie: from www.example.com/rss/) which is essentially an RSS feed
Grab the HTML from an external web page, and proceed to parse it to locate text found in a certain div on that page
All the data is plain text, save for a couple of specific queries which will return images. This data will be displayed without requiring a page refresh/redirect.
I understand that there is the same domain policy which prevents me from using Javascript/Ajax to grab this data. An option is to use PHP to do this, but my main concern is the server load.
So my concerns are:
Are there any workarounds to obtain this data client-side instead of server-side?
If there are none, is the optimum solution in my case to: obtain the data via my server, pass it on to the client for parsing (with Javascript/Ajax) and then proceed to display it in the appropriate form?
If the above is my solution, all my server is doing with PHP is obtaining the data from the external domains. In the worst (best?) case scenario, let's say a thousand or so requests are being executed in a minute, is it efficient for my web server to be handling all those requests?
Once I have a clear idea of the flow of events it's much easier to begin.
Thanks.
I just finish a project to do the same request like your req.
My suggestion is:
use to files, [1] for frontend, make ajax call to sen back url; [2] receive ajax call, and get file content from url, then parse xml/html
in that way, it can avoid your php dead in some situation
for php, please look into [DomDocument] class, for parse xml/html, you also need [DOMXPath]
Please read: http://www.php.net/manual/en/class.domdocument.php
No matter what you do, I suggest you always archive the data in you local server.
So, the process become - search your local first, if not exist, then grab from remote also archive for - 24 hrs.
BTW, for your client-side parse idea, I suggest you do so. jQuery can handle both html and xml, for HTML you just need to filter all the js code before parse it.
So the idea become :
ajax call local service
local php grab xm/html (but no parsing)
archive to local
send filter html/xml to frontend, let jQuery to parse it.
HTML is similar to XML. I would suggest grabbing the page as HTML and traversing through it with an XML reader as XML.

Embed PDF w/POST Parameters

I need to pass a bunch of parameters to a web API method which returns a byte array that is needed to display a PDF report on a page. I tried doing this via a GET method but the query string is too long and it throws an exception. I have tried shortening the query string as much as physically possibly but it is still too long. All of the external PDF viewer libraries require a string path to the PDF. I need something that allows me to supply a string path and some parameters or just a string path but that uses a POST instead of a GET. I was thinking about POSTing the object values to the web API along with a GUID and storing it somehow on the server then with an tag calling another API method and retrieving the stored data by only passing the GUID as a parameter but I don't want to make a database table for only that to save and retrieve the data. I entertained the idea of saving the byte array to a PDF on the server and then simply pointing a PDF viewer to that after but I had no success with that either and that is not ideal.
File.WriteAllBytes(path, res);
The code above is the most common way I have found to save the file but when I open the new PDF file after it says it is corrupt and it won't allow me to open it. Ideally I would just find a method that allows me to POST data to my web API then embeds the result in a pdf.js/pdfObject/ control. Please help, this has stumped me for days. Thanks in advance!!

Process cross domain xml

In a web project using jsp, I have following requirement
Upload a file (say an image) to a different domain, which returns an xml that includes details of uploaded file (eg: path of uploaded image etc).
How do I capture this xml to save details in db?
I cannot do a normal html form submit, since I lose control after that. So I tried to implement this by setting form target to an iframe. But I cannot process contents of iframe?
Any suggestions how I can accomplish this?
Can I process this using yql?
Yes, you can do this using YQL. Not easy though, and you'll need to set up your own YQL table.
Each YQL table is a XML file describing how to operate on data. The YQL XML specification allows you to define an <execute> element that you can use to write JavaScript code that does almost anything.
Inside this <execute> block, you can use the y.rest object to POST data somewhere else.
You'll probably have to encode the file using base64 to be able to actually POST data using the YQL syntax, something like INSERT INTO mywebsite.files (name, data) VALUES ('foo.png', 'KBB987987JJBHBGV==') (second param is a illustrative base64-encoded file).
Assuming the server you are submitting the file to is not under your control (so you can't use CORS), you have proxy the request through your own server.
You can't use YQL as you can't make post requests with it.

Categories

Resources