Javascript escape Asp.net encoding - javascript

I have an html textbox and am entering double quotes in the text box.
E.g
I "a a person
I am using the Javsacript escape function and it encodes the quote to %22 which is correct
To the last point before hitting the server I have %22 but when I get it at the server by Request as follows:
Request["myJson"].Trim();
The %22 is converted back to "
Please help

You'd better not use escape, cause it is deprecated. Use similar function encodeURIComponent.
I don't know, what for do you need escaped string on the server, but if you really need it, just apply this function twice.

You can do all of the character escaping on the server-side if you want using HttpContext.Current.Server.UrlEncode(Request["myJson"].Trim());

Related

JSON not transferring "+" character to CGI script

I am currently working on a personal project, where I have to deal with some chemical formulas;
I have a form with JavaScript where I enter these formulas; The formulas are entered in a LaTeX-like style for super- en subscript.
An example formula can be found below:
Fe^{3+}
When I use JavaScript to read the form and console.log(); the formula is working as expected.
However if I send the formula to the back-end (Python with CGI), the + character seems to have disappeared and been replaced with a space.
I thought it had something to do with escaping the character, since parts of the formula look a lot like regex's, but after looking around, I couldn't find anything that would suggest that I had to escape the + character.
And now I have absolutely no idea how to resolve this... I could use a different character and replace it on the back-end but that seems like it is not the optimal solution...
Most important question: How did you invoke the CGI script?
With HTTP GET or HTTP POST?
If you're using HTTP POST and the data was being transferred in the HTTP Data portion, then you don't need to escape the "+" sign.
But if you're using HTTP GET, then the "+" sign will first be translated according to URL encoding standard (thus, "+" becomes a space), before transferred to the CGI script.
So in the latter scenario, you need to escape the "+" sign (and other 'special' characters such as "%" and "?").

Javascript RegExp being interpreted different from a string vs from a data-attribute

Long story short, I'm trying to "fix" my system so I'm using the same regular expressions on the backend as we are the front (validating both sides for obvious security reasons). I've got my regex server side working just fine, but getting it down to the client is a pain. My quickest thought was to simply store it in a data attribute on a tag, grab it, and then validate against it.
Well, me, think again! JS is throwing me for a loop because apparently RegExp interprets the string differently depending how it's pulled in. Can anyone shine some light on what is happening here or how I might go about resolving this issue
HTML
<span data-regex="(^\\d{5}$)|(^\\d{5}-\\d{4}$)"></span>
Javascript
new RegExp($0.dataset.regex)
//returns /(^\\d{5}$)|(^\\d{5}-\\d{4}$)/
new RegExp($($0).data('regex'))
//returns /(^\\d{5}$)|(^\\d{5}-\\d{4}$)/
new RegExp("(^\\d{5}$)|(^\\d{5}-\\d{4}$)");
//returns /(^\d{5}$)|(^\d{5}-\d{4}$)/
Note in the first two how if I pull the value from the data attribute dynamically, the constructor for RegExp for some reason doesn't interpret the double slash correctly. If, however, I copy and paste the value as a string and call RegExp on the value, it correctly interprets the double slash and returns it in the right pattern.
I've also attempted simply not escaping the \d character by double slashing on the server side, but as you might (or might not) have guessed, the opposite happens. When pulled from attributes/dataset, the \ is completely removed leading the Regex to think I'm looking for the "d" character rather than digits. I'm at a loss for understanding what JS is thinking here. Please send help, Internet
Your data attribute has redundant backslashes. There's no need to escape backslashes in HTML attributes, so you'll actually get a double-backslash where you don't want one. When writing regular expressions as strings in JavaScript you have to escape backslashes, of course.
So you don't actually have the same string on both sides, simply because escaping works differently.

Why is my JSON returning escape code for a single quote (apostrophe)

I'm receiving JSON data from server that contains text which should have an apostrophe but instead I see the escape code for an apostrophe. Is this an issue with the way the JSON is formatted?
This is how I have it on server-side:
[{"testJ":6387,"title":"This is JSON's return",}]
This is what I'm getting back:
[{"testJ":6387,"title":"This is JSON's return",}]
If I have not provided enough detail, please let me know and I will try to add more information.
Your JSON is almost valid, but you have a problem, you have add one comma that shouldn't be there. (the last comma).
You can check this using a JSON validator site like
http://www.freeformatter.com/json-validator.html
http://jsonformatter.curiousconcept.com/
http://jsonlint.com/
On the other hand, think that the apostrophe is a way to enclose text, so what you are using to parse the JSON is what is having the problem. Try to put an escape character before the apostrophe, so should be like this on the server side
[{"testJ":6387,"title":"This is JSON\u0027s return"}]
For more information you can refer to the RFC https://www.ietf.org/rfc/rfc4627.txt and in section 2.5 you will find more information.

How can I use the '&' as a search criteria in a url

This is my first post, so don't mind me if it is a repeat, but I couldn't find an answer.
I'm working with javascript/html/abl/css, etc and I have to be able to use the & as a search criteria.
I need a way to get something like http://this.com/mode=results&action=search&result='&'& to work.
The problem that I'm having is that the url keeps interpretting it like a seperator, and the page breaks. I've tried to convert it to a %26 or a & to try and keep it in the search, but then it won't find my search. I looked at google's url when search for & and it's replace by %26. Any opinions?
Thanks, Sheldon.
Use the javascript encodeURIComponent() Function.
http://www.w3schools.com/jsref/jsref_encodeuricomponent.asp
You will need to escape & in the URL in order for the character to not be treated as a separator. And as you stated, the correct encoding is %26. Perhaps you need to make an additional change on the server to ensure the encoded char is processed correctly?

Escaping double hyphens in Javascript?

I have a Javascript bookmarklet that, when clicked on, redirects the user to a new webpage and supplies the URL of the old webpage as a parameter in the query string.
I'm running into a problem when the original webpage has a double hyphen in the URL (ex. page--1--of--3.html). Stupid, I know - I can't control the original page The javascript escape function I'm using does not escape the hyphen, and IIS 6 gives a file not found error if asked to serve resource.aspx?original=page--1--of--3.html
Is there an alternative javascript escape function I can use? What is the best way to solve this problem? Does anybody know why IIS chokes on resource.aspx?original=page--1 and not page-1?
"escape" and "unescape" are deprecated precisely because it doesn't encode all the relevant characters. DO NOT USE ESCAPE OR UNESCAPE. use "encodeURIComponent" and "decodeURIComponent" instead. Supported in all but the oldest most decrepit browsers. It's really a huge shame this knowledge isn't much more common.
(see also encodeURI and decodeURI)
edit: err just tested, but this doesn't really cover the double hyphens still. Sorry.
Can you expand the escape function with some custom logic to encode the hypen's manually?
resource.aspx?original=page%2d%2d1%2d%2dof%2d%2d3.html
Something like this:
function customEscape(url) {
url = escape(url);
url = url.replace(/-/g, '%2d');
return url;
}
location.href = customEscape("resource.axd?original=test--page.html");
Update, for a bookmarklet:
Link
You're doing something else wrong. -- is legal in URLs and filenames. Maybe the file really isn't found?
-- is used to comment out text in a few scripting languages. SQL Server uses it to add comments. Do you use any database logic to store those filenames? Or create any queries where this name is part of the query string instead of using query parameters?

Categories

Resources