I'm sending a parameter to my Controller via json which contains and ampersand and the string gets cut off after that character. Been searching for hours and cannot find a solution.
JavaScript
var url = '/Common/DownloadFile?fileName=Me&You.xlsx';
$.ajax({
type: 'POST',
url: url,
data: {},
success: function (data) {}
});
Controller
public ActionResult DownloadFile(string fileName)
{
// Here the param is coming in as 'Me'
// Code removed for clarity
}
In urls & needs to be escaped because it is used to add new params like
http://hello.com"?fileName=Something&otherFileName=SomethingElse
You need to escape the ampersand by percent encoding it like this:
/Common/DownloadFile?fileName=Me%26You.xlsx
Here is more information on url parameter escaping escaping ampersand in url
The ampersand is used to separate arguments in a URL. If you want the ampersand to be part of a parameter value, you need to URLencode it using a method like encodeURIComponent().
In this particular case, the encoded version of Me&You.xslx would be Me%26You.xlsx. If you specify that in your GET request your application should get the expected value.
Related
let jsonString = JSON.stringify(json);
console.log(jsonString); //prints {"5667787":"currentTaxless":99.82,"current":123.78}}
GM.xmlHttpRequest({
method: "POST",
url: "https://exampleau.tld",
data: jsonString,
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
onload: function(response) {
//stuff
}
});
Hi,
I am starting to feel myself stupid. I haven't found any way to feed into data regular object/array or json, no matter what I did (changed headers, added dataType, feed that json variable) - the data was not posted. Only this solution posts data. In the Greasemonkey documentation there is nothing about feeding plain json.
The problem is, that on backend, when I receive such a data - it is:
an array with single key and no value
the key is html_entity_encode(d) string
where dots in float numbers are replaced with underscores. This is what I am getting:
{"5667787":{"currentTaxless":99_82,"current":123_78}}
Qusetion: What am I doing wrong or how to post without a hassle or receive normally formatted posted data without a hassle using Greasemonkey???
Versions: Greasemonkey v4.11
Firefox v81
Nevermind.
The solution is not to
data: jsonString,,
but rather explicitly put json string under some key as value like this
data: 'data=' + jsonString,
Ok I have been manipulating this string for hours! So any help is greatly appreciated
I am trying to simply make a post call and generate a password. The api is setup to take in a string a parses the json formatted string itself.
private headers = new HttpHeaders({ 'Content-Type': 'application/json' });
constructor(http: HttpClient) {
var url: string = 'https://eus-safeaccounts-test.azurewebsites.net/' + 'passwords/generate';
var body: string = '"{\"regex\":\"[a-zA-Z0-9]\",\"minLength\":8,\"maxLength\":12}"';
http.post<string>(url, body, { headers: this.headers }).subscribe(result => {
this.signUpResponseStr = result["password"];
}, error => console.error(error));
}
This call returns code 400 bad request. (I think because the text is not being seen as json?)
However, if we set body = '""'; then we get a password sent back from the api no problem. It is seen as an empty string on API side and then they give us a password. Exploring further I tried setting body = '"abc"'; because that is a string not following json format. In this case, we DO NOT get bad request 400, but the api recognizes bad json format and returns Invalid Json
My Question:
What should the body string look like for me to send this request? The API is open so anyone can reproduce and the API code shouldn't have anything to do with the 400 bad request issue, as we can see from my explorations, but the code is here https://github.com/nickpavini/SafeAccountsAPI.
Thanks for any help! :)
EDIT: I also tried sending as JSON type and I also tried JSON.stringify() with no luck
Found it. The string is a bit tricky to understand but hopefully this will help others.
body = '"{\\"regex\\":\\"[a-zA-Z0-9]\\",\\"minLength\\":8,\\"maxLength\\":12}"'
In this case it seems that the body contains a string. (the actual string that will be received by the server)
Inside that string, whenever we need the server to see a " that does not close the string, we must pass an actual backslash \\ and then a ". We do not need 3 backslashes in this case because the single quote ' at the beginning makes sure all paranthesis are included.
Note: Test this with the api in question if it seems weird to you. I think it has to do with the api implementation.
Probably body should not be double quoted, and should look instead like...
var body: string = '{"regex":"[a-zA-Z0-9]","minLength":8,"maxLength":12}'
In the CF 2016 Administrator page, by selecting the check box "Prefix serialized JSON with" //ABC (form example), it will break the function below, because it will add the string //ABC to the JSON
How can we remove the prefix //ABC before parsing the JSON, please?
<cffunction name="searchData" access="remote" returnformat="JSON">
<cfquery name="getData" datasource="#dataSource#">
SELECT *
FROM aTable
</cfquery>
<cfreturn serializeJSON(getData)>
</cffunction>
Thank you for your help
We have an option for this prefix Serialized JSON uncheck the Prefix serialized JSON with options in our admin comes under the options cfadmin - > Server Settings - > setting table you can see that options. FYR, Please refer my below images & sample codes,
Before uncheck the prefix option:
<cfset struct = {"name":"thiraviam", "age":24}>
<cfdump var="#serializeJSON(struct)#">
Output:
//abc{"name":"thiraviam","age":24}
After uncheck the prefix option:
<cfset struct = {"name":"thiraviam", "age":24}>
<cfdump var="#serializeJSON(struct)#">
Output:
{"name":"thiraviam","age":24}
[]
I hope it's help you more. Thank you !
You did not provide how you are calling this service. Regardless, all you need to do when calling a service which prefixes the JSON data is remove the prefixed data before processing the response. Below is an example using jQuery to make an AJAX call to such a service.
For jQuery AJAX the key for this is to use the dataFilter option. The dataFilter option gives you access to the raw response so it can be sanitized.
A function to be used to handle the raw response data of XMLHttpRequest. This is a pre-filtering function to sanitize the response. You should return the sanitized data. The function accepts two arguments: The raw data returned from the server and the 'dataType' parameter.
From the jQuery documentation
Here is an example. Notice how the dataFilter in this case is removing the first 2 characters from the response with this code; data.substr(2). For your example you would need to increase that to 5 in order to remove //ABC.
$.ajax({
type: 'POST',
cache: false,
data: {property1:'somevalue',property2:'someothervalue'},
dataFilter: function(data, type) {return data.substr(2)},
dataType: 'json',
url: 'https://www.somedomain.com/api/service/',
success: function(data, stat, resp) {
if(!data.error) {
// good return so do what you need to do
// this is assuming the service returns an 'error' field
// the JSON data is accessible by using data.fieldname format
} else {
// bad return so trap it
}
},
error: function(resp, stat, err) {
// service call failed so trap it
}
});
I'm trying to call my ServiceNow JSON web service. I'm getting an unexpected error when I execute URLFetchApp. I'm guessing I'm passing in the authorization headers in the wrong way but both the GAS and ServiceNow documentation is beyond terrible. I've seen some of the other SO questions similar to this but none have worked. Any help would be appreciated.
function getOpenTickets(){
var headers = {
"Authorization":"Basic RgRJ5U6EsxHt00229KX5Hj0WV1z18q08==",
"Content-Type":"application/json",
"Username":"myusername",
"Password":"mypassword"
}
var url = "https://mysninstance.service-now.com/u_equipment_repair.do?JSONv2=&sysparm_view=vendor&displayvalue=true&sysparm_action=getRecords&sysparm_query=state=500^assignment_group.name=MyGroup^ORDERBYDESCnumber";
var url = encodeURIComponent(url);
var options = {
"method":"get",
"headers":headers
}
var result = UrlFetchApp.fetch(url,options);
Logger.log(result.getContentText());
}
OK so I found the solution. There were actually two problems.
The first was with the way I was passing the authorization headers. I was passing the basic authentication as an already encoded base64 string, on top of which I was still passing the username and password which was redundant. For whatever reason Google Apps Script (GAS) doesn't like this. Once I changed the headers and the options as shown below it was fine.
The second problem was the the URI encoding. The query string did need to be encoded because of the caret "^" symbols, but for whatever reason GAS's encodeURIComponent was not encoding it properly. As soon as I manually replaced the caret symbols with their URL encoded equivalents , which is "%5E", everything worked fine and I was able to retrieve my ServiceNow data via Google Apps Script.
function getOpenTickets3(){
var headers =
{
Authorization : "Basic " + Utilities.base64Encode('myusername:mypassword'),
"Content-Type":"application/json"
}
var options =
{
"method" : "get",
"headers": headers
};
var url = "https://mysninstance.service-now.com/u_equipment_repair.do?JSONv2=&sysparm_view=vendor&displayvalue=true&sysparm_action=getRecords&sysparm_query=state=500%5Eassignment_group.name=Somevendor%5EORDERBYDESCnumber";
var result = UrlFetchApp.fetch(url,options);
Logger.log(result.getContentText());
}
You are URI encoding your entire URL in this line:
var url = encodeURIComponent(url);
In your URL, the base path needs to be unescaped when passed to fetch(...):
https://mysninstance.service-now.com/u_equipment_repair.do
Each parameter following the ? is a URI component, like:
sysparm_view=vendor
In this case, the parameter name is sysparm_view and the value is vendor, you would need to URI encode the value (vendor) if it contained special characters like one of /?&.
In the static URL you provide, there's actually nothing that needs to be encoded, so removing that call to encodeURIComponent(url) should work.
If you are dealing with dynamic values for your URL parameters, then you'd want to URI encode each parameter value separately, before concatenating onto the main string.
I'm new to MVC3 framework (and .NET overall; Java veteran), so bear with me, but here goes:
Input submitted to a Controller as JSON doesn't seem to be subject to the HttpRequestValidation -- Does that sound right?
I realize if you're receiving data input via JSON you're possibly already doing more work with it, but the Controller Action doesn't seem to necessarily know whether it has JSON data at that point; input values are mapped to parameters just as they would be if they were standard POST params.
Example - I'm asynchronously submitting JSON data to my Controller like the following:
var data = { "title": $titleField.val(), "content": $textArea.val(),
"location": $location.val()
};
$.ajax(submitUrl,
{
type: "POST",
contentType: "application/json; charset=utf-8",
complete: function (data) {
//blah blah
},
dataType: 'json',
data: JSON.stringify(data)
});
}
I then receive the input in my Action:
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult New(string title = "", string content = "", string location = "")
{
//yada yada
}
Doing this, params are mapped and the user can easily send tags, etc. I'm not turning ValidateInput off, and if I submit with a standard POST and remove the Stringify, it throws the error as expected. Any good reason why JSONified data would skip validation?
Edit - More specific question: If JSONified data will pass HttpRequestValidation, how can we protect against the event where someone would intentionally mock a request to send JSON data instead of post params? I haven't found a way to force the Action method to differentiate between params passed as JSON vs. those passed non-encoded.
Got an answer for my question over on asp.net - See 2nd response.
Solution involves replacing the default ModelBinder.
Any good reason why JSONified data would skip validation?
JSON is encoded => so it ensures that what transits over the wire is safe. When you use JSON.stringify all dangerous characters are encoded.