How to prevent liberty from converting "+" to " " in URL - websphere-liberty

We had an issue where clients were sending "+" as part of a parameter value without percent-encoding it. After digging in, it looks like converting "+" to " " is from HTML form encoding, but not part of the URL spec.
I found https://www.ibm.com/mysupport/s/question/0D50z00005phvXb/urls-with-or-2b-in-the-path-or-query-are-incorrectly-decoded-to-space?language=en_US which sounds exactly like what we're hitting, but with Liberty 19.0.0.8 (and probably for some time), even excpicitly setting decodeUrlPlusSign="false" doesn't seem to help.
That is, when we call req.getParameter(queryParameterName) it is returning the value with a " " instead of a "+".
I'm setting it in server.xml as follows:
<webContainer disableXPoweredBy="true" decodeUrlPlusSign="false" />
What exactly is decodeUrlPlusSign supposed to do? Is it working as expected?

Related

How to remove "amp;" from getting sent in XML?

i have a string "Travel & Hospitality". like this.
When i sent it through XML API the output is like below.
"Travel & Hospitality"
i tried removing it with ruby code like below and sent it through XML.
"Travel & Hospitality".gsub("&","&").
<Specialization__c>Travel & Hospitality</Specialization__c>
even though gsub is removing "amp;" again while sending it through XML tags again the amp; word is coming.
How can i remove it.my desired output is
"Travel & Hospitality"
XML doesn't allow such a thing. & is not allowed to appear unescaped.
You could have an XML file like this instead:
<Specialization__c><![CDATA[Travel & Hospitality]]></Specialization__c>
That would work, but the problem is how to convince your XML output library to do something like that. It might not even be possible at all. (I might be wrong about that last part. I know nothing about ruby)

Populating an email with data from IBM i (AS400) screen

I'm trying to grab data from an AS400 screen & populate an email using that data but seem to have bumped into something I'm struggling to overcome. Here's a slice of what I have so far:
Dim polNo
polNo = GetText(10,18,10)
Dim wsh
Set wsh=CreateObject("WScript.Shell")
subSub1_()
sub subSub1_()
// Just doing this to check the text I have
SendKeys(polNo)
// Sent the eMail with the text
wsh.Run "mailto:testing#somemailbox.com?Subject=" & polNo
end sub
With the above, the resulting email subject line takes only the first word upto the first space. From what I've found, this is a parsing issue & have discovered the following line that should help.
polNo = Chr(34) + Replace(polNo,chr(34),chr(34)&chr(34))
The above line places all of the text in quotes (I know this because my SendKeys line now shows the GetText result with a " at the start.
The issue is when I reach the mailto line as Outlook pops up a window saying:
"The command line argument is not valid. Verify the switch you are using."
My end result will be an email that has a subject & a body with text taken from various parts of the screen.
Solved: Thanks to dmc below, he started me on the right line.
However, the solution was not to use Chr(34) but to use something as simple as:
polNo = Replace(polNo," ","20%")
Although it might not look like it, you're constructing a URL. As such, the contents of that URL must be URL Encoded. Certain characters can't be included in a URL, including a space. Those characters are represented with a percent sign followed by the ASCII code of the character in hexadecimal. For example, a space is changed to %20.
See the link below for a VBScript routine that will URL encode and decode strings.
http://www.justskins.com/forums/wsh-equivalent-of-server-38778.html
Edit: Although this is commonly known as URL encoding, the thing you're constructing is technically a URI. Wikipedia has a good page that explains further.

Trouble in passing "=" (equal) symbol in subsequent request - Jmeter

I newly started using jmeter.
my application returns an url with encryption value as response which has to be passed as request to get the next page. The encryption value always ends with "=" ex. "http://mycompany.com/enc=EncRypTedValue=". while passing the value as request, the "=" is replaced with some other character like '%3d' ex "http://mycompany.com/enc=EncRypTedValue%3d" . Since the token has been changed my application is not serving the request.
It took me a while to understand this, unlike other languages and environments in network standards URIs (URLs) do not use quotes or some escape characters to hide special characters.
Instead, a URL needs to be properly encoded by encoding each individual parameter separately in order to build the complete URL. In JavaScript encoding/decoding of the parameters is done with encodeURIComponent() and decodeURIComponent() respectively.
For example, the following:
http://example.com/?p1=hello=hi&p2=three=3
should be encoded using encodeURIComponent() on each parameters to build the following:
http://example.com/?p1=hello%3Dhi&p2=three%3D3
Note that the equal sign used for parameters p1= ... p2= remain as is.
Do not try encode/decode the whole URL, it won't work. :)
Do not be fooled by what is displayed on a browser address bar/field, that is only the human friendly string, the moment you copy it to the clipboard the browser will encoded it.
Hope this helps someone.
Your application has a problem then, because that's the way it should be sent. Url parameters should be encoded as specified in rfc3986. Browsers can do it automatically even, so that's something that should be fixed on your web app, if it is not working.
If data for a URI component would conflict with a reserved character's
purpose as a delimiter, then the conflicting data must be
percent-encoded before the URI is formed.
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "#"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
What you are experiencing is URL Encoding - = is a reserved character in URLs and you cannot just append it to your URL unencoded. It needs to be encoded. This obviously already happened in your case. On the server side the url parameters need to be decoded again. This is the job of the container normally, though.
Basing on your use case you may with to consider one of the following approaches:
You can use Regular Expression Extractor Post Processor to capture you response and store it to JMeter variable. As variables as Java Unicode Strings you shouldn't experience any problem with extra encoding of your "=" symbol.
JMeter provides __urldecode function which you can utilize to decode your request.
You can pre-process the request with kind of __Beanshell function or BeanShell preprocessor to decode the whole URL with something like:
URLDecoder.decode(vars.get("your_URL_to be decoded"),"encoding");
If your are adding encryption values in the subsequent request as request parameter then make sure 'Encoding?' is unchecked
Use quotes for your values. E.g. -Jkey="val=ue"

MSXML / XPath: special Characters

I'm reading and writing XML-files with Microsoft XML Core Services 6.0 (MSXML).
When writing element-content with "special" chars that have to be escaped
in the context of xml, like writing "&" as & i dont have to care
about this because MSXML does this conversion. This means, if i assign a text
to an element, e.g. oXMLElement.Text = "1 & 2" , MSXML actually writes
oXMLElement.Text = 1 & 2 when i create a XML-file. Thats pretty nice
and saves me some work.
Now, what i want to do, is to "de-mask" XML-strings
automatically. So, i read from a XML-file with the selectNodes-method, which
works by adding an XPath-statement, e.g. //ns:element/text(). Unfortunately,
the result-string i get looks like 1 & 2 and not like 1 & 2. Is there
a way to tell the MSXML-object or maybe the XPath-statement to give me an
"de-masked" string? I´m using MSXML with ObjectPal / Paradox, so the best
solution would be a method from the MSXML-library or a "special" XPath-
statement.
What you're seeing is the "escaped" XML notation for the text. This is what you should see if you use the .xml property to retrieve the string.
To get the string without the escapes, use .nodeValue.

Freemarker Interpolation stripping whitespace?

I seem to be having issues with leading/trailing spaces in textareas!
If the last user has typed values into a textarea with leading/trailing spaces across multiple lines, they all disappear with exception to one space in the beginning & end.
Example:
If the textbox had the following lines: (quotes present only to help illustrate spaces)
" 3.0"
" 2.2 "
"0.3 "
it would be saved in the backend as
"<textarea id=... > 3.0/n 2.2 /n0.3 </textarea>"
My template (for this part) is fairly straightforward (entire template, not as easy...): ${label} ${textField}
When I load up the values again, I notice getTextField() is properly getting the desired string, quoted earlier... But when I look at the html page it's showing
" 3.0"
"2.2"
"0.3 "
And of course when "View Sourcing" it doesn't have the string seen in getTextField()
What I've tried:
Ensure the backend has setWhitespaceStripping(false); set
Adding the <#ftl strip_whitespace=false>
Adding the <#nl> on the same line as ${textField}
No matter what I've tried, I'm not having luck keeping the spaces after the interpolation.
Any help would be very appreciated!
Maybe you are inside a <#compress>...</#compress> (or <#compress>...</#compress>) block. Those filter the whole output on runtime and reduce whitespace regardless where it comes from. I recommend not using this directive. It makes the output somewhat smaller, but it has runtime overhead, and can corrupt output in cases like this.
FreeMarker interpolations don't remove whitespace from the inserted value, or change the value in any way. Except, if you are lexically inside an <#escape ...>....</#escape>, block, that will be automatically applied. But it's unlikely that you have an escaping expression that corrupts whitespace. But to be sure., you can check if there's any <#escape ...> in the same template file (no need to check elsewhere, as it's not a runtime directive).
strip_whitespace and #nt are only removing white-space during parsing (that's before execution), so they are unrelated.
You can also check if the whitespace is still there in the inserted value before inserting like this:
${textField?replace(" ", "[S]")?replace("\n", "[N]")?replace("\t", "[T]")}
If you find that they were already removed that probably means that they were already removed before the value was put into the data-model. So then if wasn't FreeMarker.

Resources