Go rendering URL RowQuery string in a template - different behaviours - go

I 'm new to go and I got my mind stuck with something pretty trivial, so I ask for your help, maybe anyone knows why this behaviour happens:
I want to output the query params string of an url object in a template, but apparently because of the "?" char placed in front of the variable, the (whole) output is url encoded. Does question mark has a special meaning in go templates?
instead of param1=value1&value2=param2, output is param1%3dvalue1%26value2%3dparam2
Example in go playground

The Go documentation of the html/template package explains the behaviour (https://golang.org/pkg/html/template/):
The security model used by this package assumes that template authors are trusted, while Execute's data parameter is not. More details are provided below.
The thing about this is that you should really think twice about why you don't want Go to apply this security behaviour to your template.
Then, if you're really sure you don't want to escape the string use template.URL intead of a string: https://play.golang.org/p/kfv2tH6WDG

Related

BotComposer, how to iterate through the characters of a string using lg language?

We need to extract a number from a phrase. For example:
"hey, 1234" -> "1234"
"ok, 4567" -> "4567"
"b3456f" -> "3456"
But we don't found how to iterate through a string using only language generator of the Bot Composer.
We try things like:
join(foreach(createArray("ab c"), x, concat(x, '-')), '')
But with no result... is there any prebuild function that converts a simple string on an array of chars, so we can iterate char by char using foreach?
Thanks!
As far as I know, this currently isn't possible as there's no way to iterate over a string or split a string into a new array by character. I've opened a GitHub issue to request it as an enhancement.
For:
"hey, 1234" -> "1234"
"ok, 4567" -> "4567"
You can use split().
Unfortunately, you're out of luck for your "b3456f" -> "3456" example, unless you know it's going to come in that exact format, in which case, you could use substring().
You could maybe look into using a Regex to do this, if you know the formats will be pretty controlled, but another option is to look at the LUIS language understanding services from Microsoft, which are built exactly for understanding different parts of a text message, especially in a bot context. Here's a link to getting started with this, for C# (on the menu just below in this link, is a Node example if that's what you need).
There's also a tag here on Stack Overflow focused just on LUIS, if you run into trouble or need any more help.
Hope that helps
[Update] I re-read your question and I see now it's about BotComposer, not a custom developed bot. As a result, the sample I linked to is not valid, but LUIS certainly is. I haven't used Bot Composer myself, but LUIS is integrated as part of it - see here.

How can I find the content between multiple parameter strings (E.G. /contact-group/{ID}/member/{CONTACT-ID})

I had searched around but couldn't find something for it specifically. I was looking for a way to find the content of a URL (In this case these are URIs in a rest API)
A few examples of these look like:
/currency/{currency-id}
Or
/contact-group/{ID}/member/{CONTACT-ID}
The parameters always can be different, however they always are between {}, in different forms within the string. I know how I can replace these when there is only one in the URI without issue, but at runtime the programmer won't know these, and I'm trying to prevent having to define them and because of this when URIs contain multiple parameters I'm not sure how to obtain each case of them.
Happy for any ideas on how to get around this!
Seems like you're looking for a basic example of routing:
# in config/routes.rb
get "/:param_1/:param_2", to: "MyController#some_action"
Then in the controller you'd be able to get params[:param_1] and such.
You can see Rails' routing guide for more info
Maybe I'm not totally understanding your question, though. If you're looking to be able to capture a variable number of params, there's a special syntax for passing arrays in the query param.
See this: Passing array of parameters through get in rails
The answer to this was here
Basically using parameterset = url.scan(/{.+?}/) (replace url with your string name), and what's in scan with your parameter list, I can use this to do
parameterset.each { |x| x.... etc}

Rainmeter: How to concatenate strings

I am getting data from a broken RSS feed that gives me wrong link. I wanted to fix this link so I made this code:
<link.*>(.*)&.*tid(.*)</link>
and the link could be like:
www.somedomain.com/?value=50&burrrdurrrr;tid=120
But the real working link is in this form:
www.somedomain.com/?value=50&tid=120
The thing that I'm asking is if my measure thing looks like this:
[FeedURL]
Measure=Plugin
Plugin=Plugins\WebParser.dll
Url=[Feed]
StringIndex=2 ;now I only get www.somedomain.com/?value=50
Substitute=#SubstituteFeed#
How am I supposed to concatenate the strings together to complete the url?
I'm guessing rather than &burrrdurrrr;, the link has &, which is how you have to write & in an HTML or XML file.
If that's the case, you just need to set the DecodeCharacterReference option, as described in this handy-looking tutorial. Another option mentioned there is Substitute, which would be able to strip it out even if it really was &burrrdurrrr;.
None of this is a particularly sensible way of dealing with HTML or XML - a much better approach would be a plugin which actually parsed the document structure and let you reference nodes using XPath or CSS rules - but you work with what you've got, I guess. (I've never heard of this "Rainmeter" before, despite its claim to be "the best known and most popular desktop customization program for Windows"; maybe because nobody else calls their program that, instead almost universally using the word "widget"?)

howto get Builder to create <tag></tag> instead of <tag/>

I,m using Builder::XmlMarkup to create xml. I want to create a tag without content because the api force me to create this.
If I use a blog
xml.tag do
end
I get what i need
<tag></tag>
but I want it shorter
xml.mytag
this gives me
<mytag/>
but i want
<mytag></mytag>
what do I have to pass as option.
regards Kai
Just pass empty string as a parameter. xml.mytag('')
Why do you want <mytag></mytag> instead of <mytag/>? Since the output is XML, downstream applications should not know or care about the difference.
According to the Infoset spec (Appendix D point 7), "The difference between the two forms of an empty element: <foo/> and <foo></foo>" is not represented in the XML Information Set.
This doesn't answer your "how" question, but if you discover that you actually don't need to do what you're trying to do, it may save you from a difficult and unnecessary wild goose chase.
ok empty string is nice, another one-line-way is empty block I found out.
xml.mytag{}

filtering user input in php

Am wondering if the combination of trim(), strip_tags() and addslashes() is enough to filter values of variables from $_GET and $_POST
That depends what kind of validation you are wanting to perform.
Here are some basic examples:
If the data is going to be used in MySQL queries make sure to use mysql_real_escape_query() on the data instead of addslashes().
If it contains file paths be sure to remove the "../" parts and block access to sensitive filename.
If you are going to display the data on a web page, make sure to use htmlspecialchars() on it.
But the most important validation is only accepting the values you are expecting, in other words: only allow numeric values when you are expecting numbers, etc.
Short answer: no.
Long answer: it depends.
Basically you can't say that a certain amount of filtering is or isn't sufficient without considering what you want to do with it. For example, the above will allow through "javascript:dostuff();", which might be OK or it might not if you happen to use one of those GET or POST values in the href attribute of a link.
Likewise you might have a rich text area where users can edit so stripping tags out of that doesn't exactly make sense.
I guess what I'm trying to say is that there is simple set of steps to sanitizing your data such that you can cross it off and say "done". You always have to consider what that data is doing.
It highly depends where you are going to use it for.
If you are going to display things as HTML, make absolutely sure you are properly specifying the encoding (e.g.: UTF-8). As long as you strip all tags, you should be fine.
For use in SQL queries, addslashes is not enough! If you use the mysqli library for example, you want to look at mysql::real_escape_string. For other DB libraries, use the designated escape function!
If you are going to use the string in javascript, addslashes will not be enough.
If you are paranoid about browser bugs, check out the OWASP Reform library
If you use the data in another context than HTML, other escaping techniques apply.

Resources