I'm using the Omnifaces ajax.oncomplete function to show a toastr message in my JSF 2 page. The problem I'm facing is that I'm developping a frensh web application and we use a lot of quotes ('). When I add the quote, the browser throws a malformed XML exception :
malformedXML: missing ) after argument list
While I'm using the braqueted slash to make it ignore the quote and treat it as a string :
Ajax.oncomplete("toastr.warning('Vérifier l\'adresse e-mail saisie.')");
Is there a way to pass this exception ?
The \ is also an escape character in Java itself. So, ultimately the \ got stripped off by Java.
You need to double-escape it to represent a literal \, so it arrives as a real \ in JavaScript.
Ajax.oncomplete("toastr.warning('Vérifier l\\'adresse e-mail saisie.')");
Alternatively, if those strings are not hardcoded and thus coming from a dynamic source, and you'd basically thus need to perform automatic escaping, then better use Ajax#data() to automatically let OmniFaces encode the Java variable as a properly formatted JSON object available via OmniFaces.Ajax.data in JavaScript context.
Ajax.data("message", "Vérifier l'adresse e-mail saisie.");
Ajax.oncomplete("toastr.warning(OmniFaces.Ajax.data.message)");
This way you don't need to worry about escaping fuss.
Related
Hi I use spring web and I need to send newline characters in my string by default I got 400 bad request.When I change allow-unquoted-control-chars parameter that time my request passed successfully
spring.jackson.parser.allow-unquoted-control-chars=true
in jackson release notes,I see this is non standard.My question is what is the correct way to pass unquoted chars like new line?If I change this parameter is there any security or another issue I can face?Is there any disadvantage to change this parameter
Since JSON specification requires quoting for all control characters, this is a non-standard feature, and as such disabled by default.
I have a FreeMarker template and the data being supplied to it is already escaped.
<b>Marmot</b>
Is there a way to unescape it?
<b>Marmot</b>
There's no function for un-escaping (which would be a function for fixing corrupted data). But, are you sure that you get the data like that, and it's not FreeMarke that escapes it? ${something} escapes the string if auto-escaping is on. Then you can use ${something?no_esc} to prevent that. (Or if the template uses legacy auto-escaping, then <#noescape>${something}</#noescape>.)
I m trying to validate the image url using golang code but there is error in regular expression I'm showing my regular expression in this question:-
var validation = regexp.MustCompile("(http(s?):)|([/|.|\w|\s])*\.(?:jpg|gif|png)")
Error:-
unknown escape sequence (and 2 more errors)
play link
\. is an invalid escape sequence. I would suggest you use backticks when defining regular expressions. e.g.
regexp.MustCompile(`^https?://.*\.(jpg|gif|png)$`) // this will just check if the url ends with jpg,gif,png
If you are not using the capture groups, this is a simpler approach. However when parsing or validating URLs, use url.Parse() which provides better validation.
How can I escape an apostrophe in golang?
I have a string
s = "I've this book"
and I want to make it
s = "I\'ve this book"
How to achieve this?
Thanks in advance.
Escaping a character is only necessary if it can be interpreted in two or more ways. The apostrophe in your string can only be interpreted as an apostrophe, escaping is therefore not necessary as such. This is probably why you see the error message unknown escape sequence: '.
If you need to escape the apostrophe because it is inserted into a database, first consider using library functions for escaping or inserting data directly. Correct escaping has been the culprit of many security problems in the last decades. You will almost certainly do it wrong.
Having said that, you have to escape \ to do what you want (click to play):
fmt.Println("\\'") # outputs \'
As you're using cassandra, you can use packages like gocql which provide you with parametrized queries:
session.Query(`INSERT INTO sometable (text) VALUES (?)`, "'escaping'").Exec();
I am sending tokens via a POST request, but when I see them on the server it doesn't match up with what was sent.
"U2FsdGVkX1+pxBHFdSU4NiSIOdR2GCCBr/WF7AOSF5zQjRqjSoTeOKR0Dzwm\nNT+g\n" <-- Original
"U2FsdGVkX1+pxBHFdSU4NiSIOdR2GCCBr/WF7AOSF5zQjRqjSoTeOKR0Dzwm\\nNT+g\\n" <-- Result
Notice that the \n has been replaced with \\n. When I do the token lookup verification, of course, no result is found because the string I'm looking for is not the proper string anymore!
I'm not sure why this string is being auto changed like this or quite how to correct it. I'm just accessing this through the standard params like so.
token.verify(params["token"])
EDIT for further clarity
I'm viewing this from the terminal using the debugger gem. I have autoeval enabled and display with params["token"] without p or puts. I am not trying to create newline characters with \n. The literal \n is an actual part of the string that is received in the post. I randomly generate a token using a hashing and encryption library and the strings sometimes end up with these characters in them. If I run token.verify(params["token"]) from the debugger terminal I get nil back from the database as there is no match due to the extra backslash characters being added into the string.
If I directly run token.verify("U2FsdGVkX1+pxBHFdSU4NiSIOdR2GCCBr/WF7AOSF5zQjRqjSoTeOKR0Dzwm\nNT+g\n") from the debugger terminal I get the correct record back from the database. This leaves me thinking that either Rack or Sinatra is auto escaping the "special" characters in the string before I get a chance to even touch it.
This has something to with the way Ruby is handling special characters. From irb you can see this with a quick check like this.
"\\n" == '\n'
Unexpectedly; at least to me, this returns true as they are treated the same. Rather than trying to deal with special characters coming across the wire I ended up just base 64 encoding everything.