I am having spring rest service where I am sending clob data(rich text field).i.e html data as string.
I can see service is returning fine(debug mode) but when it's coming to browser all double quotes" are getting converted with "\
That's why image rendering is not happening in rich text field.
Please help me to resolve this.
Rest Call:
Actual code I am unable to post due to access issue
#GetMapping(value="/getRTFData", produces ="application/json") public RTFData get() { }
RTFData class having field
String contentText;
Actual Service returning :
contentText = "<some src ="https://sample/viewImage/123"
but in response in swagger/postman i can see coming as
contentText ="<some src=\"https://sample/viewImage/123\">"
Which is extra \ whenever "(double quote).
Please help
Related
I have implemented the api
#GetMapping("/mqsql-data/{tableName}")
public List<String, Object> getTableData(#Parameter(name="sigma", schema=#Schema(type="string", defaultValue="sigma") #PathVariable String tableName) {
return service.getData(tableName);
}
added dependency : org.springdoc:springdoc-openapi-ui:1.6.11
It is generating swagger ui.
when I am calling my api from browser and postman, I am getting the data means code is working fine but If I am trying to hitting api from swagger ui, value to tableName is not passing and getting below syntax error
Incorrect syntax near '}'. I debug the code It is not taking tableName from swagger ui page.
Can anybody help on this. Thanks in advance
I am making a GET request in my java code and the URL that i want to use to perform a GET request is:
http://localhost:1111/sms/v1/222222?startTime=2015-12-29T14%3A00%3A00.000Z&endTime=2015-12-29T15%3A00%3A00.000Z
However it is coming up as:
http://localhost:1111/sms/v1/222222?startTime=2015-12-29T14%253A00%253A00.000Z&endTime=2015-12-29T15%253A00%253A00.000Z
Notice that the following characters are being replaced:
% to %25
How do I make sure my request is sent as I want to specify. My code looks like this:
public static String getRequest(String id, String startTs, String endTs) {
Response response = givenAuthJson("username", "password")
.queryParam("startTime", startTs)
.queryParam("endTime", endTs)
.get(BASE_URL+"/sms/v1/{id}", id);
response
.then()
.spec(responseSpec);
return response.asString();
}
And I call this method as:
.getRequest("222222", "2015-12-29T14%3A00%3A00.000Z","2015-12-29T15%3A00%3A00.000Z");
Can you please give an example or answer using the code given? Thanks.
OK - not sure if I'm allowed to answer my own Q but it is for the benefit of all if someone is doing the same thing as me!
I overcame this problem by adding the following
.urlEncodingEnabled(false)
REFERENCE:
how to handle Special character in query param value in Rest assured
Thanks for all who helped.
I am working on Play Framework 2.0 for Java and I have a querystring url like http://localhost:9000/project/detail?id=1, when this url hits It will call a HTML template file eg.detail.scala.html. So I want to check is there querystring exist in url in my HTML file.
ex:
#if(existsQueryString)
#showPerticularProductDetail
else
#showAllProductList
Please help me or give any suggestion for this. I dont want to pass some variable or any flag from controller to view for checking the condition. I just want to check is querystring there in url inside my HTML.
You can access the request either directly if you're in a Java project, or via an implicit parameter if you are in a Scala project.
In a Java project, you can use it directly to check the queryString :
#if(request.queryString.containsKey("myKey")){
#showPerticularProductDetail
else
#showAllProductList
If you're in a Scala project, you need to add the request as an implicit parameter of your view :
#(title: String)(implicit request: play.api.mvc.Request)
And your controller should also declare this implicit parameter :
def detail = Action { implicit request =>
...
myTemplate.render()
}
I have define variable error in struts.properties as follows:
error=this is an error
Now I can call this error as follows:
ErrorMsg = "<s:property value='getText(\"error\")'/>";
and it works, the result is: ErrorMsg=this is an error
How to get the text of variable instead of string?
I tried the following:
var m="error";
error1 = "<s:property value='getText(m)'/>";
error2 = "<s:property value='getText(\"m\")'/>";
I use firebug debugger and error1 and error2 are displyed as follows:
error1=""
error2=""
Any Idea?
thank you in advance
You appear to be mixing server side and client side code.
The s:property tags will be evaluated first on the server side, long before any value of m is valid, as that is client side JavaScript code.
If you post what you're trying to achieve then I or someone else may be able to help further.
HTH
I have a Spring application on the backend and a GWT application on the frontend.
When the user is logged in ''index.jsp'' will output the user information as a javascript variable.
I am using AutoBeanFactory to encode and decode the user information as json.
Because the user can register and the user information are stored in the database I try to follow the OWASP XSS Preventing cheat sheet by escaping the user information in the JSP page.
I am using the esapi library to do the encoding. The server side code looks like this:
public static String serializeUserToJson(CustomUser user) {
String json;
AppUserProxy appUserProxy = appUserFactory.appuser().as();
appUserProxy.setFirstname(encoder.encodeForHTML(user.getFirstname()));
appUserProxy.setLastname(encoder.encodeForHTML(user.getLastname()));
AutoBean<AppUserProxy> bean = appUserFactory.appuser(appUserProxy);
json = AutoBeanCodex.encode(bean).getPayload();
return json;
}
I tried to use encodeForHTML and encodeForJavaScript().
This works fine for normal characters however as soon as I use Umlaute characters (ü, ä, ö) I run into problems.
If I use the encodeforHTML() function the javascript variable looks like this (note firstname has an ü):
var data = {'user':'{"email":"john.doe#gmail.com","lastname":"Doe","firstname":"Über"}'};
Decoding with Autobean works fine however the character ü is not displayed properly but the HTML escaped one (Über).
When I use the encodeForJavaScript() function the output is as follows:
var data = {'user':'{"email":"john.doe#gmail.com","lastname":"Doe","firstname":"\\xDCber"}'};
When I try to decode the JSON string I run into a weird problem. In Development Mode/Hosted Mode decoding works fine and the Umlaut is properly displayed.
However as soon as I run the code in Production Mode I get an uncaught Exception:
java.lang.IllegalArgumentException: Error parsing JSON: SyntaxError: Unexpected token x
{"email":"john.doe#gmail.com","lastname":"Doe","firstname":"\xDCber"}
at Unknown.java_lang_RuntimeException_RuntimeException__Ljava_lang_String_2V(Unknown Source)
at Unknown.java_lang_IllegalArgumentException_IllegalArgumentException__Ljava_lang_String_2V(Unknown Source)
at Unknown.com_google_gwt_core_client_JsonUtils_throwIllegalArgumentException__Ljava_lang_String_2Ljava_lang_String_2V(Unknown Source)
at Unknown.com_google_gwt_core_client_JsonUtils_safeEval__Ljava_lang_String_2Lcom_google_gwt_core_client_JavaScriptObject_2(Unknown Source)
at Unknown.com_google_web_bindery_autobean_shared_impl_StringQuoter_split__Ljava_lang_String_2Lcom_google_web_bindery_autobean_shared_Splittable_2(Unknown Source)
at Unknown.com_google_web_bindery_autobean_shared_AutoBeanCodex_decode__Lcom_google_web_bindery_autobean_shared_AutoBeanFactory_2Ljava_lang_Class_2Ljava_lang_String_2Lcom_google_web_bindery_autobean_shared_AutoBean_2(Unknown Source)
at Unknown.com_gmi_nordborglab_browser_client_mvp_main_UserInfoPresenter_onBind__V(Unknown Source)
I can think of following solutions:
Rely only on input validation (when the data is stored in the db) and remove the output encoding. But that's not the recommended approach.
Replace the Umlaute with normal ASCII characters (ü => ue) and continue to use output encoding
use some library which escapes the XSS characters but leaves the Umlaute alone.
I am thankful for some feedback
Update: Based on Thomas suggestions I am now passing a JsoSplittable from JSNI and then passing this to the AutoBeanCodex.decode function. It works fine in Production Mode however in Hosted Mode I get following NPE:
java.lang.NullPointerException: null
at com.google.gwt.dev.shell.CompilingClassLoader$MyInstanceMethodOracle.findOriginalDeclaringClass(CompilingClassLoader.java:428)
at com.google.gwt.dev.shell.rewrite.WriteJsoImpl.isObjectMethod(WriteJsoImpl.java:307)
at com.google.gwt.dev.shell.rewrite.WriteJsoImpl.visitMethod(WriteJsoImpl.java:289)
at com.google.gwt.dev.shell.rewrite.WriteJsoImpl$ForJsoInterface.visitMethod(WriteJsoImpl.java:228)
at com.google.gwt.dev.asm.ClassAdapter.visitMethod(ClassAdapter.java:115)
at com.google.gwt.dev.shell.rewrite.RewriteJsniMethods.visitMethod(RewriteJsniMethods.java:350)
at com.google.gwt.dev.asm.ClassReader.accept(ClassReader.java:774)
at com.google.gwt.dev.asm.ClassReader.accept(ClassReader.java:420)
at com.google.gwt.dev.shell.rewrite.HostedModeClassRewriter.rewrite(HostedModeClassRewriter.java:251)
at com.google.gwt.dev.shell.CompilingClassLoader.findClassBytes(CompilingClassLoader.java:1236)
at com.google.gwt.dev.shell.CompilingClassLoader.findClass(CompilingClassLoader.java:1059)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
The code which causes this exception is following:
private native final JsoSplittable getJsoUserdata() /*-{
if (typeof $wnd.user !== 'undefined')
return $wnd.user;
return null;
}-*/;
#Override
public JsoSplittable getUserdata() {
JsoSplittable user = null;
user = getJsoUserdata();
if (user != null) {
String payload = user.getPayload();
Window.alert(payload);
}
return user;
}
Window.alert(payload) works fine in production mode. In Hosted mode when I step into user.getPayload() I get a NPE in findOriginalDeclaringClass function of the CompilingClassLoader.java. It seems that declaringClasses is null
You shouldn't explicitly escape anything; AutoBeans do it for you already. Or rather, if you want to escape something, escape the output of AutoBean's getPayload(), not the innards.
Your problem is that AutoBeans uses native JSON.parse() when possible (for both performance and safety reasons) which, per spec, only supports \uNNNN kinds of escapes, and not the \xHH that encodeForJavaScript outputs. In other words, ESAPI would need an encodeForJSON.