First, sorry for my english it's not my native language.
So, I am working on an application in JSP and in one of my forms I have a field "comments". When I submit this form, the value of this field is sent to my servlet by an ajax request.
var request = 'mainServlet?command=SendRequest';
request += ('&comments=' + $('#comments').val());
But when there is a "<" or ">" in the field, $('#comments').val() translate them into "<" or "&gl". For exemple, is converted to < ;test&gl ;
And when I want to recover the value in my servlet, I do:
String comments = request.getParameter("comments");
But the url looks like : mainServlet?command=SendRequest&comments=< ;test&gl ;
So request.getParameter("comments"); returns an empty string.
I thought that I could replace the string like < by my own code and then replace it again in my servlet, but is there a simpler way to do this?
Thanks.
Edit: After, I reuse the comments in an other jsp.
I believe what you need is the encodeURIComponent function. It will convert any string into a format that you can use inside a URI.
Just remember to decode it on the receiving end, I believe the URLDecoder class can do this for you.
Related
I pass some parameters in ajax URL and want to get that parameters by request.getParameter(); in controller if that parameters have some special character like #,%,&, etc. then how to get it?
String xyz = new String(request.getParameter("XYZ").getBytes("iso-8859-1"), "UTF-8");
You have two options:
1.Encode values to JSON before sending, and decode them on server.
Use javascript method encodeURIComponent https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
I found best solution after spending couple of hours use
((String[])request.getParameterMap().get("paramname"))[0]
which gives me param value with special charater
In my project, from UI I am passing a string to the server like account<s using HTTP post method. This value is fetched in backend using request.getParameter() method of HTTPServlet. The getParameter() returns an encoded string. The account<s value is fetched as account& lt;s
Now in UI I need to display account<s. If the value is encoded as account<s, then I can use html decoding in the UI part. But the encoded string has an additional space. Instead of <, I am getting & lt;.
jQuery Code:
var params = {};
params.passVal = "account<s";
//ajax call
$.ajax({
type:"POST",
url:url,
data:params,
datatype:"json",
async:false
}).success(function(json){
//success notification
});
Java Code:
String receivedVal = request.getParameter("passVal"); //account& lt;s
I am using Apache Tomcat 7 and jquery v2.1.3
For all the encoded characters, a space is added between the 1st and the 2nd character. Why is it behaving like this? And how can I get the original data in Java?
This problem occurred because of a servlet filter class, in which the encoding process is defined. Instead of <, it is coded as & lt. Thanks a lot #tak3shi for pointing out the root cause.
An HTML entity (<) is not URL encoding; you need to encode the < as %3c.
The request parameter is like decrypt?param=5FHjiSJ6NOTmi7/+2tnnkQ==.
In the servlet, when I try to print the parameter by String param = request.getParameter("param"); I get 5FHjiSJ6NOTmi7/ 2tnnkQ==. It turns the character + into a space. How can I keep the orginal paramter or how can I properly handle the character +.
Besides, what else characters should I handle?
You have two choices
URL encode the parameter
If you have control over the generation of the URL you should choose this. If not...
Manually retrieve the parameter
If you can't change how the URL is generated (above) then you can manually retrieve the raw URL. Certain methods decode parameters for you. getParameter is one of them. On the other hand, getQueryString does not decode the String. If you have only a few parameters it shouldn't be difficult to parse the value yourself.
request.getQueryString();
//?param=5FHjiSJ6NOTmi7/+2tnnkQ==
If you want to use the '+' character in a URL you need to encode it when it is generated. For '+' the correct encoding is %2b
Use URLEncoder,URLDecoder's static methods for encoding and decoding URLs.
For example : -
Encode the URL param using
URLEncoder.encode(url,"UTF-8")
Back in the server side , decode this parameter using
URLDecoder.decode(url,"UTF-8")
decode method returns a String type of the decoded URL.
Allthough the question is some years old, I'd like to write down how I fixed the problem in my case: the download link to a file is created in a GWT page where
com.google.gwt.http.client.URL.encode(finalurl)
is used to encode the URL.
The problem was that the "+" sign a customer of us had in the filename wasn't encoded/escaped. So I had to remove the URL.encode(finalurl) and encode each parameter in the url with
URL.encodePathSegment(fileName)
I know my question is bound to GWT but it seems, URLEncoder.encode(string, encoding) should be applied to the parameter only aswell.
I am having a problem here. When I use ajax to pass a parameter containing "+" to my controller it is being replaced by a space.
Example, I will pass value = Tom+Jerry+Garfield using ajax. When I use System.out.println() in my controller it displays Tom Jerry Garfield. I tried using other special characters I don't seem to have a problem.
Please help. Thanks in advance.
In some GET and POST requests (most likely in the URL, or via a form), spaces are encoded as "+" (plus) symbols before they are passed to the server. You can see this behaviour if you do a normal GET request - you will see something like google.com?q=test+example If you want to pass a plus symbol via an ajax GET/POST request, you need to "urlencode" it. The URL encoded value for + is %2B.
Also note:
The javascript encodeURIComponent() function can be used, as answered in:
AJAX POST and Plus Sign ( + ) -- How to Encode?
+ is decoded as space after url decoding. If you want to pass +, you need to encode it.
When we pass values to the controller there is a model binder which is sitting in between the request. When the ajax call is made the url and the request is encoded. The " " (Space) character in url decoded form encodes to a "+".
The Model Binder on the other hand decodes the request and extracts the parameters and gives it to the controller and hence "+" is converted to a " " .
But here the question is why would one pass "+" as a separator ??
I am outputting a string form my java class like this
String numQsAdded = "<div id='message1'>"+getQuestion()+"</div>";
This string is being sent back to the client side as a XMLHttpRequest. So, in my jsp page I have a javascript alert method that prints out the string returned from the server. it translates '<' to < and '>' to >
how can i avoid this?
I have tried changing my string to:
String numQsAdded = "<div id='message1'>"+getQuestion()+">/div<";
but this has even worse effects. then '&' is translated as 'amp'
XMLHttpRequest encodes the string before sending it. You will have to unescape the string.
on the client side javascript, try using:
alert(unescape(returned_string))
< is the way to show "<" in html, which is produced from XMLHttpRequest. try using XMLRequest
It is the entity reference for "<" while > ; is the entity reference for ">" you will need to unescape the string using the unescape() method
Paul Fisher's answer is the right one. I'll take a moment to explain why. HTML-Encoding of content from the server is a security measure to protect your users from script injection attacks. If you simply unescape() what comes from the server you could be putting your users at risk, as well as your site's reputation.
Try doing what Paul said. It's not difficult and it's much more secure. Just to make it easier, here's a sample:
var divStuff = document.createElement('div');
divStuff.appendChild(containerElement);
divStuff.id = 'message1';
divStuff.innerHTML = getQuestion();
This is much more secure and draws a better separation for you presentation layer in your application.
It might be better to send back a raw string with your message, and leave the client Javascript to create a div with class message1 to put it in. This will also help if you ever decide to change the layout or the style of your notices.
I don't think you can avoid that. It's how "<" is represented in HTML, and the result would be OK on your HTML page.