I am trying to pass the following string as a GET parameter to a PHP script:
<script src="http://mypage.net/test.php?cb=
var url = 'test'+document.body.outerHTML;
//"></script>
URL encoded, this string becomes:
%3Cscript%20src%3D%22http%3A%2F%2Fmypage.net%2Ftest.php%3Fcb%3D%0Avar%20url%20%3D%20%27test%27%2Bdocument.body%3B%0A%2F%2F%22%3E%3C%2Fscript%3E%0A
Chrome and Firefox both evaluate the the encoded string after passing it a get parameter to
var url = 'test' document.body;
replacing the %2B with a space, hence making to code syntactically false.
%252B works though, which is decoded to %2B and evaluates to +
Related
I have a code where I am passing path parameters in the GET request in Rest Assured. But I see the path parameters aren't read properly and I see some gibberish text being read. Actually the String I am passing as path parameter contains a comma in it. Below is my code.
ValidatableResponse response = given().header("Authorization", token).header("Content-type", "application/json")
.when().log().all().pathParam("CalendarId", testCaseBean.getCalendarId().toString())
.queryParam("from", testCaseBean.getStartDate()).queryParam("to", testCaseBean.getEndDate())
.queryParam("monthEnd", testCaseBean.getMonthEndBusinessDay())
.get(EndPoint.GET_CALENDAR_BUSINESS_DAY_INFO_DATE_PARAM).then().log().all();
The path param I am passing is "AUS,EUR" and it is being read as AUS%2CEUR. I am passing this path parameter as test data from the CSV file. Below is the request being formed on the console.
https://portculation-qa.us-east-1.m5435454345.easn.mss.com/master-data/v1/calendars/AUS%2CEUR?from=2022-11-01&to=2022-11-01&monthEnd=false
My expected request URI is https://portculation-qa.us-east-1.m5435454345.easn.mss.com/master-data/v1/calendars/AUS,EUR?from=2022-11-01&to=2022-11-01&monthEnd=false
You can see the only difference in the expected and actual URI is the gibberish path param which isn't read properly. Any solution to tackle this issue?
Try adding this:
.urlEncodingEnabled(false)
RestAssured.given()
.contentType(JSON)
.log()
.all()
.urlEncodingEnabled(false)
or:
RestAssured.urlEncodingEnabled = false;
By default it set to true.
I am trying to display some static html in an app using the webview_flutter plugin.
body: WebView(
initialUrl: Uri.dataFromString(
htmlString,
mimeType: 'text/html',
encoding: Encoding('utf-8')
).toString(),
),
I was getting an error about an invalid character error, and I assumed that is because Uri defaults to ASCII. I am trying to set the character encoding to UTF-8 but I can't figure out how to do it. Encoding('utf-8') is obviously not right.
How do I set the encoding?
You can get the encoding like this:
Encoding.getByName('utf-8')
See also How to render a local HTML file in Flutter
Safe Url Encoding in flutter
Ex.
String url = 'http://example.org/';
String postDataKey = "requestParam="
String postData = 'hdfhghdf+fdfbjdfjjndf'
In Case of get request :
Uri.encodeComponent(url+postDataKey+postData);
In Case of Post Data Request use flutter_inappwebview library
var data = postDataKey + Uri.encodeComponent(postData);
webViewController.postUrl(url: Uri.parse(url), postData: utf8.encode(data));
On the client side I am reading an image file and encoding it in base64, sending it to as an URL param.
img = open("file.png", "rb").read()
print len(img)
img = img.encode("base64")
print len(img)
print len(img.decode("base64"))
Prints 252235, 340742 and 252235.
On server side decoding the received str couldn't yield the same result. I am posting the encoded base64 as "http://url.com/test?image=img_str".
img = flask.request.args["image"]
print len(img)
img = img.decode("base64")
print len(img)
Prints 340742 which is perfectly fine and 248176 which should actually be the original length. Is image param modifying during the post request? How to do this without using files param in requests or any other solution.
So, I figured this out!
While sending the encoded string as an URL parameter, "+" in the string are converting into " ". So, had to encoded_base64.replace(" ", "+") before decoding. And it worked!
How the Space Character is handled (encoded) in the URL after the # sign.
I've the URL:
http://example.com/page.html#BookMark location
When I use %20 or + that is used to escape the space character in Query String (the string in URL after ?), I got the URL be double espaced by the browser -The behavior that doesn't happen when dealing with Query String-, example:
When I enter:
http://example.com/page.html#BookMark%20location
I got the browser try requesting this URL instead:
http://example.com/page.html#BookMark%2520location
My app sends out an email with a URL in it. The url contains a query string attribute that is encrypted. I CGI escaped the encrypted value so that symbols like + * . etc are escaped. The escaped URL appears in the email as expected, but when we click on the link, the encrypted values are decrypted.
For Example, the url in the email is as follows
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4
email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j
when we click on this link the url in the browser appears as
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j&owner_id=4
email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j
The + is substituted with space. As a result
params[:email] = 5M jE1G6UB26tw/Ah zr1 JSSxeAoP6j
which gives me a 404.
Is there any way I can avoid this situation. How can I make the url in the browser also appear as
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4
in the browser?
In order to avoid this situation I Hex encoded the email attribute so that the it contains only alphabets and numbers. Used these are the methods to Hex encode and decode.
convert string2hex:
def hexdigest_to_string(string)
string.unpack('U'*string.length).collect {|x| x.to_s 16}.join
end
convert hex2string
def hexdigest_to_digest(hex)
hex.unpack('a2'*(hex.size/2)).collect {|i| i.hex.chr }.join
end