{"pics": "http: //// localhost: 8080 // data // photos // moodsPic // 4.jpg"}
I want "jpg / 4.jpg" effect
Another way:
After escaping, return to http: ////// localhost: 8080 /// data /// photos /// moodsPic /// 4.jpg
The result becomes like this: http: //////// localhost: 8080 //// data //// photos //// moodsPic //// 4.jpg
I cannot duplicate this and I do not see escaped forward slashes.
Please make sure your struts package extends json-default like below example:
<package name="urlMappingsExample" extends="json-default">
Related
keycloak-js appears to be appending session data when I refresh my vue3 application: https://my.domain/#/&state={state}&session={session} etc
I wouldn't have a problem with this except it's breaking my site when I refresh due to the incorrect url format.
I can't find where this appears to be trying to append the data in the url from.
Here is a workaround to configure in router configuration. Credits from this thread.
const removeKeycloakStateQuery = (to, from) => {
const cleanPath = to.path
.replace(/[&\?]code=[^&\$]*/, "")
.replace(/[&\?]state=[^&\$]*/, "")
.replace(/[&\?]session_state=[^&\$]*/, "");
return { path: cleanPath, query: {}, hash: to.hash };
};
// ...
{
path: "/:catchAll(.*)*",
component: () => import("src/pages/component.vue"),
beforeEnter: [removeKeycloakStateQuery],
}
It ended up being that keycloak-js appears to conflict with createWebHashHistory in vue-router. I've updated it to just use createWebHistory and now my site is working.
There is logic in keycloak-js that tries to determine if you're in a query string and I found the problem by stepping through that code in parseCallbackUrl.
Example: As stated, I ended up using createWebHistory instead of createWebHashHistory. I made the change in my router/index.js file in the createRouter method passing the history option:
import { createRouter, createWebHistory } from 'vue-router'
/* Other router code here */
const router = createRouter({
history: createWebHistory(), // was createWebHashHistory() with matching import substitution
routes
})
export default router
I have an hash configuration like this
sub vcl_init {
new bar = directors.hash();
bar.add_backend(server1, 1.0);
bar.add_backend(server2, 1.0);
}
I would like to add a rewrite rule that if in the url there is a word it must redirect to one specific internal server
if (req.url ~ "/newsletter" ) {
set req.http.x-redir = "https://" + "10.1.3.4" + req.url;
return (synth (301, req.http.x-redir));
}
But this rule doesn't work because 10.1.3.4 is an internal ip not a DNS. Is it possible to do this?
Seems like you want to use a different director backend (the internal server) if the request contains newsletter. Thats possible.
Example
sub vcl_recv {
if (req.url ~ "^/newsletter") {
set req.backend = newsletter;
} else {
set req.backend = default.
}
}
See https://varnish-cache.org/docs/3.0/tutorial/advanced_backend_servers.html
But you cant do a 301, thats for the external request, while here we are talking internal routing.
I'm trying to save a custom url path like such: "/PARENT_TERM/TERM/NODE_NAME"
Thanks to Pathauto, I've managed to get hold of the info I needed to construct the url string but I can't seem to get my url to save. I'm also not sure whether it would be best to save this information on the Url Path Settings or in URL entity.
The reason I'm not using Pathauto to make the url is that it doesn't provide any tokens for the parent term when I'm making a pattern for my nodes.
Here is my code so far:
function HOOK_node_insert($entity) {
_HOOK_node_url($entity, 'insert');
}
function HOOK_node_update($entity) {
_HOOK_node_url($entity, 'update');
}
function _HOOK_node_url($entity, $op){
if($entity->getType() == 'dvn_products'){ //Content_type
$nid = $entity->id();
$entity_alias = \Drupal::service('path.alias_manager')->getAliasByPath('/node/' . $nid); // Get the pathauto alias
$term_id = $entity->field_dvn_product_type_ref->target_id;
$term_object = \Drupal\taxonomy\Entity\Term::load($term_id);
$term_name = $term_object->get('name')->value;
$term_alias = \Drupal::service('path.alias_manager')->getAliasByPath('/taxonomy/term/' . $term_id); // Gets pathauto term alias
$new_url = str_replace("/".strtolower($term_name),$term_alias,$entity_alias); //replaces child term with its url
$entity->path->alias = $new_url; // Saves new url (This is the problem)
}
}
Thank you!
The code part:
function PushRequests(strUser, eClientType, iSectorId, strDeviceId, arrRequests) {
var input = {
method : 'post',
returnedContentType : 'xml',
path : 'SomeAddress/PushRequests',
parameters : {
'strUser' : strUser.toString(),
'eClientType' : eClientType.toString(),
'iSectorId' : iSectorId.toString(),
'strDeviceId' : strDeviceId.toString(),
'arrRequests' : arrRequests // <- the array
}
};
return WL.Server.invokeHttp(input);
}
The response:
Procedure invocation error. Content is not allowed in prolog.,Failed to parse the payload from backend (procedure: HttpRequest)
I have tried to strignify the array by the navite way and via JSON. This is not the solution.
I know the problem is with the array passed. Does anybody know a workaround, or a way to correctly pass an array to the adapter?
I know the problem is with the array passed.
How do you know this?
Content is not allowed in prolog.
This is almost always a symptom of passing data to an XML parser that is invalid XML, or has some characters before the prolog, which is:
<?xml version="1.0" encoding="utf-8"?>
In your adapter, you've told it to expect XML from the backend HTTP service you're calling. I was able to reproduce the same message you see by returning invalid XML from my backend HTTP service. In fact, I can put anything in the response that is invalid XML, and I'll get the "Content is not allowed in prolog." message. I can return a page that is a 404 page, or with a Content-Type header of "text/plain". The adapter was told to expect XML, but given something else.
Please be sure to check that you are not getting a 404 page, or 500, or something else from the backend HTTP service your adapter is calling.
Here's how I reproduced the "Content is not allowed in prolog" message from my adapter:
First, create an adapter with xmltester.xml:
<wl:adapter name="xmltester"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.worklight.com/integration"
xmlns:http="http://www.worklight.com/integration/http">
<displayName>xmltester</displayName>
<description>xmltester</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>localhost</domain>
<port>3000</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
<procedure name="getStuff"/>
</wl:adapter>
and xmltester-impl.js:
function getStuff() {
var input = {
method : 'get',
returnedContentType : 'xml',
path : 'index.xml',
parameters : {
'arrRequests' : JSON.stringify(['one', 'two'])
}
};
return WL.Server.invokeHttp(input);
}
I created a node server (server.js) to be my backend:
var express = require('express');
var app = express();
var port = 3000;
app.get('/index.xml', function(req, res){
var body = '<?xml version="1.0" encoding="utf-8"?><boo/>';
res.setHeader('Content-Type', 'application/xml');
res.setHeader('Content-Length', body.length);
res.end(body);
});
app.listen(port);
console.log('Listening on port %s', port);
Started the server:
npm install express
node server.js
Then created a Worklight app with a button:
<button id="doit">Do it!</button>
And linked up a click listener to see what I get back from Worklight when the adapter is invoked:
$ = WLJQ;
$("#doit").click(function() {
var invocationData = {
adapter : 'xmltester',
procedure : 'getStuff',
parameters : []
};
WL.Client.invokeProcedure(invocationData,{
onSuccess : function(data) {alert("SUCCESS" + JSON.stringify(data));},
onFailure : function(data) {alert("FAILURE" + JSON.stringify(data));}
});
return false;
});
I could recreate the problem exactly when my backend server returned a payload with extra characters in front of the prolog (which you can try yourself by editing the server.js code above), like:
somethinghere<?xml version="1.0" encoding="utf-8"?>
Or any non-XML payload, for that matter.
returnedContentType : 'xml'
Failed to parse the payload from backend
Is the returned content in xml format? If not, can you cange the returnedContentType field to 'plain' or 'html' or whichever format you are expecting it in?
Here is the problematic part of the template:
<ul id="list">
<template iterate='file in convertedfiles.files'>
<li>{{file.filename}}
<template if='file.isImage'>
<img src="{{file.src}}" alt="{{file.filename}}"><br/>
Source: {{file.src}}
</template>
</li>
</template>
</ul>
convertedfiles is a list of AndroidFile:
class AndroidFile {
File _file;
String filename;
String src;
bool isImage;
AndroidFile(this._file) : isImage = false {
filename = htmlEscape(_file.name);
// If the file is an image, read and display its thumbnail.
if (_file.type.startsWith('image')) {
FileReader reader = new FileReader();
reader.on.load.add((e) {
src = reader.result.toString().trim();
// prints the correct URL (data:image/png;base64,...)
print(src);
isImage = true;
watcher.dispatch();
});
reader.readAsDataUrl(_file);
}
}
}
The template gets displayed. It shows the filename, it shows the source but the imagetag looks like
<img alt="screenshot-1179.png" src="#">
The hash is underlined (in Chromium source view) and if I click on it it says "File not found: /web/out/"
Converted to JS is says in Chrome:
"Resource interpreted as Image but transferred with MIME type text/html"
Sample source is on GitHub
Any hints?
Note that if you know that you are handling a safe URI that is not vulnerable to XSS, you can work around this problem by using a SafeUri wrapper (imported from web_ui/web_ui.dart). For instance, change your template from:
<img src="{{file.src}}" alt="{{file.filename}}">
to:
<img src="{{new SafeUri.unsafe(file.src)}}" alt="{{file.filename}}">
Or change file.src internally to store a SafeUri.
I found the problem.
It's because the URI gets sanitized for security reasons. The sanitizer turns invalid URIs into a hash #.
From web_ui/templating.dart:
/**
* Ensure that [usiString] is a safe URI. Otherwise, return a '#' URL.
*
* The logic in this method was based on the GWT implementation located at:
* http://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/gwt/safehtml/shared/UriUtils.java
*/
String sanitizeUri(uri) {
if (uri is SafeUri) return uri.toString();
uri = uri.toString();
return _isSafeUri(uri) ? uri : '#';
}
const _SAFE_SCHEMES = const ["http", "https", "ftp", "mailto"];
bool _isSafeUri(String uri) {
var scheme = new Uri(uri).scheme;
if (scheme == '') return true;
// There are two checks for mailto to correctly handle the Turkish locale.
// i -> to upper in Turkish locale -> İ
// I -> to lower in Turkish locale -> ı
// For details, see: http://www.i18nguy.com/unicode/turkish-i18n.html
return _SAFE_SCHEMES.contains(scheme.toLowerCase()) ||
"MAILTO" == scheme.toUpperCase();
}
So the sanitizer turns your data: scheme URI into a #. Data URIs can be used for XSS, but as far as I know the check could be improved by allowing data URIs when the data URI content type is image/*.
Perhaps file a bug report?