I've input time field in my Grails application:
<joda:timePicker name="startTimeReservation" value="${new LocalTime()}" precision="minute" />
I want to send its value to action in controller via parameters. This is a code from controller where I catch this value:
oldCafeeInfo.startTimeLimit = params['startTimeReservation']
During parameters are send, I get a such error:
Cannot cast object 'struct' with class 'java.lang.String' to class 'org.joda.time.LocalTime'
How to send parameters correctly?
In request all data is String, so you need to parse string:
oldCafeeInfo.startTimeLimit = LocalTime.parse(params['startTimeReservation'], format)
format is SimpleDateFormat.
Or you can use next answers, for do it automaticaly by binding: Binding a Grails date from params in a controller
I found my own alternative. I noticed what params['startTimeReservation'] comes to controller as a string "struct". Also, in logs, I noticed, what this struct is divide by startTimeReservation_hour and startTimeReservation_minutes. They contain integer-values, which are parse easy! Then these values may be transfered as parameters to the new LocalTime(hour, minute). So we've created new LocalTime instance which can be recorded to the database. Somehow, I doubt this is a good variant, but it works.
Related
I have the following code:
dim key
for each key in Request.Querystring
'do something
key = sanitized_param(key)
next
My question for you classic-asp connoisseur, does classic-asp, or asp in general, pass the variables as references(memory), or by value? Trying to figure out if I sanitize the key variable and pass it back to itself, is it just "alive" for that loop, or does the new value get passed to the original QueryString?
Request.QueryString retrieves the query string parameters by value from the page headers.
You can only make changes to a query string once its been retrieved via Request.QueryString, but you can't make changes directly to Request.QueryString as it's read-only (If you could make changes you would presumably use Response.QueryString, but this isn't a valid response command).
I'm guessing you're trying to sanitize all your query strings in one go? This isn't really possible or indeed necessary. You would typically sanitize a query string as and when you request it:
Response.Write(sanitized_param(Request.QueryString("myQS")))
Or to assign the query string to a variable first then sanitize it:
Dim myQS
myQS = Request.QueryString("myQS")
myQS = sanitized_param(myQS)
' or
myQS = sanitized_param(Request.QueryString("myQS"))
Once the query string has been assigned to a variable and sanitized you're able to reference that variable as often as you like without having to pass it to your sanitize function again.
Also, your example code doesn't make much sense. The key value in your for each loop is referencing just the names of your query strings and not their values. If Response.QueryString was a valid ASP command you would do:
Response.QueryString(key) = sanitized_param(Request.QueryString(key))
But again, this isn't possible.
EDIT: This solution might be what you're looking for:
Create a dictionary object, call it "QueryString" for example. Loop through all your query strings and add a sanitized version to the dictionary object.
Dim QueryString : Set QueryString = Server.CreateObject("Scripting.Dictionary")
For Each Item In Request.QueryString
QueryString.Add Item,sanitized_param(Request.QueryString(Item))
next
Now, to retrieve a sanitized version of a query string just use:
QueryString.Item("query_string_name")
Or for the original unsanitized version you could still use:
Request.QueryString("query_string_name")
Just like Request.QueryString, the dictionary object is forgiving and won't return an error if you ask for a query string that doesn't exist.
You could also create a function for retrieving sanitized query strings, for example:
Function SanitizedQS(ByVal qsName)
SanitizedQS = sanitized_param(Request.QueryString(qsName))
End Function
And rather than using Request.QueryString("query_string_name") just use SanitizedQS("query_string_name").
I would like to make an API call dynamically. API (Get) result must vary dynamically based on the query string passed.
I have hard coded the API URL without any query string, and supplied the API URL as an instance variable:
#apiRequest = HTTParty.get("http://localhost:1880/api/devices")
#parseApiRequest = JSON.parse(#apiRequest.body)
I want #apiRequest to change dynamically based on user input from a form (I had already developed a form that gets inputs from user's).
Is it possible to change the value of an instance variable dynamically? User's input value must be passed onto that controller as a query string.
Sample image that gets user input:
Getting User Input
The instance variable must be updated dynamically as,
#apiRequest = HTTParty.get("http://localhost:1880/api/devices?device_id=123456")
Kindly suggest.
Simply interpolate the dynamic data into the api request parameter string:
extraParamsOrPath = "assemble this from form inputs"
urlPrefix = "http://localhost:1880/"
#apiRequest = HTTParty.get("#{urlPrefix}/#{extraParamsOrPath}")
And make sure the user input is sanitized ;)
I have an MVC application that is rendering rendering the following javascript on the client:
var rawData = [{"ID":5317,"Code":"12345","Description":"sometext \u003c/= 100"}];
The JSON data is a result of serializing an object using the JavaScriptSerializer and then running the result through the Html.Raw() helper.
This data is then used to load a knockout view model and display a popup on hover. In the popup, only the "sometext" portion of the "Description" property is being shown as the string gets converted to the unencoded version when setting the rawData variable (i.e. \u003c is converted to <).
Also, this data ends up being sent back to the server upon saving of data, and the ASP.NET validation kicks in and fails the request as it detects the "
I've worked around this, temporarily, by adding a computed property to my Knockout View Model like so:
self.DescriptionEncoded = ko.observable('');
self.Description = ko.computed({
read: function() {
return self.DescriptionEncoded ();
},
write: function(value) {
self.DescriptionEncoded($('<div/>').text(value).html());
}
});
In this way I can access the escaped property from my popup and the unescaped value is not sent back to the server when I serialize my viewmodel (using .toJSON()).
Is there a more global way to handle this rather than creating computed properties for every object that may have some text that appear to be a bad request while not compromising on security? I've considered an overload/helper to the serialization routine that would accept a list of properties to apply a Find/Replace I am thinking this will have to be handled on a case by case basis in a manner similar to what I've already done. As for sending the data back to the server, I could override the toJSON() method on my view model and delete the properties that don't need to be sent back, but that won't help me with my popup.
Thoughts?
You can encode using Ajax.JavaScriptStringEncode. You might also get the AntiXSS library and use it for the encoding.
I hope I understood your question well.
I am trying to send map from gsp to controller but the map is considered as a string in the controller
<g:remoteFunction
action="updateCart"
params="{startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:'${shoppingCart}'}"
update="resourcesSelectedId"/>
Here the shoppingCart is a grails map variable I am trying to send
Edit:
there was a typo in the code I posted above. Missed starting "{" in the params
params="{startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:'${shoppingCart}'}"
Updated my question as per my comments below
In my case shoppingCart is an object and it has, lets say for example, items and quantity of each item. I have some rules to be applied based on the items selected and quantity and determine the price for each item and show it back to the user. I want to do this processing the controller. Whenever user updates the cart I need to re-calculate and show it back to user. Is there any other better approach you would suggest to do this instead of passing the objects back and forth
Anytime you're using the params attribute, it has to be in the format of a Map anyway, which means including the [ ]. This also means you can exclude the ${ } from any values because grails will parse all these as potential variables.
<g:remoteFunction
action="updateCart"
params="[startDate:stDt,endDate:endDt,cartId:pkid,shoppingCart:shoppingCart]"
update="resourcesSelectedId"/>
However, keep in mind that you can't send objects. I'm not sure what shoppingCart is in your example, but it would only be able to be a simple value that can be represented as a String. Possibly you would want shoppingCart.id? Otherwise, that should get you going in the right direction.
I could able to overcome this issue by following below steps
converted the shoppingcart object to json string
Pass the json as part of the params
parse the json string server-side & process
pass the updated object back to gsp
I'm using a javascript plugin called jSignature to give my MVC4 application delivery signature capture functionality. jSignature outputs the signature info in a data:image/png;base64,iVBORw0KG... string format that looks to be around 32,000 characters long. I created a property in my model called DeliverySignature as a string and am able to save and retrieve the signature data but when I pull it back in from the database it's only about 5,000 characters long. What data type do I need to be using in my model's definition and in the action method (it's being passed in to a controller to save to the db) so that it preservers the complete string length? Thank you.
I would store it in varchar(max) column.
You can keep model property type of string as strings do not have a limited length.