How to deal with this code ?
Data is read from document.location and passed to $() via the following statements:
var url = document.location.toString();
$('.nav-tabs a[href="#' + url.split('#')[1] + '"]').tab('show');
The question is this case would be what could come after the # in the URL. Most browsers will URL-encode special chars, but there may still be ways to get around it, especially in legacy browsers.
Regardless of that, I think it's a good idea to validate data before you use it. If you can restrict the accepted values to let's say a-z (and possibly numbers and dashes), there shouldn't be a way to exploit it.
var tab = document.location.toString().split('#')[1];
if (tab && !/[^a-zA-Z0-9]/.test(tab)) $('.nav-tabs a[href="#' + tab + '"]').tab('show');
Related
I want to pass into a variable, the language of the user.
But, my client can't/didn't pass this information trough datalayer. So, the unique solution I've is to use the URL Path.
Indeed - The structure is:
http://www.website.be/en/subcategory/subsubcategory
I want to extract "en" information
No idea to get this - I check on Stack, on google, some people talk about regex, other ones about CustomJS, but, no result on my specific setup.
Do you have an idea how to proceed on this point ?
Many thanks !!
Ludo
Make sure the built in {{Page Path}} variable is enabled. Create a custom Javascript variable.
function() {
var parts = {{Page Path}}.split("/");
return parts[1];
}
This splits the path by the path delimiter "/" and gives you an array with the parts. Since the page path has a leading slash (I think), the first part is empty, so you return the second one (since array indexing starts with 0 the second array element has the index 1).
This might need a bit of refinement (for pages that do not start with a language signifier, if any), but that's the basic idea.
Regex is an alternative (via the regex table variable), but the above solution is a little easier to implement.
This a question I've solved and wanted to post in Q&A style because I think more people could use the solution. Or maybe improve the solution, show where it breaks.
The problem
You wanna do something with quoted strings and/or comments in a body of text. You wanna extract them, highlight them, what have you. But some quoted strings are inside comments, and sometimes comment-characters are inside strings. And strings delimiters can be escaped, and comments can be line-comments or block comments. And when you thought you had a solution somebody complains that it doesn't work when there's a regex-literal in his JavaScript. What do?
Concrete example
var ret = row.match(/'([^']+)'/i); // Get 1st single quoted string's content
if (!ret) return ''; /* return if there's no matches
Otherwise turn into xml: */
var message = '\t<' + ret[1].replace(/\[1]/g, '').replace(/\/#(\w+)/i, ' $1=""') + '></' + ret[1].match(/[A-Z_]\w*/i)[0] + '>';
alert('xml: \'' + message + '\''); /*
alert("xml: '" + message + "'"); // */
var line = prompt('How do line-comments start? (e.g. //)', '//');
// do something with line
This code is nonsense, but how do I do the right thing in each of the cases of the above JavaScript?
The only thing I found that comes close is this: Comments in string and strings in comments where Jan Goyvaerts himself answered with a similar approach. But that one doesn't handle apostrophe-escaping yet.
I've broken the regex into 4 lines corresponding with the 4 paths in the graph, don't keep those line-breaks in there if you ever use this.
(['"])(?:(?!\1|\\).|\\.)*\1|
\/(?![*/])(?:[^\\/]|\\.)+\/[igm]*|
\/\/[^\n]*(?:\n|$)|
\/\*(?:[^*]|\*(?!\/))*\*\/
Debuggex Demo
This code grabs 4 types of "blocks" that can contain the other 3. You can iterate through this and do with each one whatever you want or discard it because it's not the one you wanna do anything to.
This one is specific for JavaScript as it's a language I'm familiar with. But you could easily adapt this to the language of your preference.
Anyone see a way in which this code breaks?
Edit I have since been notified that the general pattern is described very well here: https://stackoverflow.com/a/23589204/2684660, neato!
I have looked at multiple solutions here for similar tasks, and tried them in different ways.
Essentially, I have a cells with long, somewhat similar strings of text, and I want to isolate specific text markers in order to be able to split on those markers. The specific string I am looking for is "MHPP" and I want to replace it with "][MHPP " so I can used the split function to split on the "]".
I was able to get it to work by manually Finding and Replacing (CTRL+F and selecting parameters for the replace), but I want to be able to script it because I won't be the one running the script and need to simplify the process for low-information users.
Using =replace(find("MHPP"),7,"][MHPP ") only finds the first instance of the find value, and there may be multiple usages of the term throughout the cell.
Any suggestions? I suppose there might be a way to write the cell to a string, and replace within the array, but the logic of that process is escaping me at the moment.
I'm not asking for the entire code. I can activate the sheet, get the range, and work from there, but I just don't know how to write the specific function findAndReplace() that would actually locate all repetitions of the string and replace them all.
I'm also open to importing the .csv into a different format, running a function there, and returning it back out to a .csv, but that hasn't proven to be very fruitful either in my searches.
Thanks for any guidance you can offer to get me on the right path.
You can use the replace string function on every cell in a global iteration of your sheet, do that at array level to keep it fast and simple.
The code itself can be very short and straightforward like this :
function myFunction() {
var sh = SpreadsheetApp.getActive();
var data = sh.getDataRange().getValues();// get all data
for(var n=0;n<data.length;n++){
for(var m=0;m<data[0].length;m++){
if(typeof(data[n][m])=='string'){ // if it is a string
data[n][m]=data[n][m].replace(/MHPP/g,'][MHPP');// use the regex replace with /g parameter meaning "globally"
}
}
}
sh.getDataRange().setValues(data);// update sheet values
}
This could be improved to take care of certain situations where the script would be executed twice (or more) to prevent replacement if '][' is already present... I'll let you manage these details.
I'm writing a simple website and I appreciate my responsibility to avoid my site being used for XSS however I don't really want to spend much time on a detailed or heavy weight solution. If I was to simply ban a list of characters (that people weren't going to need to describe their favourite sausage anyway) what is the smallest list I could get away with?
Users still need the ability to write a paragraph of plain text. So I'll need to keep at least:
' " , . ; : - ( )
in the hope that some of the less grammatically challenged users can apply them accurately. I was going to start with < and > but searching indicated that, on it's own, isn't necessarily enough.
Just because you need to keep
' " , . ; : - ( )
Doesn't mean you need to keep them as those literal characters. Convert all special characters to their HTML entities (e.g. convert all < to <
You probably shouldn't just ban characters. Instead prefer to HTML escape any input before outputting it back to the user. See OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet.
You haven't mentioned the server platform you're working with (.NET, Java, PHP, etc.), and each has slightly different ways of dealing with XSS. However, there are two constants:
Always validate your input against a white-list. Don't define what you won't allow, rather define what you will allow.
Always encode your output and do so for the correct language. Most platforms have libraries to do this for you (i.e. AntiXSS for ASP.NET)
More info on understanding XSS in greater depth here: OWASP Top 10 for .NET developers part 2: Cross-Site Scripting (XSS)
It's a bit late, but I'm disappointed in myself for not coming up with something more elegant. Anyone have a better way to do this...
When you pass an OAuth code to Facebook, it response with a query string containing access_token and expires values.
access_token=121843224510409|2.V_ei_d_rbJt5iS9Jfjk8_A__.3600.1273741200-569255561|TxQrqFKhiXm40VXVE1OBUtZc3Ks.&expires=4554
Although if you request permission for offline access, there's no expires and the string looks like this:
access_token=121843224510409|2.V_ei_d_rbJt5iS9Jfjk8_A__.3600.1273741200-569255561|TxQrqFKhiXm40VXVE1OBUtZc3Ks.
I attempted to write a regex that would suffice for either condition. No dice. So I ended up with some really ugly Ruby:
s = s.split("=")
#oauth = {}
if s.length == 3
#oauth[:access_token] = s[1][0, s[1].length - 8]
#oauth[:expires] = s[2]
else
#oauth[:access_token] = s[1]
end
I know there must be a better way!
Split on the & symbol first, and then split each of the results on =? That's the method that can cope with the order changing, since it parses each key-value pair individually.
Alternatively, a regex that should work would be...
/access_token=(.*?)(?:&expires=(.*))/
If the format is strict, then you use this regex:
access_token=([^&]+)(?:&expires=(.*))?
Then access_token value is in \1, and expires, if there's any, will be in \2.
Query string parsing usually involves these steps:
If it is a complete URL, take the part after the first ?
split the rest on &
for each of the resulting name=value pairs, split them on =
URL-decode to the value and the name (!)
stuff the result into a data structure of your liking
Using regex is possible, but makes invalid assumptions about the state of URL-encoding the string is in and fails if the order of the query string changes, which is perfectly allowed and therefore cannot be ruled out. Better to encapsulate the above in a little parsing function or use one of the existing URL-handling libraries of your platform.