how to filter html in json response for xss securing your application??
We have a application where we send html in response, so how to escape this html to show and How to prevent the execution of the HTML tags in response.
Related
I am using default cache setting which is 24hours.
However, when I refresh the page, I see updated html page every time. Why the file is not cached for 24hrs. I didn't set any invalidation mechanism.
Here's the URL: https://dhr5io29ip73w.cloudfront.net/
html file content:
<html>
<h1>Test</h1>
<p id='myTime'></p>
<script>
var d = new Date().toLocaleTimeString();
document.getElementById('myTime').innerHTML = d;
</script>
</html>
Your page includes JavaScript. The JavaScript code runs in the web browser. That means each time you load the page, your web browser executes those JavaScript statements in the <script> tag which includes updating the page with the current time.
CloudFront just caches the raw HTML of the page. It doesn't cache the rendered result.
I have Django backend and Nextjs frontend.
When I try to render
content = models.TextField() from my Django backend to Nextjs frontend <p>{data.content}</p> , I get following rendered:
<p>first first&nbs</p>
I use django_summernote as the editor. Django has | safe method, that escapes rendering HTML, but I don't know what to use for NextJS. Any help is appreciated
To escape html tags in next js and safely render HTML from API with styles in page. So you have to do that add the following code:
<div dangerouslySetInnerHTML={{ __html: data.content }}></div>
I have an http api that give me html response, and I want to "preview" it.
But there is some javascript code in it, and without execute them, it won't give me the right page.
I currently manually copy & paste them in some aaa.html file and use chrome to open it(file://aaa.html), but I want to simplified those steps.
Is there anyway to do that in postman? or is there any postman alternative can do that?
There is an alternative to do this in Postman itself. You will have to use pm.visualizer. Just open your API request which is giving you the HTML response. Then go to the Test tab, add the lines below, and then click on the Visualize tab:
// save your html response in the template and then
const template = pm.response.text();
// set that template to pm.visualizer
pm.visualizer.set(template);
From Postman official documentation
Postman provides a programmable way to visually represent your request responses. Visualization code added to the Tests for a request will render in the Visualize tab for the response body, alongside the Pretty, Raw, and Preview options.
You need add to the Tests for a request:
var template = pm.response.text();
pm.visualizer.set(template);
and see result on the Visualize tab (after Pretty, Raw, and Preview options).
Postman result HTML with JS and CSS
To fix the error:
Refused to load the image 'file:///C:/some.png' because it violates the following Content Security Policy directive: "img-src http: https: data:".
if the content simply does not find (404 Not Found) it along a similar path 'file:///C:/some.file'
need to add the HTML tag to the section of the response body:
var response = pm.response.text();
var base = '<base href="https://some.domain/">";
var template = response.replace('<head>', '<head>' + base);
pm.visualizer.set(template);
this answer also solves the question in this comment.
For more information:
Postman Visualizing responses
HTML <base> tag in MDN Web Docs
I am facing the issue to download/render the blob response in visualforce page with iframe or other alternatives. But i have no luck with any of them. Can any one suggest on this to render/download the blob response as pdf in visualforce page.Got the blob response and parsed it to String as below.
HttpResponse res = http.send(r);
pdfContent = res.getBodyAsBlob(); //Blob property
pdf = EncodingUtil.Base64Encode(pdfContent);//String property
Below is the visualforce code:
<apex:page doctype="html-5.0" controller="ViewDocument" id="thePage" >
<apex:outputPanel id="benefit" rendered="{!showDocument}">
<iframe src="data:application/pdf;base64,{!pdf}" id="theFrame1" width="0%" height ="0%" border="0" scrolling="no" frameborder="0"/>
</apex:outputPanel>
</apex:page>
Instead of EncodingUtil.Base64Encode(pdfContent) try Blob.toPDF(pdfContent).
I am trying to have a HTML form post a file to a Asp .Net Web service method. Everything seems to work but there is no form or files on the request object in the web method. any ideas?
Html Form
<form id="formPost" action="service/Post" enctype="multipart/form-data" method="post">
Post File <input id="uploadfile" type=file />
<input type=submit value="Post" />
</form>
Web service
[WebMethod]
public void Post()
{
// file collection of uploaded files in the http context
HttpFileCollection Files = this.Context.Request.Files;
// always 0 and no form either
if (Files.Count > 0)
{}
}
You cannot post to a SOAP web service method using html form. When you submit the form data is encoded using multipart/form-data while a web service expects a SOAP envelope and text/xml content type. In order to invoke the web service you will need to generate a proxy class from the WSDL and use this proxy class to call the desired method.