html parsing using jsoup and coldfusion - coldfusion

This is the continuation of my previous question. Below is the script I am trying to build to parse HTML which looks like the example below. I am getting the error Value must be initialised before use. Not able to attached the error.
I have to make a http call using jsoup where I need to provide username and password for the server login. Is the below code right way to do it? I looked at the Bennals blog for html parsing using jsoup.
I have this in my Application.cfc
component {
this.name = "jsoupTest";
this.javaSettings = {loadPaths=["/jsoup/jsoup-1.7.3.jar"], loadColdFusionClassPath=true};
}
Example of the HTML to be parsed
Note there are at least 5000 rows like below which need to be parsed and extract only the TEXT from the TD.
<tbody>
<tr>
<td class="drpdetailtablerowdetailleft">Robert M Best Jr.</td>
<td class="drpdetailtablerowdetailleft">AAI</td>
<td class="drpdetailtablerowdetail">7948</td>
<td class="drpdetailtablerowdetail">1</td>
<td class="drpdetailtablerowdetail">MC</td>
<td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td>
</tr>
</tbody>
<tbody>
<tr>
<td class="drpdetailtablerowdetailleft">Robert M Best Jr.</td>
<td class="drpdetailtablerowdetailleft">ABWS</td>
<td class="drpdetailtablerowdetail">4884</td>
<td class="drpdetailtablerowdetail">4</td>
<td class="drpdetailtablerowdetail">NMC</td>
<td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td> <td class="drpdetailtablerowdetail">Compliant</td>
</tr>
</tbody>
Updated Code to be used
<cfhttp url="https://intra.att.com/itscmetrics/EM2/LTMR.cfm" method="get" username="abc" password="zxyr">
<cfhttpparam type="url" name="LTMX" value="Andre Fuetsch / Shelly K Lazzaro">
</cfhttp>
<cfset jsoup = createObject("java", "org.jsoup.Jsoup") />
<cfset document = jsoup.parse(myPage.filecontent) />
<cfset content = doc.getElementById("contentwrapper")>
<!--- Let's see what we got. --->
<cfdump var="#content#" />

The myPage variable is being declared for the first time in your parse command.
I think you need to add result="myPage" to your cfhttp call.
<cfhttp result="myPage" url="https://intra.att.com/itscmetrics/EM2/LTMR.cfm" method="get" username="abc" password="zxyr">

It looks like the reason it is not working is because you have not called the constructor on the Jsoup class.
Try changing this line
var jSoupClass = createObject( "java", "org.jsoup.Jsoup" ).init(); // note calling init calls the constructor for the Java class

Did you install your jar file correctly?
ColdFusion searches for the objects in the following order:
The ColdFusion Java Dynamic Class Load directories:
Java archive (.jar) files in web_root/WEB-INF/lib
Class (.class) files in web_root/WEB-INF/classes
Quoted from : About ColdFusion, Java, and J2EE
So copy your jar file to web_root/WEB-INF/lib, restart CF, and try again.

Related

How to output a message when query result is [empty string] in ColdFusion?

I have a query written in a stored procedure and the data is dumping just fine. Some of the results return [empty string] and in those cases, I'm trying to output a different message. Here's what I have thus far:
Looping through the query:
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">#dateFormat(Last_Logon, 'mmm dd, yyyy')#</td>
</tr>
</cfloop>
At the top of the page, I'm running this cfif statement.
<cfif #inactiveAdmins.Last_Logon# eq "">
Never Logged On
<cfelse>
#inactiveAdmins.Last_Logon#
</cfif>
But, in my output, I'm still getting a display with no message.
When I try to run the condition inside the loop, I get the following:
Is this supposed to be inside your table? Make sure you wrap it inside a tr and td.
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">#(Len(Last_Logon) ? dateFormat(Last_Logon, 'mmm dd, yyyy') : 'Never Logged On')#</td>
</tr>
</cfloop>
Or the long form:
<cfloop query="#inactiveAdmins#">
<tr>
<td class="text-left">#Admin_Name#</td>
<td class="text-left">#Dept_Name#</td>
<td class="text-left">#Acad_Lead#</td>
<td class="text-left">#Acad_Lead_Email#</td>
<td class="text-right">
<cfif Len(Last_Logon)>
#dateFormat(Last_Logon, 'mmm dd, yyyy')#
<cfelse>
Never Logged On
</cfif>
</td>
</tr>
</cfloop>

cfdocument issue - cfdocument has no body

I am working with Coldfusion10 and am facing this error:
The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
cfdocument tag has no body.
It must have a body or a source file or URL.
I checked the website and detected that cfsettings is not defined at the top or anywhere which can cause this issue, I am using it as
<cfdocument format="pdf">
<cfdocumentsection>
<cfdocumentitem type="header"></cfdocumentitem> - Footer is used too
</cfdocumentsection>
I tried using evalAtPrint= true but still no success. Am I missing something here?
Make sure you are actually putting in at the end. I'm assuming you just missed this here.
Otherwise everything seems to align up with the Wiki Docs.
I would suggest two things.
Verify you are using ColdFusion 11 Update 3. Update 3 was a major update and may have addressed this issue.
If you are using update 3, open a bug at bugbase.adobe.com
The error message you included in your question indicates that there is no content between your <cfdocument> tags. The code that you included corroborates that. If this is not your actual code then we cannot be of much help.
You need to include the content that you would like to be converted into PDF between the <cfdocument> tags. You need something like this:
<cfquery datasource="cfdocexamples" name="empSalary">
SELECT Emp_ID, firstname, lastname, e.dept_id, salary, d.dept_name
FROM employee e, departmt d
WHERE e.dept_id = d.dept_id
ORDER BY d.dept_name
</cfquery>
<cfdocument format="PDF">
<cfoutput query="empSalary" group="dept_id">
<cfdocumentsection>
<cfdocumentitem type="header">
<font size="-3"><i>Salary Report</i></font>
</cfdocumentitem>
<cfdocumentitem type="footer">
<font size="-3">Page #cfdocument.currentpagenumber#</font>
</cfdocumentitem>
<h2>#dept_name#</h2>
<table width="95%" border="2" cellspacing="2" cellpadding="2" >
<tr>
<th>Employee</th>
<th>Salary</th>
</tr>
<cfset deptTotal = 0 >
<!--- inner cfoutput --->
<cfoutput>
<tr>
<td>
<font size="-1">#empSalary.lastname#, #empSalary.firstname#</font>
</td>
<td align="right">
<font size="-1">#DollarFormat(empSalary.salary)#</font>
</td>
</tr>
<cfset deptTotal = deptTotal + empSalary.salary>
</cfoutput>
<tr>
<td align="right"><font size="-1">Total</font></td>
<td align="right"><font size="-1">#DollarFormat(deptTotal)#</font></td>
</tr>
<cfset deptTotal = 0>
</table>
</cfdocumentsection>
</cfoutput>
</cfdocument>
Copied from the ColdFusion documentation here

checking the existence while printing value in a table

I am displaying results in a table after looping through a query. For TestNumber, there are some results in my query where the number is not present and
hence I want to display N/A instead of just blank in the table. So, I am checking the existence
using IsDefined, but for some reason it keeps on printing N/A everytime.
<cfloop query="GetMyList1">
<tr>
<td align="center">#TestName#</td>
<cfif IsDefined(TestNumber) >
<td align="center">#TestNumber#</td>
<cfelse>
<td align="center">N/A</td>
</cfif>
<td align="center">#Date#</td>
</tr>
</cfloop>
You would want to check if there is a length of the item. The field exists, so isDefined will always return true
<cfloop query="GetMyList1">
<tr>
<td align="center">#GetMyList1.TestName#</td>
<td align="center"><cfif len(trim(GetMyList1.TestNumber))>#GetMyList1.TestNumber#<cfelse>N/A</cfif></td>
<td align="center">#GetMyList1.Date#</td>
</tr>
</cfloop>

Legacy Site vulnerable to XSS Attack [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I'm experiencing XSS in a legacy site.
The Parameter vulnerable to this attack is: ldapSearch.jsp?f=
After adding the XSS payload to check whether it is vulnerable or not: "><img src=x onerror=prompt(0);>
The URL will look like:
http://idenservices.hostname.com/axrac/ldapSearch.jsp?f=%22%3E%3Cimg%20src=x%20onerror=prompt%280%29;%3E
The XSS pop up comes up and proves that the site is vulnerable to XSS attacks.
Snippet from JSP
<tr>
<td class="required">*</td>
<td class="label"><h3>Enter User's Core ID</h3></td>
<td class="field"><input type="text" name="userid" size="25" maxlength="20" onkeypress="return isAlphaNumberKey(event)" onblur="return LowerCaseAlphanumeric(document.getElementById('userid'));">Lookup User</td>
</tr>
Snippet from JS
function userlookup(fieldName, formName)
{
var uri = "/axrac/ldapSearch.jsp?f=" + formName + "&f1=" + fieldName;
msgWindow=open(uri,'lookup','width=600,height=400,resizable=yes,toolbar=no,menubar=no,location=no,directories=no,status=no');
msgWindow.focus();
}
Adding ldapsearch.jsp
<%
String backFieldName = request.getParameter("f1");
String backFormName = request.getParameter("f");
%>
<table width="100%" cellpadding="0" cellspacing="0" border="0" class="PageSubHeader1">
<tr class="bg">
<td class="flag"> </td>
<td class="banner" width="100%"><h2>LDAP Search</h2></td>
</tr>
</table>
<table cellpadding="0" cellspacing="0" border="0" class="PageIntroduction">
<tr>
<td class="copy">
<br/>When searching for a person by their name, please provide 2 or more letters for their first and last name.
If less than 2 letters are entered for both fields or if one field is empty, the search may not return any results.
</td>
</tr>
</table>
<p class="HorizontalRule"></p>
<form action='ldapSearchResults.jsp' method='post'>
<input type="HIDDEN" name="backFieldName" value="<%=backFieldName%>">
<input type="HIDDEN" name="backFormName" value="<%=backFormName%>">
<table width="100%" cellspacing="0" border="0" class="Forms">
<tr>
<td class="required">*</td>
<td class="instruction" colspan="2"><h2>Indicates required field</h3></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>First Name</h3></td>
<td class="field"><input type=text name='firstName' size="20"></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>Last Name</h3></td>
<td class="field"><input type=text name='lastName' size="20"></td>
</tr>
<tr>
<td> </td>
<td class="label" colspan="2"><h3>- Or -</h3></td>
</tr>
<tr>
<td class="required">*</td>
<td class="label"><h3>Core ID</h3></td>
<td class="field"><input type=text name='coreID' size="20"></td>
</tr>
</table>
<p class="HorizontalRule"></p>
<table width="100%" cellpadding="0" cellspacing="0" border="0" class="Buttons">
<tr>
<td><input type="submit" class="systemButton1" value="Submit Form" id="Submit"> <input type="reset" class="systemButton2" value="Reset Form" id="Reset"></td>
</tr>
</table>
</form>
</body>
</html>
I do not see any issue with JavaScript, but still it is prone to XSS attack.Need help in understanding why it is vulnerable and what should I do to fix this.
Need help in understanding why it is vulnerable
You take user input here:
String backFieldName = request.getParameter("f1");
Then your output it, without modification, here:
<input type="HIDDEN" name="backFieldName" value="<%=backFieldName%>">
(You do the same with other data too, but we'll use this for the example).
This allows anyone to craft a link that contains a "> followed by any HTML (including <script> elements or a Payment Required form) they want, send it to someone, and then have their HTML appear on your site when that person follows the link.
and what should I do to fix this.
Either convert any characters with special meaning in HTML to their respective entities, or run the data through a whitelist to filter out potentially bad input.
Further reading: OWASP XSS Prevention Cheat Sheet

JQuery - Problem with selectors (siblings, parents...)

I got a coldfusion query where the result is grouped on country names. With a click on this one, I try to open or close the list under the country. But i cannot work correctly with this siblings and this parents. The result is, if i click on a country name, the fourth one, for example, it close all childrens, and the three country name which are before too.
Can someone help me to choose the right selectors ?
Thank you in advance ,
Michel
The code:
<script type="text/javascript" language="javascript">
$(document).ready(function(){
var toggleMinus = '<cfoutput>#variables.strWebAddress#</cfoutput>/images/bullet_toggle_minus.png';
var togglePlus = '<cfoutput>#variables.strWebAddress#</cfoutput>/images/bullet_toggle_plus.png';
var $subHead = $('table#categorylist tbody th:first-child');
$subHead.prepend('<img src="' +toggleMinus+ '" alt="collapse this section" /> ');
$('img', $subHead).addClass('clickable').click(function(){
var toggleSrc = $(this).attr('src');
if(toggleSrc == toggleMinus){
$(this).attr('src',togglePlus).parents('.country').siblings().fadeOut('fast');
}else{
$(this).attr('src',toggleMinus).parents('.country').siblings().fadeIn('fast');
}
});
});
</script>
<table width="95%" border="0" cellspacing="2" cellpadding="2" align="center id="categorylist">
<thead>
<tr>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_CODENUMBER">
</th>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_CODE">
</th>
<th class="text3" width="55%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTOR_NAME">
</th>
<th class="text3" width="15%">
<cfmodule template="../custom_tags/get_message.cfm" keyName="L_ACTIVE">
</th>
</tr>
</thead>
<tbody id="content">
<cfoutput query="qryCategoryUrl" group="country_name" groupcasesensitive="false">
<tr class="country">
<th style="font-weight:bold; text-align:left;" colspan="4">#country_name#</th>
</tr>
<cfoutput>
<tr>
<td valign="top" class="text3">#Replace(ACTOR_CODENUMBER, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3">#Replace(ACTOR_CODE, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3">#Replace(ACTOR_NAME, Chr(13) & Chr(10), "<br>", "ALL")# </td>
<td valign="top" class="text3"><cfmodule template="../custom_tags//get_message.cfm" keyName="#ACTIVE_display(qryCategoryUrl.ACTIVE)#"></td>
</tr>
</cfoutput>
</cfoutput>
</tbody>
</table>
Instead of:
.parents('.country').siblings().fadeOut('fast');
Try this:
.closest('.country').nextUntil('.country').fadeOut('fast');
And of course, apply the same change to the .fadeIn(). You might also look into .fadeToggle()docs.
Here's a (reduced) example: http://jsfiddle.net/redler/5sqJz/. While it doesn't affect the example, presumably you would be setting the initial state of those detail rows as hidden.
woah all that cfmodule usage, cfmodule can be a memory hog.
Although what I always recommend is that people try their pages in whatever browser, and use the SelectorGadget bookmarklet at http://www.selectorgadget.com/
This makes it easier to test and check the correct selector, for your app needs.