Is it possible to read Evernote content without having to authenticate? - evernote

What is the easiest, lowest-friction method to read a note programmatically in Evernote? Given that you can share notes by simply generating a unique URL to them, I find it curious that you can't do this programatically as well.
Put another way, I can read notes from my browser without having to authenticate to Evernote. Can I do this programmatically as well? If I have a URL with GUID, can I use this to request the note via code and read it that way?
I attempted to do this -- to use the "Share" URL to read the note. It didn't work, for some reason. When requested programmtically, I was getting 404s for some reason, which makes me think Evernote has some safeguards against using it in this method.
Is there a way to do this -- to read note content via some service without having to authenticate?

Well actually you can. You just need to use the getNote method with an empty string as the first argument (auth token).

Related

How to programmatically upload files to Maniphest ticket using Conduit?

i can't find the documentation anywhere for how to actually use the Conduit API. I'm able to create a task using some really weird methods, but once i create the ticket, i can't find any documentation about how to actually upload a file anywhere.
i tried looking at:
https://secure.phabricator.com/conduit/method/maniphest.createtask/
and i get so confused on how this actually works. what actually is this?
I think you need to upload the File separately through the file.upload conduit method, then use an {Fnnn} reference in the Task or Comment text to link to it. I presume when file.upload says it returns a GUID, it means a PHID, so you'll also need to use file.info to get the id to use in place of the nnn in the reference text.

how to handle download request from a WebView using WebResourceRequestFilter blackberry Cascades

i want to handle any download request coming from Webview. how it is possible ? the documentation https://developer.blackberry.com/native/reference/cascades/bb__cascades__webresourcerequestfilter.html and https://developer.blackberry.com/native/reference/cascades/bb__cascades__webdownloadrequest.html are describing the parameters but couldn't figure out how to do it.
Your question is not clear on what you don't understand. Remember this is not a training forum, the idea is that you should try things, review the documentation and then ask specific questions to get the best out of a forum.
Moreover it is not clear whether you are trying to handle the download request at the Server, or capture the request before the download attempt leaves the BB.
I'm going to assume you want to display a web page on the BlackBerry but make sure that any resource requests that the page generates, are filtered by your program, so that you can supply the data (assuming you have it).
I implemented something like this a while ago and remember that it was not simple to figure out what was going on, but I played with it a bit and it all made sense.
I don't remember using WebDownloadRequest and can't really see how it helps in this case.
The key is WebResourceRequestFilter. You create your own WebResourceRequestFilter making sure you implement the required methods. Then you use WebPage::setNetworkResourceRequestFilter(WebResourceRequestFilter*) to make sure the webpage will ask your WebResourceRequestFilter for its resources. The first method the web page invokes is filterResourceRequest(), and the return from this invocation determines which other methods in your WebResourceRequestFilter, the Webage will invoke.
I suggest you implement a WebResourceRequestFilter, put some debugging in filterResourceRequest(), but always return FilterAction Accept, which means the web page will use its normal processing to obtain the resources. Then try various other FilterAction return values and see what happens...

Firebase Security rule to restrict up to some characters of a string

How to restrict user to save string that is above some limit?
I am getting Invalid property access: target is not an object if try to validate in security rules with length property of a string.
The Firebase Security Rules now support a length property for strings, as well as several other string methods including replace(), contains(), toUpperCase(), toLowerCase(), etc.
See https://firebase.google.com/docs/reference/security/database/#string_properties for more information.
The syntax you can use in rules are detailed here.
Unfortunately, being able to perform string operations (match, length, etc) are not available at this time. SEE ROB'S ANSWER BELOW, THIS FEATURE IS NOW AVAILABLE
I know this is at least on the Firebase radar because I requested a similar feature some time ago.
If you explain the exact details of what you want to solve, it will allow for a much more specific answer; for now I'll give you some general ideas.
Use a privileged app
Monitor Firebase with a privileged application and whenever a value is written to the specific fields you need string validation on, check it manually and delete it if invalid.
Naturally, client validation will take care of all valid use cases. So this is only needed to prevent malicious insertions.
Alternately, you can approach this more as an audit. Just email any invalid strings to some address to be reviewed. Since the client is going to make sure the string is valid before insertion, you are once again just looking at bugs or malicious behaviors.
Delegate writing to an API
Instead of letting the client write privileged data, send it to an API and have the API write that data--making it read only to the client.
Don't worry about it
Do you really need to validate the length? Is it sufficient to simply look and see if it's a string? Is it really a concern that someone would "hack" the contents of a string? Probably not. It could be, but probably not.
And if it is a concern, can it be solved by another avenue? If there is a server involved, just use the process outlined above.

Can anyone provide a good info on the various uses of hash(#) in urls?

I'm developing a software, which is going to provide in-deep information about url's.
While the get-params are simple, I'm having trouble with the hash.
At first it was used to mark places in the document to navigate to, but we're past that now. I've seen JS engines using it to store params similar to the get strings.
So, here's my question: is everything that comes after a hash free game, or are there any conventions about what it should look like?
Try these sites it could help. Fragment Identifier, Wikipedia or Pound Sign, Google
It's got a list of examples you could use.
It all depends on what you need. Hashes are used in modern web applications that make use of asynchronous calls to the server using ajax. This e.g. allows the user to copy the link and receive the same content after pasting (actions taken are put into hash which changes the url which otherwise would remain static).
You want to read http://www.jenitennison.com/blog/node/154

So why should we use POST instead of GET for posting data? [duplicate]

This question already has answers here:
Closed 13 years ago.
Possible Duplicates:
How should I choose between GET and POST methods in HTML forms?
When do you use POST and when do you use GET?
Obviously, you should. But apart from doing so to fulfil the HTTP protocol, are there any reasons to do so? Less overhead? Some kind of security thing?
because GET must not alter the state of the server by definition.
see RFC2616 9.1.1 Safe Methods:
9.1.1 Safe Methods
Implementors should be aware that the
software represents the user in their
interactions over the Internet, and
should be careful to allow the user to
be aware of any actions they might
take which may have an unexpected
significance to themselves or others.
In particular, the convention has been
established that the GET and HEAD
methods SHOULD NOT have the
significance of taking an action other
than retrieval. These methods ought to
be considered "safe". This allows user
agents to represent other methods,
such as POST, PUT and DELETE, in a
special way, so that the user is made
aware of the fact that a possibly
unsafe action is being requested.
If you use GET to alter the state of the server then a search engine bot or some link prefetching extension in a web browser can wreak havoc on your site and (for example) delete all user data just by following links to your site.
There is a nice paper by the W3C about this: URIs, Addressability, and the use of HTTP GET and POST.
1.3 Quick Checklist for Choosing HTTP GET or POST
Use GET if:
The interaction is more like a question (i.e., it is a safe operation such as a query, read operation, or lookup).
Use POST if:
The interaction is more like an order, or
The interaction changes the state of the resource in a way that the user would perceive (e.g., a subscription to a service), or
The user be held accountable for the results of the interaction
Because, if you use GET to alter state, Google can delete your stuff.
When do you use POST and when do you use GET?
How should I choose between GET and POST methods in HTML forms?
If you accept GETs to perform write operations then a malicious hacker could inject somewhere links to perform an unauthorized operation. Your user clicks on a link - and something is deleted from a database. Or maybe some amount of money is transferred away from the user's account if he's still logged in to their online banking.
http://superbank.com/TransferMoney?amount=1000&recipient=2342524
Send a malicious email with an embedded image referencing this link, and as soon as the document is opened, something funny has happened behind the scenes.
GET is limited by the length of URL the browser/server can handle. This used to be as short as 256 characters.
There is atleast one situation where you want a GET to change data on the server. That is when a GET returns data, and you need to record which data was given to a user and when it was given.
If you use complex data types then it must be in a POST it cannot be in a GET. For example testing a WCF web service in a browser can only be done when the contract uses simple data types.
Using GET and POST where it is expected helps to keep your program understandable.
When you use POST, you can see the information being "posted" in the address-bar of the web browser. This is [apparently] not the case when you use the GET method.
This article was somewhere on http://www.w3schools.com/ Once I've found the exact page it was on, I'll repost. :-)

Resources