QueryString value with special chars turns into a square in IE - asp.net

I'm trying to get my head around special chars from a querystring in ASP.NET. In every other browser, this works perfectly: mysite.com?s=smør, but in IE it writes the ø letter as a square.
I have searched high and low for a solution and read about Server.UrlEncode(), but Server.UrlEncode() writes this: sm%ef%bf%bdr which isn't very pleasant to read for the user either ;-)
When writing ÆØÅ anywhere on the page, it works perfect, so it must be because it's from the querystring somehow.
My code is as follows:
#* Check the searchterm querystring for null or empty value *#
if (HttpContext.Current.Request.QueryString["s"] != null && !string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["s"]))
{
string searchTerm = Server.UrlEncode(HttpContext.Current.Request.QueryString["s"]);
<span>#Server.UrlDecode(searchTerm)</span>
}
So, anyone know how to solve this?
Thanks in advance.
Edit
Made a quickfix/hack like this which works:
string rawUrl = Server.UrlDecode(HttpContext.Current.Request.RawUrl);
string searchTerm = rawUrl.Substring(rawUrl.IndexOf('=') + 1);
It's not pretty though ;-)

Related

How to convert emojis from to unicode in Xamarin.forms?

I have Xamarin.Forms project. I have textbox in that and have a button which get text from textbox and pass it to API to store. Now the point is when user select any emojis from keyboard, I want to get unicode character of the emojis. Currently I am getting emojis it self when I check Text property of it.
I want to get Unicode rather emoji as given in NewTextValue from Text property.
This post is same but I don't understand how the guy has managed. POST
Please suggest.
After some google, I have tried with following.
string res = BitConverter.ToString(Encoding.BigEndianUnicode.GetBytes(str)).Replace("-", "");
This is result res = D83DDE00
I don't know above code is unicode or not.
How can I convert back to original emoji or is there any other way to convert in unicode?
We need to manually convert it back. Insert "-" every two characters:
var convertStr = string.Join("-", Regex.Matches(res, #"..").Cast<Match>().ToList());
String[] tempArr = convertStr.Split('-');
byte[] decBytes = new byte[tempArr.Length];
for (int i = 0; i < tempArr.Length; i++)
{
decBytes[i] = Convert.ToByte(tempArr[i], 16);
}
String str = Encoding.BigEndianUnicode.GetString(decBytes);
Moreover in my test, Encoding.UTF32.GetBytes() may be closer to emoji code. You can test it with \U0001F600, this is a smile image. After converting with utf32, the bytes just change its order.

asp.net querystring

I have the following page querystring:
register.aspx?id="jSmith"
I have the following code to retrieve the value of ID
string qString = string.IsNullOrEmpty(Request.QueryString["id"]) ? string.Empty : HttpUtility.UrlDecode(Request.QueryString["id"]);
When I view the value of qString I get something like
"\"jSmith\""
so when I do the following:
if (qString == "jSmith")
{
........
}
it does not not execute the if condition. What do I need to do s that it does not have the quotes.
The code is correct.
The problem is that you are passing to the page "jSmith" with the double quotes as part of the string.
Try invoke the page this way
register.aspx?id=jSmith
That is because the correct way to give the path in this case would be register.aspx?id=jSmith, without the quotes. If you need spaces, or other special characters, in your ID, these should be URL encoded (and will be decoded by your code), but not enclosed in quotes.
For example, if your id was the string john smith, the URL would become register.aspx?id=john+smith, since + is the URL encoding of a space.
You don't need to put quotes around values in querystring, by definition they're all strings...
Your querystring should look like :
register.aspx?id=jSmith
You do not need the quotation marks in your querystring.
It should read
register.aspx?id=jSmith
You should look for
if (qString == "\"jSmith\"")
the \ is escaping the extra "
or you could perform a replace to remove the extra "
use
Response.Redirect("Qstring.aspx?name= smith");
and on the page Qstring.aspx load event
string s=Request.QueryString["name"].ToString();
gives u "smith" in s variable

Why is this looping infinitely?

So I just got my site kicked off the server today and I think this function is the culprit. Can anyone tell me what the problem is? I can't seem to figure it out:
Public Function CleanText(ByVal str As String) As String
'removes HTML tags and other characters that title tags and descriptions don't like
If Not String.IsNullOrEmpty(str) Then
'mini db of extended tags to get rid of
Dim indexChars() As String = {"<a", "<img", "<input type=""hidden"" name=""tax""", "<input type=""hidden"" name=""handling""", "<span", "<p", "<ul", "<div", "<embed", "<object", "<param"}
For i As Integer = 0 To indexChars.GetUpperBound(0) 'loop through indexchars array
Dim indexOfInput As Integer = 0
Do 'get rid of links
indexOfInput = str.IndexOf(indexChars(i)) 'find instance of indexChar
If indexOfInput <> -1 Then
Dim indexNextLeftBracket As Integer = str.IndexOf("<", indexOfInput) + 1
Dim indexRightBracket As Integer = str.IndexOf(">", indexOfInput) + 1
'check to make sure a right bracket hasn't been left off a tag
If indexNextLeftBracket > indexRightBracket Then 'normal case
str = str.Remove(indexOfInput, indexRightBracket - indexOfInput)
Else
'add the right bracket right before the next left bracket, just remove everything
'in the bad tag
str = str.Insert(indexNextLeftBracket - 1, ">")
indexRightBracket = str.IndexOf(">", indexOfInput) + 1
str = str.Remove(indexOfInput, indexRightBracket - indexOfInput)
End If
End If
Loop Until indexOfInput = -1
Next
End If
Return str
End Function
Wouldn't something like this be simpler? (OK, I know it's not identical to posted code):
public string StripHTMLTags(string text)
{
return Regex.Replace(text, #"<(.|\n)*?>", string.Empty);
}
(Conversion to VB.NET should be trivial!)
Note: if you are running this often, there are two performance improvements you can make to the Regex.
One is to use a pre-compiled expression which requires re-writing slightly.
The second is to use a non-capturing form of the regular expression; .NET regular expressions implement the (?:) syntax, which allows for grouping to be done without incurring the performance penalty of captured text being remembered as a backreference. Using this syntax, the above regular expression could be changed to:
#"<(?:.|\n)*?>"
This line is also wrong:
Dim indexNextLeftBracket As Integer = str.IndexOf("<", indexOfInput) + 1
It's guaranteed to always set indexNextLeftBracket equal to indexOfInput, because at this point the character at the position referred to by indexOfInput is already always a '<'. Do this instead:
Dim indexNextLeftBracket As Integer = str.IndexOf("<", indexOfInput+1) + 1
And also add a clause to the if statement to make sure your string is long enough for that expression.
Finally, as others have said this code will be a beast to maintain, if you can get it working at all. Best to look for another solution, like a regex or even just replacing all '<' with <.
In addition to other good answers, you might read up a little on loop invariants a little bit. The pulling out and putting back stuff to the string you check to terminate your loop should set off all manner of alarm bells. :)
Just a guess, but is this like the culprit?
indexOfInput = str.IndexOf(indexChars(i)) 'find instance of indexChar
Per the Microsoft docs, Return Value -
The index position of value if that string is found, or -1 if it is not. If value is Empty, the return value is 0.
So perhaps indexOfInput is being set to 0?
What happens if your code tries to clean the string <a?
As I read it, it finds the indexChar at position 0, but then indexNextLeftBracket and indexRightBracket both equal 0, you fall into the else condition, and then you insert a ">" at position -1, which will presumably insert at the beginning, giving you the string ><a. The new indexRightBracket then becomes 0, so you delete from position 0 for 0 characters, leaving you with ><a. Then the code finds the <a in the code again, and you're off to the races with an infinite memory-consuming loop.
Even if I'm wrong, you need to get yourself some unit tests to reassure yourself that these edge cases work properly. That should also help you find the actual looping code if I'm off-base.
Generally speaking though, even if you fix this particular bug, it's never going to be very robust. Parsing HTML is hard, and HTML blacklists are always going to have holes. For instance, if I really want to get a <input type="hidden" name="tax" tag in, I'll just write it as <input name="tax" type="hidden" and your code will ignore it. Your better bet is to get an actual HTML parser involved, and to only allow the (very small) subset of tags that you actually want. Or even better, use some other form of markup, and strip all HTML tags (again using a real HTML parser of some description).
I'd have to run it through a real compiler but the mindpiler tells me that the str = str.Remove(indexOfInput, indexRightBracket - indexOfInput) line is re-generating an invalid tag such that when you loop through again it finds the same mistake "fixes" it, tries again, finds the mistake "fixes" it, etc.
FWIW heres a snippet of code that removes unwanted HTML tags from a string (It's in C# but the concept translates)
public static string RemoveTags( string html, params string[] allowList )
{
if( html == null ) return null;
Regex regex = new Regex( #"(?<Tag><(?<TagName>[a-z/]+)\S*?[^<]*?>)",
RegexOptions.Compiled |
RegexOptions.IgnoreCase |
RegexOptions.Multiline );
return regex.Replace(
html,
new MatchEvaluator(
new TagMatchEvaluator( allowList ).Replace ) );
}
MatchEvaluator class
private class TagMatchEvaluator
{
private readonly ArrayList _allowed = null;
public TagMatchEvaluator( string[] allowList )
{
_allowed = new ArrayList( allowList );
}
public string Replace( Match match )
{
if( _allowed.Contains( match.Groups[ "TagName" ].Value ) )
return match.Value;
return "";
}
}
That doesn't seem to work for a simplistic <a<a<a case, or even <a>Test</a>. Did you test this at all?
Personally, I hate string parsing like this - so I'm not going to even try figuring out where your error is. It'd require a debugger, and more headache than I'm willing to put in.

Why are string lengths different between JavaScript and VB.NET (posted back via ASP.NET form)?

When I trim a multi-line textarea in JavaScript to a certain length (JS: .substring(0, x)), and that field is then posted back, checking the length in VB.NET will still find a length greater than the trim length from JavaScript (VB: .Length > x).
I have already determined this was a problem with line breaks, but I wanted to make sure no one else had to spend so long finding the answer (apparently it also applies to some implementations of JSP).
Somewhere in the whole ASP.NET scheme of things, a multi-line value is being massaged from the land of "\n" (vbLf) line breaks into the land of "\r\n" (vbCrLf) line breaks This difference in line breaks is the reason the lengths do not agree. Here is the simple way of addressing it in VB.NET (though a regex could probably do it to):
SomeString = SomeString.Replace(vbCrLf, vbCr)
Handling it in VB.NET opens myself up to potential duplication and would still leave it easy to miss this logic when someone adds another textarea; handling it in JavaScript could do the same thing. Is there some way to keep VB.NET/ASP.NET from handling line breaks this way or is there some better way of making this a non-issue? The answer to this best-practices question would definitely be the correct answer to this question.
The culprit seems to be an internal type in System.Web.dll; System.Web.HttpMultipartContentTemplateParser. Using Reflector, I found this code;
private bool GetNextLine()
{
int num = this._pos;
this._lineStart = -1;
while (num < this._length)
{
if (this._data[num] == 10)
{
this._lineStart = this._pos;
this._lineLength = num - this._pos;
this._pos = num + 1;
if ((this._lineLength > 0) && (this._data[num - 1] == 13))
{
this._lineLength--;
}
break;
}
if (++num == this._length)
{
this._lineStart = this._pos;
this._lineLength = num - this._pos;
this._pos = this._length;
}
}
return (this._lineStart >= 0);
}
Note some of the magic numbers, especially 10 and 13. These are vbLf and vbCr. It seems to me that this is processing the raw bytes that come in from the post, and 'a line' is considered to be anything ending with vbLf (10).
As the raw bytes are parsed (see the ParsePartData method, too) the compexities of vbcr and vblf are being cleaned out.
Ultimately, then, I think it's safe to just replace CrLF with LF again.
Welcome to the land of Unix line endings versus Windows OS based line endings.
Doesn't IIS have some sort of HTTP request filter or even a configuration option to not modify the request as it comes in? That would be the best answer.
Otherwise, search and replace is your best answer.

Regular expression to convert substring to link

i need a Regular Expression to convert a a string to a link.i wrote something but it doesnt work in asp.net.i couldnt solve and i am new in Regular Expression.This function converts (bkz: string) to (bkz: show.aspx?td=string)
Dim pattern As String = "<bkz[a-z0-9$-$&-&.-.ö-öı-ış-şç-çğ-ğü-ü\s]+)>"
Dim regex As New Regex(pattern, RegexOptions.IgnoreCase)
str = regex.Replace(str, "<font color=""#CC0000"">$1</font>")
Generic remarks on your code: beside the lack of opening parentheses, you do redundant things: $-$ isn't incorrect but can be simplified into $ only. Same for accented chars.
Everybody will tell you that font tag is deprecated even in plain HTML: favor span with style attribute.
And from your question and the example in the reply, I think the expression could be something like:
\(bkz: ([a-z0-9$&.öışçğü\s]+)\)
the replace string would look like:
(bkz: <span style=""color: #C00"">$1</span>)
BUT the first $1 must be actually URL encoded.
Your regexp is in trouble because of a ')' without '('
Would:
<bkz:\s+((?:.(?!>))+?.)>
work better ?
The first group would capture what you are after.
Thanks Vonc,Now it doesnt raise error but also When i assign str to a Label.Text,i cant see the link too.Forexample after i bind str to my label,it should be viewed in view-source ;
<span id="Label1">(bkz: here)</span>
But now,it is in viewsource source;
<span id="Label1">(bkz: here)</span>

Resources