js form stripslashes function has errors


J

JRough

Somehow when I send the url to the javascript form to get converted to
a post , something adds a %22 to all the parenthesis in my serialized
string unless I escape it. So here is the string escaped. If I allow
the parens to turn into %22 then php can't unserialize it.

file:///Tiger_HD/Library/WebServer/Documents/clientsidepost2.html?q=a:3:{i:0;s:49:\"44502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\";i:1;s:50:\"3537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\";i:2;s:58:\"931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\";}

So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
Error: Permission denied to call method Location.toString
Source File: http://ds.serving-sys.com/BurstingCachedScripts/ebBanner_3_0_50.js
Line: 1
Error: Permission denied to call method Location.toString
Error: Permission denied to call method Location.toString
Error: str.replace is not a function
Source File:
file:///Tiger_HD/Library/WebServer/Documents/clientsidepost2.html?q=a:3:{i:0;s:49:\%2244502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\%22;i:1;s:50:\%223537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\%22;i:2;s:58:\%22931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\%22;}
Line: 21

Can you tell me how to fix the stripslashes function?tnx,

---clientsidepost.html--------------------

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type"

content="text/html; charset=iso-10646-1">
<title>Get to Post Proxy</title>
<script type ="text/javascript">

function Get2Post() {
var frm = document.forms['pgform'];
var q = window.location.search.substring(1).split('=');
stripslashes(q);
frm.elements['q'].value = decodeURIComponent(q[1]);

document.write(q);
frm.submit();

}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
str=str.replace(/\\"/g,'"');
str=str.replace(/\\0/g,'\0');
str=str.replace(/\\\\/g,'\\');
return str;
}

window.onload = Get2Post;


</script>

</head>
<body>
<form name="pgform"
action="http://99.20.131.64/pooglemap2.php"
method="post">
<input type="hidden" name="q">
</form>

</body>
</html>
 
Ad

Advertisements

T

Thomas 'PointedEars' Lahn

JRough said:
Somehow when I send the url to the javascript form to get converted to
a post , something adds a %22 to all the parenthesis in my serialized
string unless I escape it. So here is the string escaped. If I allow
the parens to turn into %22 then php can't unserialize it.

file:///Tiger_HD/Library/WebServer/Documents/clientsidepost2.html?q=a:3: {i:0;s:49:\"44502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\";i:1;s:50:
\"3537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\";i:2;s:58:
\"931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\";}

So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
Error: Permission denied to call method Location.toString
Source File:
http://ds.serving-sys.com/BurstingCachedScripts/ebBanner_3_0_50.js Line: 1
Error: Permission denied to call method Location.toString
Error: Permission denied to call method Location.toString
Error: str.replace is not a function
Source File:
file:///Tiger_HD/Library/WebServer/Documents/clientsidepost2.html?q=a:3: {i:0;s:49:
\%2244502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\%22;i:1;s:50:
\%223537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\%22;i:2;s:58:
\%22931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\%22;}
Line: 21

Can you tell me how to fix the stripslashes function?tnx,

---clientsidepost.html--------------------

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type"

content="text/html; charset=iso-10646-1">
<title>Get to Post Proxy</title>
<script type ="text/javascript">

function Get2Post() {
var frm = document.forms['pgform'];
var q = window.location.search.substring(1).split('=');
stripslashes(q);
frm.elements['q'].value = decodeURIComponent(q[1]);

document.write(q);
frm.submit();

}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
str=str.replace(/\\"/g,'"');
str=str.replace(/\\0/g,'\0');
str=str.replace(/\\\\/g,'\\');
return str;
}

window.onload = Get2Post;


</script>

</head>
<body>
<form name="pgform"
action="http://99.20.131.64/pooglemap2.php"
method="post">
<input type="hidden" name="q">
</form>

</body>
</html>
 
T

Thomas 'PointedEars' Lahn

JRough said:
[...]
So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
[...]

You do _not_ get these error messages from this code.
Error: str.replace is not a function

That is the only relevant error message.
[...]
Can you tell me how to fix the stripslashes function?tnx,

I am confident that you will find that out for yourself.yw
[...]
<!DOCTYPE html>

Not Valid.
<html>
<head>
<meta http-equiv="Content-Type"

content="text/html; charset=iso-10646-1">
^^^^^^^^^^^
You must be joking.
[...]
function Get2Post() {
[...]
var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}

I do not see stripslashes() passed a string value here. Do you?
window.onload = Get2Post;
^^^^^^^^
,-------------------'
|
That belongs here -.
|
</script> |
|
</head> |
V


PointedEars
 
J

JRough

JRough said:
[...]
So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
[...]

You do _not_ get these error messages from this code.
Error: str.replace is not a function

That is the only relevant error message.
[...]
Can you tell me how to fix the stripslashes function?tnx,

I am confident that you will find that out for yourself.yw
[...]
<!DOCTYPE html>

Not Valid.
<html>
<head>
<meta http-equiv="Content-Type"
 content="text/html; charset=iso-10646-1">

                               ^^^^^^^^^^^
You must be joking.
[...]
function Get2Post() {
  [...]
 var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}

I do not see stripslashes() passed a string value here.  Do you?
window.onload = Get2Post;

                  ^^^^^^^^
  ,-------------------'
  |
That belongs here -.
                   |> said:
                 |
</head>          |

                   V
  said:

PointedEars


the reason I changed it to charset 10646- from I think it was 8059 was
the database encodes utf-16. Can I do it like this?Is that legal?

<meta http-equiv="Content-Type"content="text/html; charset=UTF-16">
 
J

JRough

JRough said:
[...]
So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
[...]
You do _not_ get these error messages from this code.
That is the only relevant error message.
[...]
Can you tell me how to fix the stripslashes function?tnx,
I am confident that you will find that out for yourself.yw
[...]
<!DOCTYPE html>
Not Valid.
                               ^^^^^^^^^^^
You must be joking.
[...]
function Get2Post() {
  [...]
 var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}
I do not see stripslashes() passed a string value here.  Do you?
                  ^^^^^^^^
  ,-------------------'
  |
That belongs here -.
                   V
  <body onload="        ()">

PointedEars

the reason I changed it to charset 10646- from I think it was 8059 was
the database encodes utf-16.  Can I do it like this?Is that legal?

<meta http-equiv="Content-Type"content="text/html; charset=UTF-16">

Okay, never mind I guess you meant this
<!DOCTYPE html>
that got in there somehow I'll take the whole line out and leave in
the coding the way it was
 
J

JRough

JRough said:
[...]
So in this conversion js form I need it to strip the slashes but I get
these errors in the console:
---------errors--------------
Error: Permission denied to call method Location.toString
[...]
You do _not_ get these error messages from this code.
That is the only relevant error message.
[...]
Can you tell me how to fix the stripslashes function?tnx,
I am confident that you will find that out for yourself.yw
[...]
<!DOCTYPE html>
Not Valid.
                               ^^^^^^^^^^^
You must be joking.
[...]
function Get2Post() {
  [...]
 var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}
I do not see stripslashes() passed a string value here.  Do you?
                  ^^^^^^^^
  ,-------------------'
  |
That belongs here -.
                   V
  <body onload="        ()">

PointedEars

the reason I changed it to charset 10646- from I think it was 8059 was
the database encodes utf-16.  Can I do it like this?Is that legal?

<meta http-equiv="Content-Type"content="text/html; charset=UTF-16">

I made the suggested changes and now the form doesn't post and the
redirect happen to the php page. This worked the way it was submitted
before. Even though I haven't figured out how to do the stripslashes
I still need the form to post. I moved the Get2Post to the body
onload
and now it doesn't post even with the wrong encoding

:-(

//<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type"

content="text/html; charset=10646-1">
<title>Get to Post Proxy</title>
<script type ="text/javascript">

function Get2Post() {
var frm = document.forms['pgform'];
var q = window.location.search.substring(1).split('=');

//frm.elements['q'].value = decodeURIComponent(q[1]);

document.write(q[1]);
//frm.submit();

}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
str=str.replace(/\\"/g,'"');
str=str.replace(/\\0/g,'\0');
str=str.replace(/\\\\/g,'\\');
return str;
}

//window.onload = Get2Post;


</script>

</head>
<body onload= Get2Post()>
<form name="pgform"
action="http://99.20.131.64/pooglemap2.php"
method="post">
<input type="hidden" name="q">

</form>
</body>
</html>
 
Ad

Advertisements

T

Thomas 'PointedEars' Lahn

JRough said:
Thomas said:
JRough said:
<meta http-equiv="Content-Type"
content="text/html; charset=iso-10646-1">

^^^^^^^^^^^
You must be joking.

[snip full quote]

Trim your quotes said:
the reason I changed it to charset 10646- from I think it was 8059 was
the database encodes utf-16.

Parse error.
Can I do it like this?Is that legal?

<meta http-equiv="Content-Type"content="text/html; charset=UTF-16">

It is. Any encoding name listed in
<http://www.iana.org/assignments/character-sets> is Valid, though not
necessarily supported; better stick to the more common encodings. But
it is only useful if you use what you declare. In any case, the META
element should only be a fallback for non-HTTP-based display.


PointedEars
 
T

Thomas 'PointedEars' Lahn

JRough said:
JRough said:
Thomas said:
JRough wrote:
[...]
<meta http-equiv="Content-Type"
content="text/html; charset=iso-10646-1">
^^^^^^^^^^^
You must be joking.

[snip full quote]

I will not reply to (let alone read) your postings anymore if you continue
this mindless full-quoting. Learn to quote.

Okay, never mind I guess you meant this
<!DOCTYPE html>

Obviously I did not.
that got in there somehow I'll take the whole line out and leave in
the coding the way it was

You should add the necessary public and system identifiers for HTML 4.01 to
the declaration instead, as I indicated. <http://validator.w3.org/>


PointedEars
 
J

JRough

                               ^^^^^^^^^^^
You must be joking.
[...]
function Get2Post() {
  [...]
 var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}

I do not see stripslashes() passed a string value here.  Do you?

I did all your suggestions and the forrm submits. I understand the
string wasn't passed to the stripslashes function. I think I put it
in the body of the get2post function and that was wrong but since the
get2post function happens when the document is loaded I don't know
where to put the stripslashes function. The string which I assume is q
[1] ?? and it the slashes have to be stripped out before the form
loads.
thanks for your corrections
 
J

JRough

JRough said:
JRough said:
Thomas 'PointedEars' Lahn wrote:
JRough wrote:
[...]
<meta http-equiv="Content-Type"
content="text/html; charset=iso-10646-1">
^^^^^^^^^^^
You must be joking.
[snip full quote]

I will not reply to (let alone read) your postings anymore if you continue
this mindless full-quoting.  Learn to quote.

Okay, never mind I guess you meant this
<!DOCTYPE html>

Obviously I did not.
that got in there somehow I'll take the whole line out and leave in
the coding the way it was

You should add the necessary public and system identifiers for HTML 4.01 to
the declaration instead, as I indicated.  <http://validator.w3.org/>

PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
  -- Richard Cornford, cljs, <[email protected]>

I am going to repost the javaSCFIPT FORm because it got deleted from
google groups . My only question is:
1. is the string to be passed to the stripslashes function q[1]
and
2. Where do I call the stripslashes function since it has to happen
after the get2post function happens and before the page gets loaded.
thanks,

----form---
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd
<html>
<head>
<meta http-equiv="Content-Type"

content="text/html; charset=10646-1">
<title>Get to Post Proxy</title>
<script type ="text/javascript">

function Get2Post() {
var frm = document.forms['pgform'];
var q = window.location.search.substring(1).split('=');
frm.elements['q'].value = stripslashes(q[1]);
//frm.elements['q'].value = decodeURIComponent(q[1]);


//frm.submit();

}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
str=str.replace(/\\"/g,'"');
str=str.replace(/\\0/g,'\0');
str=str.replace(/\\\\/g,'\\');
return str;
}

//window.onload = Get2Post;


</script>

</head>
<body onload= Get2Post()>

<form name="pgform"
action="http://99.20.131.64/pooglemap2.php"
method="post">
<input type="hidden" name="q">
<input type="submit" value="show map">
</form>
</body>
</html>
 
T

Thomas 'PointedEars' Lahn

JRough said:
Thomas said:
[...]
function Get2Post() {
[...]
var q = window.location.search.substring(1).split('=');
stripslashes(q);
[...]
}
function stripslashes(str) {
str=str.replace(/\\'/g,'\'');
[...]
}

I do not see stripslashes() passed a string value here. Do you?

I did all your suggestions and the forrm submits. I understand the
string wasn't passed to the stripslashes function. I think I put it
in the body of the get2post function and that was wrong but since the
get2post function happens when the document is loaded I don't know
where to put the stripslashes function. The string which I assume is q
[1] ?? and it the slashes have to be stripped out before the form
loads.

But String.prototype.split() does not return a string value, of course, and
so nothing that can be wrapped into a String instance for the `replace'
property access. Have you even given *any* thought about RTF(ine)FAQ and
RTF(ine)M first, let alone about using a script debugger?

<https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String/split>


PointedEars
 
Ad

Advertisements

J

JRough

But String.prototype.split() does not return a string value, of course, and
so nothing that can be wrapped into a String instance for the `replace'
property access.  Have you even given *any* thought about RTF(ine)FAQ and
RTF(ine)M first, let alone about using a script debugger?

<https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global...>

I didn't think this was a problem. There is only one substring q[1]
because there is only 1 key value pair in my string. So as I
understand it, the function splits out the "q" from the long string of
addresses which I will then decode, unserialize & parse in php. So
maybe you aren't getting that or am I missing somthing? It is only
one key value pair. I should be able to call the stripslashses()
function somewhere.

file:///Tiger_HD/Library/WebServer/Documents/clientsidepost3.html?q=a:3:{i:0;s:49:\"44502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\";i:1;s:50:\"3537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\";i:2;s:58:\"931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\";}
 
J

JRough

But String.prototype.split() does not return a string value, of course, and
so nothing that can be wrapped into a String instance for the `replace'
property access.  Have you even given *any* thought about RTF(ine)FAQ and
RTF(ine)M first, let alone about using a script debugger?

<https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global...>

I didn't think this was a problem. There is only one substring q[1]
because there is only 1 key value pair in my string. So as I
understand it, the function splits out the "q" from the long string of
addresses which I will then decode, unserialize & parse in php. So
maybe you aren't getting that or am I missing somthing? It is only
one key value pair. I should be able to call the stripslashses()
function somewhere.

file:///Tiger_HD/Library/WebServer/Documents/clientsidepost3.html?q=a:3:{i:0;s:49:\"44502%20Loneoak%2C%20Lancaster%2C%20CA%2C%2093534\";i:1;s:50:\"3537%203rd%20St%2C%20Ridgefield%2C%20WA%2C%2098642\";i:2;s:58:\"931%20Alabama%20St%2C%20san%20francisco%2C%20CA%2C%2094110\";}
 
T

Thomas 'PointedEars' Lahn

[Fixed quotation]
[Thomas 'PointedEars' Lahn wrote:]
But String.prototype.split() does not return a string value, of course,
and so nothing that can be wrapped into a String instance for the
`replace' property access. Have you even given *any* thought about
RTF(ine)FAQ and RTF(ine)M first, let alone about using a script debugger?

Why did you quote that line from my signature?
I didn't think this was a problem.

But it is.
There is only one substring q[1]

No, there are two (q[0] and q[1]).
because there is only 1 key value pair in my string.

In any case, the return value of String.prototype.split() is not a string
value.
So as I understand it, the function splits out the "q" from the long
string of addresses which I will then decode, unserialize & parse in php.

No, PHP does not even enter into it.
So maybe you aren't getting that

Yeah, maybe *I* am not getting it ... what else are you dreaming of?
or am I missing somthing?

You do.
It is only one key value pair.

And therefore, the result of splitting it along the `=' separator is an
Array instance with two elements. You are passing the reference to the
Array instance to the client-side stripslashes(), a function that
requires a string value for the argument, and expect that to work ...
I should be able to call the stripslashses() function somewhere.

Yes.

Please leave an attribution line for each quotation level.


PointedEars
 
J

JRough

And therefore, the result of splitting it along the `=' separator is an
Array instance with two elements.  You are passing the reference to the
Array instance to the client-side stripslashes(), a function that
requires a string value for the argument, and expect that to work ...
Please leave an attribution line for each quotation level.
I really do appreciate you answering this question and your patience,
the issue got solved.
 
V

VK

JRough said:
[...]
<!DOCTYPE html>
Not Valid.

You've been already warned about it several times, so it is coming to
an obvious hooliganism. The only accepted form of comment (if such
burning desire to be silly) is: "HTML5 is currently having the Working
Draft status by W3C so I personally consider premature to use it until
it reaches at least Candidate Recommendation status". This is the
maximum you are allowed to say without being a hooligan or a liar or
both.
 
Ad

Advertisements

T

Thomas 'PointedEars' Lahn

VK said:
JRough said:
[...]
<!DOCTYPE html>
Not Valid.

You've been already warned about it several times, so it is coming to
an obvious hooliganism. The only accepted form of comment (if such
burning desire to be silly) is: "HTML5 is currently having the Working
Draft status by W3C so I personally consider premature to use it until
it reaches at least Candidate Recommendation status". This is the
maximum you are allowed to say without being a hooligan or a liar or
both.

Any application of "HTML 5" (pre-REC, let alone pre-CR as it is now) is
_not_ Valid markup. Validity is not solely defined by what the W3C
Validator has to say about it, especially not if the corresponding Validator
feature is clearly marked as experimental.

People applying what is called "HTML 5" now to general purpose Web documents
may very well find themselves in a position in a few years that they have
build their sites on invalid and not working markup as there is any chance
that the current efforts be dropped or considerably modified (as the draft
Specification's "Status of this document" section warns about.)

You should get yourself informed before you parrot further nonsense and even
resort to name-calling to indicate your argumentative helplessness. It will
make you look just a little bit less silly in the end.


PointedEars
 
V

VK

Any application of "HTML 5" (pre-REC, let alone pre-CR as it is now) is
_not_ Valid markup.  Validity is not solely defined by what the W3C
Validator has to say about it, especially not if the corresponding Validator
feature is clearly marked as experimental.

That was already also answered, but if you still having troubles:
within the scope of clj/ciwah/civas "valid markup" and "not valid
markup" are used in reference to W3C Validator. No other validators or
helping tools like Tidy-based HTML validators are considered
authoritative. If you want to bring other valid - not valid criteria
then you have to be very clear in stating i) what validation tools/
rules are you referring to and ii) showing that it is your own
particular definition differing from the default one.
 
Ad

Advertisements

D

David Mark

That was already also answered, but if you still having troubles:
within the scope of clj/ciwah/civas "valid markup" and "not valid
markup" are used in reference to W3C Validator.

But nobody should care about results from an *experimental* validation
service for a language that is neither a standard, nor implemented by
a significant percentage of user agents.
No other validators or
helping tools like Tidy-based HTML validators are considered
authoritative.

By whom and for what?
If you want to bring other valid - not valid criteria
then you have to be very clear in stating i) what validation tools/
rules are you referring to and ii) showing that it is your own
particular definition differing from the default one.

Odd you would comment on the lucidity of others.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top