Hi I am developing a Java application using Scribe to integrate with Linkedin and make RestFul calls. I use FasterXML Jackson Json Parser library to parse the LinkedIn API responses in JSON.
I would like to check how I can parse Unicode characters in the response from LinkedIn when using the Jackson parser. When i do it the normal API call and print it out I see see ????? for those values that are returned in Unicode format.
Unicode characters are handled by Jackson. But code that prints out content may not be using UTF-8 encoding; make sure you check out actual character codes and NOT rely on what you see on your console window. Console may be using incorrect encoding, for example, or not have fonts to display all Unicode characters.
Alternatively service may be sending incorrectly encoded content. To verify this, you must check out actual bytes sent and see if they are properly UTF-8 encoded.
Related
One way of doing is to convert the binary data to Base64 and send it along with meta data as MediaType.APPLICATION_JSON.
The problem with this is client has to convert the binary data into Base64 before sending.
I also tried sending using MediaType.APPLICATION_OCTET_STREAM format through REST. This works fine for binary data only.
One option is to send meta data in headers while using MediaType.APPLICATION_OCTET_STREAM.
Is there any better way?
Thanks
Use multipart/form-data. This is what it's meant for. Not sure which Jersey version you are using, but here is the link for the Jersey 2.x documentation for Multipart support. Here's for 1.x (not really much information). You will need to do some searching for using multipart with Javascript clients (there is a bunch of information out there)
Here is a good example of using Jersey 2.x with both the server side and the client API.
Here is an example with Jersey 1.x. You can see the API it not much different.
I have ASIHTTPRequest with JSON response. I use SBJsonParser for JSON parsing, I need parse some strings from response. But I have problem with Russian symbols, I receive russian strings like:–†–Њ—Б—Б–Є—П
Any ideas?
Have a look into AFNetworking and Apple's NSJSONSerializer. Even the developer of ASIHTTPRequest does not longer recommend using this framework. There's great support for encoding issues in AFNetworking, and it's widely used so I'm pretty sure your bug doesn't exist there.
I hear everyone saying Output encoding has to be done client-side instead of server-side. My question is: doesnt it vary with context?
Are there cases where client-side output encoding is good enough and
cant be bypassed?
If I use a client side js function like encodeURIComponent to encode a url causing XSS, how can an attacker bypass this and still cause XSS?
Phishing can also happen due to XSS. If I at least do output encoding can phishing be prevented?
The short answer is that XSS encoding needs to happen where data is put into html or javascript be it server-sider and/or client-side. I could easily imagine data put into a script tag on the server side begin properly encoded, but then javascript on the client-side is using that value in an insecure way, creating an XSS vulnerability.
So when putting untrusted data into a web page (be it in a html tag, inside -tags, in css. etc - see the OWASP XSS prevention cheat sheet) we need to encode. Then when we come to the client side, we also need to make sure our javascript does not introduce XSS-problems. This could for instance be DOM-based XSS, or the example mentioned above.
So my answer is, you need to do encoding both on the server AND client side.
I don't understand how the 3rd question is related. Phishing could happen in so many different ways. On a completely different domain just mimicking the original page etc.
Edit: One more thing. If utrusted data is put into the page server side without encoding, there is very little the client side can do to fix that. It's most likely already to late.
Erlend answer is beautiful. I want to share my findings regarding output encoding.
Output encoding done in server side is better that in client side.
You can get more knowledge regarding output encoding from OWASP Xss Prevention
and you can do this client side too. If you are going to use un trusted(user given input) data in html context, please use javascript's native api innerText IE Docs ( textContent for moz) or encoding the characters (<,>,',",/,) into html entity
This is one very common question asked again and again on stack overflow and I read so many answers about this but I am still bit confused.
I need to call the webservices from iPhone sdk.
Here are my questions:
I am not clear what response SOAP or REST return.Is there anything specific that if response is XML then we should use REST and if JSON we should use SOAP?
What is the role of ASIHTTP with SOAP and REST?
If I am getting XML response as
<oproduct>
<iid>113133791</iid>
<icategoryid>270</icategoryid>
<imerchantid>1547</imerchantid>
<iadult>0</iadult>
<sname>The Ashes / 1st Test - England v Australia - Day 1</sname>
<sawdeeplink>http://www.acbcd.com/pclick.php?p=113133791&a=111402&m=1547&platform=cs</sawdeeplink>
<sawthumburl>http://images.abcdd.com/thumb/1547/113133791.jpg</sawthumburl>
<fprice>69.99</fprice>
</oproduct>
Do I need to parse it by hand? or how do I handle XML response?
I got so many articles about REST and SOAP but no proper code to understand it.
I would be grateful for any help regarding these questions.
SOAP - "Simple Object Access Protocol"
SOAP is a method of transferring messages, or small amounts of information, over the Internet. SOAP messages are formatted in XML and are typically sent using HTTP (hypertext transfer protocol).
So SOAP has a standard how a message has to be sent.
Each soap web service can be defined with a WSDL(Web Service Definition Language) which is kind of a schema for the SOAP XML transferred.
There are many tools available to convert WSDL(your webservice definition) to native code.
One of the tool available for ObjC is Sudz-C (http://sudzc.com/) which convert the WDSL of any webservice to ObjC code to access the Web service.
Rest - Representational state transfer
Rest is a simple way of sending and receiving data between client and server and it don't have any much standards defined , You can send and receive data as JSON,XML or even a Text. Its Light weighted compared to SOAP.
To handle Rest in iOS there are many tools available, I would recommend RestKit http://restkit.org/, for handling XML and JSON both.
I would suggest you to go with Rest for mobile development, since its light weight
(Simple example, People correct me If I am wrong)
Ok, so you have a few different questions here:
REST is a way of accessing the web service. SOAP is an alternative way of accessing the web service. REST uses query string or URL format whereas SOAP uses XML. JSON and XML are two different ways of sending back data. SOAP and XML are usually associated with each other. For mobile apps, REST/JSON is usually the way to go. Easier to implement and maintain, far more telegraphic, etc.
ASIHTTP, as Bill notes, is a wrapper. There are other choices that do similar things depending on what you need. If you are using REST/JSON then NSURLConnection + SBJSON might do the trick, I like it personally.
If your SOAP service has an available WSDL you can use wsdl2objc to automatically build the code for your parsing and fetching. If it is a JSON service or no WSDL is available, I would recommend using SBJSON and simply parsing in the following way:
for (id jsonElement in repsonse) {
self.propertyA = [jsonElement valueForKey:#"keyA"];
self.propertyB = [jsonElement valueForKey:#"keyB"];
}
Hope that helps!
1) SOAP responses must be XML, and to return other formats you need to either embed them in the response XML (inefficient) or use SOAP attachments (difficult). SOAP responses are contained in a soap envelope tag, and there is usually an associated wsdl. If the XML you show is all you're getting, then it may not be a SOAP service. I see links in the XML so that is a good sign that they had REST in mind.
2) I haven't heard of ASIHTTP. A quick google, and it looks like its a third party library that wraps the http interfaces in iOS. It looks like you would use that to help you make the http requests, although I would suggest that it might not be necessary; you should evaluate using the http libraries directly.
3) You need to parse it somehow. You can do it by hand, but that is generally a really bad idea. XML can come in many forms and still have the same meaning, and if you don't support all forms your application could break in the future if the web service provider began to format their XML differently, even if its semantics were the same. You would use an XML api to read the XML. The DOM api will read it into a tree form for you, and you can use XPath to extract information out of the tree.
REST is used to communicate any two systems.
So that if you want get info from one machine we have to use GET method and add info in one system we need to use the method POST..Like wise PUT and DELETE.
When a machine GETs the resource, it will ask for the machine readable one. When a browser GETs a resource for a human, it will ask for the human readable one.
So When you are sending request from machine 1. It will go to some machine x. Machine x will send a machine readable format to machine 1. Now Browser changes to user readable format.
So JSON is a machine readable format and HTML is a client readable format...Correct me if i am wrong?
REST is an architectural style, not a technology. That being said, the only technology that most people know that is intended to align with the REST architectural style is HTTP. If you want to understand the REST architectural style, I recommend the following two resources:
Roy Fielding's presentation "The Rest of REST" (http://roy.gbiv.com/talks/200709_fielding_rest.pdf)
The book "RESTful Web Services"
When you send a GET request for a resource, it is up to the server to determine what representation (format, e.g. html vs. json) it wishes to send back. The client can send along an Accept header that specifies a set of preferred formats, but it's ultimately up to the server to decide what it wants to send. To learn more about this interaction, Google on "HTTP content negotiation".
The reason browsers tend to get back HTML is that they send an Accept header with "text/html". If you somehow configured your browser to always send an Accept header of only "application/json", you would sometimes get JSON back (if the server supported JSON representations), sometimes HTML (if the server ignored your Accept header) and sometimes an error saying that the server could not support the representation you requested.
A computer can parse either JSON or HTML if you have the right libraries. JSON content tends to be structured data (optimized for parsing) and HTML tends to be optimized for presentation, so JSON is generally much easier for a program to parse.
Sounds about right to me. HTML is definitely for end-user consumption (despite all the nasty screen-scraping code out there) and there's no way that I'd want to deliver JSON (or XML or YAML) to end-user clients for direct display.
You probably want to ensure that you only deliver HTML that matches up with the same basic data model that you're delivering to mechanical clients; producing XHTML on demand by applying an XSLT stylesheet to an XML version of your standard responses is probably the easiest way to do it since it's likely you can do that with a layer that's independent of your basic application.
To be pedantic, both HTML and JSON are machine readable formats. The difference is that HTML has a specification that describes some semantics that web browsers know how to interpret in order to visually render it. The JSON spec has really no semantics other than defining how to serialize arrays, objects and properties.
Don't forget JSON and HTML are just two of the hundreds of potentially useful media type formats that a RESTful system can use.