I tried
s=Normalizer.normalize(s, Normalizer.Form.NFD).replaceAll("[^\\p{ASCII}]", "");
But it seems that GWT API doesn't provide such fonction.
I tried also :
s=s.replace("é",e);
But it doesn't work either
The scenario is I'am trying to générate token from the clicked Widget's text for the history management
You can take ASCII folding filter from Lucene and add to your project. You can just take foldToASCII() method from ASCIIFoldingFilter (the method does not have any dependencies). There is also a patch in Jira that has a full class for that without any dependencies - see here. It should be compiled by GWT without any problems. License should be also OK, since it is Apache License, but don't quote me on it - you should ask a real lawyer.
#okrasz, the foldToASCII() worked but I found a shorter one Transform a String to URL standard String in Java
Related
Running into an issue when using EncodeForHTML for certain characters (Emojis in this case)
The text in this case is:
⌛️a😊b👍c😟 💥🍉🍔 💩 🤦🏼♀️🤦🏼♀️🤦🏼♀️ 😘
Now if I just a straight output
<cfoutput>#txt#</cfoutput>
It displays correctly, no issues, but if I use EncodeForHTML first
<cfoutput>#EncodeForHTML(txt)#</cfoutput>
I get this
⌛️a��b��c�� ������ �� ����♀️����♀️����♀️ ��
I tested it with EncodeForXML & esapiEncode as well to be sure; all are giving me the same result.
I've verified the encoding settings in Lucee are UTF-8, and the meta charset tag is also set to UTF-8. I can't find any documenation re: EncodeForHTML saying if it make any changes to the character encoding, if it requires the character encoding to be something specific, or if it has any known issues with emojis or certain code points.
I appreciate any help or clarification anyone can provide.
Edit: Thank you everyone. Wish I could accept multiple answers.
I was required to sanitize emojis in order ensure that third-party content was cross-compatible with external services. Some of the content contained emojis and was causing export/import problems. I wrote a ColdFusion wrapper for the emoji-java library to identify, sanitize and convert emojis.
https://github.com/JamoCA/cf-emoji-java
For example, the parseToAliases() function "replaces all the emoji's unicodes found in a string by their aliases".
emojijava = new emojijava();
emojijava.parseToAliases('I like 🍕'); // I like :pizza:
To "encode" you could use either the parseToHtmlDecimal() or parseToHtmlHexadecimal() functions prior to using EncodeForHTML().
emojijava = new emojijava();
test = emojijava.parseToHtmlDecimal('I like 🍕'); // I ❤️ 🍕
EncodeForHTML(test);
At the time of this writing, ColdFusion's latest version is 2018 update 9
In turn, it uses ESAPI 2.1.1
Recent release notes don't mention Emoji,
https://github.com/ESAPI/esapi-java-legacy/tree/develop/documentation
But they do mention in Pull request 413
"Fixing ESAPI's inability to handle non-BMP codepoints."
This dates from 2017
https://github.com/ESAPI/esapi-java-legacy/pull/413
So based on all this information, I would recommend doing both of the following
Try using ESAPI directly. This is how it was done before ESAPI was added to CF. This issue may or may not still exist in ESAPI
Put in a ticket with Adobe to update this library.
Yes, ESAPI 2.2.0.0 addressed the issue of not correctly encoding non-BMP characters (see https://github.com/ESAPI/esapi-java-legacy/issues/300) as part of PR #413 that James mentioned above.
But I just uploaded release ESAPI 2.2.1.0-RC1 (release candidate 1) to Maven Central early this morning and hope to have an official 2.2.1.0 release out by next weekend, so if you are going to put in a ticket with Adobe for fix this with an updated version of ESAPI, I'd wait another week and then tell them to update to 2.2.1.0.
I use Python for plotting geospatial data on maps.
For certain map-styles, such as ["basic", "streets", "outdoors", "light", "dark", "satellite", "satellite-streets"], I need a mapbox-access token and for some geospatial plotting packages like folium I even need to create my own link for retrieving the map-tiles.
So far, it worked great with the style "satellite":
mapbox_style = "satellite"
mapbox_access_token = "....blabla"
request_link = f"https://api.mapbox.com/v4/mapbox.{mapbox_style}/{{z}}/{{x}}/{{y}}#2x.jpg90?access_token={mapbox_access_token}"
However, when choosing "satellite-streets" as mapbox-tile-ID, the output doesn't show a background map anymore. It fails with inserting "satellite-streets", "satellitestreets" and "satellite_streets" into the aforementioned link-string.
Why is that and how can I come to know what's the correct tile-ID-name for "satellite-streets"?
I found an answer when reaching out to the customer support.
Apparently, one has to access the static APIs which have specific names listed on their website:
"In general, the styles that you mentioned including
"satellite_streets" that you are referencing are our classic styles
that are going to be deprecated starting June 1st. I would recommend
using our modern static API the equivalent modern styles. This
will allow you to see the most updated street data as well.
Like the example request below:
https://api.mapbox.com/styles/v1/mapbox/satellite-streets-v11/tiles/1/1/0?access_token={your_token}
Here is more info on the deprecation of the classic styles and
the migration guide for them."
My personal adaptation after having tried everything out myself, is:
Via combining the above-mentioned with the details on how to construct a Mapbox-request link on this documention from mapbox' website,
I finally managed to make it work.
An example request looks like so (in python using f-strings):
mapbox_tile_URL = f"https://api.mapbox.com/styles/v1/mapbox/{tileset_ID_str}/tiles/{tilesize_pixels}/{{z}}/{{x}}/{{y}}#2x?access_token={mapbox_access_token}"
The tileset_ID_str could be e.g. "satellite-streets-v11" which can be seen at the following link containing valid static maps.
I´m having some problems to create reports in my server without default export engine.
I´m using SpudSoft to create it. I have the following configuration:
Tomcat 7
Birt 4.2.2
uk.co.spudsoft.birt.emitters.excel_0.8.0.201310230652.jar
And i followed this tutorial:
spudsoft-birt-excel-emitters
I haven´t include this file
lib/slf4j-api-1.6.2.jar
because it´s not included in the *.jar file
and either wrote this code:
'if( "XLS".equalsIgnoreCase( outputFileFormat ) ) {
renderOption.setEmitterID( "uk.co.spudsoft.birt.emitters.excel.XlsEmitter" );
} else if( "XLSX".equalsIgnoreCase( outputFileFormat ) ) {
renderOption.setEmitterID( "uk.co.spudsoft.birt.emitters.excel.XlsxEmitter" );
}'
Because I dont really know where to use it.
to run my report i use the following URL
http://127.0.0.1:8090/birt-viewer/frameset?__format=xls&__report=informes/myReport.rptdesign&__emitterid=uk.co.spudsoft.birt.emitters.excel.XlsEmitter
and i get the following message:
org.eclipse.birt.report.service.api.ReportServiceException: EmitterID uk.co.spudsoft.birt.emitters.excel for render option is invalid.
What can i do to run SpudSoft report? I've been reading for a week and I haven´t found any solution!
Thanks a lot for all!
#Dominique,
I recommend upgrading from the emitter included with BIRT 4.3 (and given the lack of responses from the BIRT team I regret letting them put it in there).
Also, you don't need to use a specific IRenderOption type - they are all the same really anyway.
#Jota,
If you are getting that error it means that BIRT hasn't picked up the emitter correctly (you do have the correct emitter ID).
I don't use the BIRT war file, so my instructions aren't aimed at that approach (I just use the report engine in my own service).
The code snippet is no use for you, it's just a way to specify the emitter ID, which you are doing on the query string.
slf4j shouldn't be needed with the version of the emitter that you have - it uses JUL instead (I hate JUL, but it's one fewer dependency).
Can you post a complete listing of the jar files in your war?
It seems because you make use of a generic IRenderOption. With spudsoft emitter you should instantiate your render options like this:
EXCELRenderOption excelOptions = new EXCELRenderOption();
Note if you upgrade to BIRT 4.3 you don't have to set the emitter anymore, it is embedded
Ok, I am using GWTP on eclipse. When creating a Presenter using eclipse & when I enter a token name say "!manageOrder" then eclipse show an error that "Token name must contain only lower-case letters, numbers and !". See the following picture.
However, in the NameTokens class, there is a line:
public static final String manageorder = "!mnageorder";
We can change to lowercase or upper the system is still ok.
So why does eClipse force us to use "only lower-case letters, numbers and !" for Token name?
if i use "!manageOrder" then it must easier for customer to figure out the what the page is right?
I believe this is just best practice being enforced by the version of the GWTP plugin you are using. It looks like you are using the old version of the plugin (for before GWTP 1.0)...
The new plugin allows capitals in the names:
Anyhow I would say use capitals if you want to, as long as it works.
More importantly, get using the current versions of GWTP and the associated plugin: https://github.com/ArcBees/gwtp-eclipse-plugin
I have huge application written in ZendFramework. Earlier everything was fine.
As for now it was redesigned and received a lot of new functionalities and options, but I have to defend this software from xss.
Variables are taken from a couple sources (webform, Webservices, api, etc.), some of them should be escaped, some not.
What do you think, what will be the best method to defend my website, without editing all (2 000 +) files and escaping all echo's ?
Zend Framework comes with a class called "Zend_Filter". This class has a "StripTags" filter option that will strip all tags from a given string.
http://framework.zend.com/manual/en/zend.filter.set.html#zend.filter.set.striptags
If you note, even the strip tags filter isn't recommended for sanitizing input if you exclude something and it shouldn't be used to defend against XSS attacks. It recommends using Tidy or HTMLPurifier.
http://tidy.sourceforge.net/
http://htmlpurifier.org/
I think HTML Purifier is pretty easy to use. From their docs website:
require_once '/path/to/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault(); $purifier = new
HTMLPurifier($config); $clean_html = $purifier->purify($dirty_html);
I hope that helps!
Cheers!