Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^9: perl dancer route template hashref pass complex json file to server issue (the reverse)

by tye (Sage)
on Jul 28, 2016 at 22:27 UTC ( #1168768=note: print w/replies, xml ) Need Help??


in reply to Re^8: perl dancer route template hashref pass complex json file to server issue (escape/filter)
in thread perl dancer route template hashref pass complex json file to server issue

You have it backward. You don't need to disable some template filter. You need to create and then enable an appropriate template filter.

Your templated javascript contains lines like:

var test='<%passtoserver%>';

If the value provided for 'passtoserver' was "Don't do this", then the javascript generated by your template would be:

var test='Don't do this';

That is a syntax error. So you need to change your template to contain lines more like:

var test='<% passtoserver | js_str %>';

or, perhaps even better:

var test=<% passtoserver | js_str %>;

where the "| js_str" tells the template to properly escape any characters that need to be escaped in order to be included verbatim inside of a javascript string literal (and, in the second case, also adds the enclosing quote marks).

And, no, Template::Toolkit doesn't come with a pre-built js_str filter so you'll have to create that as well.

Your problem case is due to the \ character not being escaped for similar reasons. So your template produces javascript code like:

var test='­[{"name":"­test","pro­blem":"her­e is the problem \" com +ma "}]';

And, in javascript, '\"' is the same value as '"'.

- tye        

  • Comment on Re^9: perl dancer route template hashref pass complex json file to server issue (the reverse)
  • Select or Download Code

Replies are listed 'Best First'.
Re^10: perl dancer route template hashref pass complex json file to server issue (the reverse)
by Anonymous Monk on Jul 28, 2016 at 22:46 UTC

    Doesn't add quotes but it exists Template::Plugin::JavaScript - Encodes text to be safe in JavaScript  document.write("[% sometext | js %]");

      thanks , the following worked with me
      <!DOCTYPE html> <html> <head> </head> <body> <div style = "padding: 100px 100px 10px;"> <script> var test2=<%passtoserver | replace('"', '"') %>; var test3=JSON.stringify(test2); alert(test3); </script> <button type="text" > </div> </body> </html>
      without any change in client side, Rami D.

        I suspect that your working code does not exactly match the code that you posted above. Trying to guess some things, I encourage you to test your code against a JSON value that contains strings containing a single quote / apostrophe character, a literal backslash character, even a newline character.

        Update: Oh, much later I realized how the code you posted could actually work. Valid JSON strings are also valid JavaScript source code. This might well open up a vector for doing cross-site JavaScript injection attacks, though that is likely true using your old 'eval' approach as well.

        - tye        

Re^10: perl dancer route template hashref pass complex json file to server issue (the reverse)
by RamiD (Acolyte) on Aug 03, 2016 at 19:47 UTC
    this worked for me
    <%passtoserver | replace('"', '"')%>;
    thanks

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1168768]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (4)
As of 2020-10-29 08:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (269 votes). Check out past polls.

    Notices?