Un-escape JavaScript escaped value in Java - java

In our web service we set a cookie through JavaScript which we read again in Java (Servlet)
However we need to escape the value of the cookie because it may contain illegal characters such as '&' which messes up the cookie.
Is there a transparent way to escape (JavaScript) and unescape again (Java) for this?

In java you got StringEscapeUtils from Commons Lang to escape/unescape.
In Javascript you escape through encodeURIComponent, but I think the Commons component I gave to you will satisfy your needs.

Client JavaScript/ECMAScript:
encodeURIComponent(cookie_value) // also encodes "+" and ";", see http://xkr.us/articles/javascript/encode-compare/
Server Java:
String cookie_value = java.net.URLDecoder.decode(cookie.getValue());
I'll add further discoveries to my blog entry.

The most accurate way would be to Excecute javascript withing your java code. Hope the code below helps.
ScriptEngineManager factory = new ScriptEngineManager();
ScriptEngine engine = factory.getEngineByName("JavaScript");
ScriptContext context = engine.getContext();
engine.eval("function decodeStr(encoded){"
+ "var result = unescape(encoded);"
+ "return result;"
+ "};",context);
Invocable inv;
inv = (Invocable) engine;
String res = (String)inv.invokeFunction("decodeStr", new Object[]{cookie.getValue()});

Common lang's StringEscapeUtils didn't work for me.
You can simply use javascript nashorn engine to unescape a escaped javascript string.
private String decodeJavascriptString(final String encodedString) {
ScriptEngine engine = new ScriptEngineManager().getEngineByName("nashorn");
Invocable invocable = (Invocable) engine;
String decodedString = encodedString;
try {
decodedString = (String) invocable.invokeFunction("unescape", encodedString);
} catch (ScriptException e) {
e.printStackTrace();
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
return decodedString;
}

Related

Execution uglifyJs2 via Nashorn

I extracted uglifyJs2 via uglifyjs --self and I'm trying to minify app.js using uglify.js. I expect, that minified js should be generated into new file or console at least but now it doesn't work. What should I do to minify app.js using uglify.min.js?
public static void main(String[] args) throws Exception {
ScriptEngine scriptEngine = new ScriptEngineManager().getEngineByName("nashorn");
Bindings bindings = new SimpleBindings();
bindings.put("console", System.console());
executeJs("uglifyjs.min.js",scriptEngine, bindings);
String res = (String) invocable.invokeFunction("UglifyJS.parse(code)", code);
//Here I got NoSuchMethodException: No such function UglifyJS.parse(code)
}
static String readFile(String path, Charset encoding)
throws IOException
{
byte[] encoded = Files.readAllBytes(Paths.get(path));
return new String(encoded, encoding);
}
private static void executeJs(String fileName, ScriptEngine engine, Bindings bindings) throws Exception {
String test = readFile(fileName, StandardCharsets.UTF_8);
engine.put(ScriptEngine.FILENAME, fileName);
engine.eval(test, bindings);
}
When i mo
invokeFunction can be used to invoke only global functions. It can not be used to evaluate arbitrary code like you've above. The following will work:
// define a global function that accepts one arg and invoke UglifyJS.parse on it
scriptEngine.eval("function func(code) { return UglifyJS.parse(code) }");
// call the newly defined global function "func"
invocable.invokeFunction("func", code);
As an alternative...
ScriptObjectMirror uglify = (ScriptObjectMirror)this.scriptEngine.eval("UglifyJS");
String ugly = (String)uglify.callMember("parse", "mycode");
It does appear a wee bit slower in 100,000 calls of uglify.callMember(...) on my system its about 150ms slower. It didn't seem to make any improvement by first calling uglify.getMember("parse") and using call directly on that object.
It does however avoid a naming conflict

Simplest way to "unpack" obfuscated javascript from within a Java program

Let's say that you have a web page that only contains obfuscated Javascript in the form of an eval(...) function within a script tag.
Dean Edwards' online unpacker (link) correctly unpacks this Javascript.
I would like to write a simple Java class that loads the initial web page (I use HttpClient), extracts the eval(...) function from the HTML, and unpacks it, in order to obtain the de-obfuscated Javascript.
I've tried with Rhino, here's my code :
int start = html.indexOf("<script>eval") + "<script>".length();
int end = html.indexOf("</script>");
javascript = html.substring(start, end);
evaled = eval(javascript);
NativeFunction fEvaled = (NativeFunction) evaled;
String encodedSource = fEvaled.getEncodedSource();
log.info("encodedSource: " + encodedSource);
and the "eval" java function called:
private Object eval(String javascript){
ScriptEngineManager factory = new ScriptEngineManager();
ScriptEngine engine = factory.getEngineByName("JavaScript");
Object eval = null;
try {
eval = engine.eval(javascript);
} catch (ScriptException e) {
// TODO Auto-generated catch block
log.error("Exception evaluating javascript " + javascript, e);
}
return eval;
}
But, that doesn't work, the code returned is far from being the correct code (returned by Edwards' unpacker). I've inspected the Rhino variables, found nothing useful.
Am I doing something wrong ?
I'm open to any suggestion, for example if there's a command-line tool that will work I can make a system call.
I'm on Ubuntu.
Thanks.

How to integrate googlemap api javascript from a webpage into java program?

from what I've read it seems to be possible to run some javascript within a java program, however I'm still struggling on fully grasping how. Would I be able to do enough to execute a googlemap api to be displayed in my java program?
The two examples of code that I have been looking at is this in java:
import javax.script.*;
public class script {
public static void main(String[] args) throws Exception {
ScriptEngineManager manager = new ScriptEngineManager();
ScriptEngine engine = manager.getEngineByName("JavaScript");
// JavaScript code in a String
String script = "function hello(name) { print('Hello, ' + name); }";
// evaluate script
engine.eval(script);
// javax.script.Invocable is an optional interface.
// Check whether your script engine implements or not!
// Note that the JavaScript engine implements Invocable interface.
Invocable inv = (Invocable) engine;
// invoke the global function named "hello"
inv.invokeFunction("hello", "Scripting!!" );
}
}
and this as an example found on the google doc site in javascript to produce this:
var center = new google.maps.LatLng(37.4419, -122.1419);
var options = {
'zoom': 13,
'center': center,
'mapTypeId': google.maps.MapTypeId.ROADMAP
};
var map = new google.maps.Map(document.getElementById("map"), options);
var markers = [];
for (var i = 0; i < 100; i++) {
var latLng = new google.maps.LatLng(data.photos[i].latitude,
data.photos[i].longitude);
var marker = new google.maps.Marker({'position': latLng});
markers.push(marker);
}
var markerCluster = new MarkerClusterer(map, markers);
If any of you can assist me in understanding how to integrate these two samples of code so that the map appears in a JPanel instead of "hello world", I think I could figure the rest of it out.
UPDATE: After reading through the terms of usage, I found out that I would be violating the terms, however; if I move the map onto our organizations public site, I should be able to load the result of that script into my Java programs JPanel which would give public access to the map and not be in violation. Am I correct? Is this possible to do? I don't have any experience with javascript.
I don't know much about integrating Google map script with or the integration policies.
But, you can execute JavaScript file from your java code.So i feel you can write your script code in a js file and execute it as follows :
import javax.script.*;
public class EvalFile {
public static void main(String[] args) throws Exception {
// create a script engine manager
ScriptEngineManager factory = new ScriptEngineManager();
// create JavaScript engine
ScriptEngine engine = factory.getEngineByName("JavaScript");
// evaluate JavaScript code from given file - specified by first argument
engine.eval(new java.io.FileReader(yourfile.js));
}
}
For more info please refer this link http://docs.oracle.com/javase/6/docs/technotes/guides/scripting/programmer_guide/index.html. I hope it may help you

Get URL content with Basic Authentication with Java and async-http-client

I am writing a Java lib and need to perform a request to a URL - currently using async-http-client from ning - and fetch its content. So I have a get method that returns a String
of the content of the fetched document. However, to be able to get it, I must perform a HTTP basic authentication and I'm not succeeding at this in my Java code:
public String get(String token) throws IOException {
String fetchURL = "https://www.eventick.com.br/api/v1/events/492";
try {
String encoded = URLEncoder.encode(token + ":", "UTF-8");
return this.asyncClient.prepareGet(fetchURL)
.addHeader("Authorization", "Basic " + encoded).execute().get().getResponseBody();
}
}
The code returns no error, it just doesn't fetch the URL because the authentication header is not being properly set, somehow.
With curl -u option I can easily get what I want:
curl https://www.eventick.com.br/api/v1/events/492 -u 'xxxxxxxxxxxxxxx:'
Returns:
{"events":[{"id":492,"title":"Festa da Bagaceira","venue":"Mangueirão de Paulista",
"slug":"bagaceira-fest", "start_at":"2012-07-29T16:00:00-03:00",
"links":{"tickets":[{"id":738,"name":"Normal"}]}}]}
How can this be done in Java? With the async-http-client lib? Or if you know how to do it using another way..
Any help is welcome!
You're close. You need to base 64 encode rather than URL encode. That is, you need
String encoded = Base64.getEncoder().encodeToString((user + ':' + password).getBytes(StandardCharsets.UTF_8));
rather than
String encoded = URLEncoder.encode(token + ":", "UTF-8");
(Note that for the benefit of others, since I'm answering 2 years later, in my answer I'm using the more standard "user:password" whereas your question has "token:". If "token:" is what you needed, then stick with that. But maybe that was part of the problem, too?)
Here is a short, self-contained, correct example
package so17380731;
import com.ning.http.client.AsyncHttpClient;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.ws.rs.core.HttpHeaders;
public class BasicAuth {
public static void main(String... args) throws Exception {
try(AsyncHttpClient asyncClient = new AsyncHttpClient()) {
final String user = "StackOverflow";
final String password = "17380731";
final String fetchURL = "https://www.eventick.com.br/api/v1/events/492";
final String encoded = Base64.getEncoder().encodeToString((user + ':' + password).getBytes(StandardCharsets.UTF_8));
final String body = asyncClient
.prepareGet(fetchURL)
.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encoded)
.execute()
.get()
.getResponseBody(StandardCharsets.UTF_8.name());
System.out.println(body);
}
}
}
The documentation is very sketchy, but I think that you need to use a RequestBuilder following the pattern shown in the Request javadoc:
Request r = new RequestBuilder().setUrl("url")
.setRealm((new Realm.RealmBuilder()).setPrincipal(user)
.setPassword(admin)
.setRealmName("MyRealm")
.setScheme(Realm.AuthScheme.DIGEST).build());
r.execute();
(Obviously, this example is not Basic Auth, but there are clues as to how you would do it.)
FWIW, one problem with your current code is that a Basic Auth header uses base64 encoding not URL encoding; see the RFC2617 for details.
basically, do it like this:
BoundRequestBuilder request = asyncHttpClient
.preparePost(getUrl())
.setHeader("Accept", "application/json")
.setHeader("Content-Type", "application/json")
.setRealm(org.asynchttpclient.Dsl.basicAuthRealm(getUser(), getPassword()))
// ^^^^^^^^^^^-- this is the important part
.setBody(json);
Test can be found here:
https://github.com/AsyncHttpClient/async-http-client/blob/master/client/src/test/java/org/asynchttpclient/BasicAuthTest.java
This is also another way of adding Basic Authorization,
you can use any of two the classes for your use AsyncHttpClient,HttpClient,in this case i will use AsyncHttpClient
AsyncHttpClient client=new AsyncHttpClient();
Request request = client.prepareGet("https://www.eventick.com.br/api/v1/events/492").
setHeader("Content-Type","application/json")
.setHeader("Authorization","Basic b2pAbml1LXR2LmNvbTpnMGFRNzVDUnhzQ0ZleFQ=")
.setBody(jsonObjectRepresentation.toString()).build();
after adding header part
ListenableFuture<Response> r = null;
//ListenableFuture<Integer> f= null;
try{
r = client.executeRequest(request);
System.out.println(r.get().getResponseBody());
}catch(IOException e){
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
client.close();
it may be useful for you

Java-object to JSON

I am using Rhino to communicate between Java and JavaScript.
I call a JavaScript function via Rhino and this function takes an argument which must be a JSON-object. How do i parse Java-object to JSON and pass it to JavaScript in my case?
Java-code:
try {
engine.eval(fileReader);
Invocable invocableEngine = (Invocable) engine;
Object o = invocableEngine.invokeFunction("f", MyObject json);
System.out.println(o);
} catch (ScriptException ex) {
ex.printStackTrace();
} catch(Exception e){
e.printStackTrace();
}
JavaScript-Code:
function f(json){
var id = json.id;
return id;
}
I haven't used rhino, but for conversion of Java objects/collections to json I use the google library gson.
Back when I was using Rhino I just converted my Java-JSON-Object(org.json.JSONObject) to String and passed them as function parameter to a javascript function existing in the rhino scope.
String itemDatagram = jsonItemDatagram.toString;
String code = "inside.js.scope.aFunction(" + itemDatagram + ");";
The code String object would then have to be evaluated by Rhino. The String object automagically becomes a Javascript object inside the js scope(on the Rhino side). And since JSON is just a subset of javascript objects this should be what you want.

Categories

Resources