Create a self-contained test cast and file an issue in the issue tracker.
On Thu, Oct 22, 2020 at 8:34 AM 'P5music' via CodenameOne Discussions <
[email protected]> wrote:
> I tried your suggestion but it does not work, as expected if you consider
> that what is going to be executed is something that has quotes inside
> quotes, like
> setAttribute("srcdoc","<HTML><div style="some styling here"
> ></DIV></HTML>");
>
> that line is injected so it has to be
> "setAttribute(\"srcdoc\",\"<HTML><div style="some styling here"
> ></DIV></HTML>\");"
> This is what goes inside the function,
>
> but in the log you can see for example:
>
> iframe.setAttribute("srcdoc","<!DOCTYPE html><html><head></head><body><p
> style="vertical-align:middle;font-size:2em;" >.............
> when deep quotes are not escaped how you suggested.
>
> While just applying the escaping of double quotes I get in the log
>
> var%20div%3Ddocument.createelement%28%27div%27%29%3Bdiv.addeventlistener%28%27mouse
>
> the error seems to be anticipated because that string continues and
> reaches to (the same code position even it belongs to a different IFRAME):
>
> iframe.setattribute%28%22srcdoc%22%2C%22%3C%21doctype%20html%3E%3Chtml%3E%3Chead%3E%3Clink%20href%3D%5C%22https://
> that is clearly different
> and this change happens just if I escape instead of not escaping as you
> suggested.
>
>
> Il giorno giovedì 22 ottobre 2020 alle 16:31:11 UTC+2 Steve Hannah ha
> scritto:
>
>> Don't escape the quotes.
>>
>> On Thu, Oct 22, 2020 at 7:29 AM 'P5music' via CodenameOne Discussions <
>> [email protected]> wrote:
>>
>>> I am testing the two variants.
>>>
>>> If I use the original variant executeAndWait I get what is the original
>>> error of this thread.
>>>
>>> If I use the execute variant I get the new error and apparent double
>>> encoding.
>>>
>>> I am not applying any encoding. I just escape the quotes (in both cases):
>>> String htmlText=originalHtml.replace("\"","\\\"");
>>> It has be done because I have to inject the HTML into the srcdoc
>>> attribute of the IFRAMEs.
>>>
>>>
>>> Il giorno giovedì 22 ottobre 2020 alle 16:20:50 UTC+2 Steve Hannah ha
>>> scritto:
>>>
>>>> Did you already pass that string through your own encoding/escaping?
>>>> If so, you may have some double-encoding going on.
>>>>
>>>> On Thu, Oct 22, 2020 at 7:08 AM 'P5music' via CodenameOne Discussions <
>>>> [email protected]> wrote:
>>>>
>>>>> This variant seems to be encoding all text.
>>>>> [1022/154808.805601:INFO:CONSOLE(1)] "Uncaught SyntaxError: Invalid or
>>>>> unexpected token", source:
>>>>> var%20div%3Ddocument.createelement%28%27div%27%29%3Bdiv.addeventlistener%28%27mouse.....
>>>>>
>>>>> This just a snippet of what is being done. I think that the HTML was
>>>>> encoded, including the surrounding Javascript (I see it in Chrome debug
>>>>> console).
>>>>> What's wrong?
>>>>> Il giorno giovedì 22 ottobre 2020 alle 15:18:52 UTC+2 Steve Hannah ha
>>>>> scritto:
>>>>>
>>>>>> There is an executeAndWait() variant that takes parameters.
>>>>>>
>>>>>> https://www.codenameone.com/javadoc/com/codename1/ui/BrowserComponent.html#executeAndWait-java.lang.String-java.lang.Object...-
>>>>>>
>>>>>> There are many variants listed in the javadocs. One for every
>>>>>> occasion.
>>>>>>
>>>>>> On Thu, Oct 22, 2020 at 6:10 AM 'P5music' via CodenameOne Discussions
>>>>>> <[email protected]> wrote:
>>>>>>
>>>>>>> I need the "wait" part too, is it possible to properly encode the
>>>>>>> raw text with a method?
>>>>>>> So I can keep using the executeAndWait variant?
>>>>>>>
>>>>>>> Il giorno giovedì 22 ottobre 2020 alle 14:50:54 UTC+2 Steve Hannah
>>>>>>> ha scritto:
>>>>>>>
>>>>>>>> I see. It isn't the DOCTYPE it has complaining about. It is that
>>>>>>>> you are placing raw text. You can't have new lines.
>>>>>>>>
>>>>>>>> If you want to inject arbitrary strings you should use the
>>>>>>>> execute(String js, Object[] params) variant:
>>>>>>>>
>>>>>>>> https://www.codenameone.com/javadoc/com/codename1/ui/BrowserComponent.html#execute-java.lang.String-java.lang.Object:A-
>>>>>>>>
>>>>>>>> E.g. myBrowserComponent.execute("...iframe.setAttribute('srcdoc',
>>>>>>>> ${0});...", new Object[]{htmlText});
>>>>>>>>
>>>>>>>> That will properly encode the htmlText (e.g. escaping new lines and
>>>>>>>> other problematic characters).
>>>>>>>>
>>>>>>>> On Thu, Oct 22, 2020 at 5:36 AM 'P5music' via CodenameOne
>>>>>>>> Discussions <[email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>> The injected HTML is not under my control, it is a string. If it
>>>>>>>>> doesn't like '<!DOCTYPE as a single string, it also could be not
>>>>>>>>> liking
>>>>>>>>> other things.
>>>>>>>>> In the provided code above it seems that it is written that way
>>>>>>>>> but it is a string
>>>>>>>>> created this way:
>>>>>>>>> " ... iframe.setAttribute(\"srcdoc\",\""+htmlText+"\");"
>>>>>>>>> Also, as you can see double-quotes " have been replaced by single
>>>>>>>>> quotes ' by the executeAndWait method.
>>>>>>>>>
>>>>>>>>> Il giorno giovedì 22 ottobre 2020 alle 13:46:25 UTC+2 Steve Hannah
>>>>>>>>> ha scritto:
>>>>>>>>>
>>>>>>>>>> Perhaps it doesn't like the doctype tag. Try splitting it up.
>>>>>>>>>> E.g.
>>>>>>>>>>
>>>>>>>>>> iframe.setAttribute('srcdoc', '<'+'!DOCTYPE html>...');
>>>>>>>>>>
>>>>>>>>>> On Thu, Oct 22, 2020 at 4:26 AM 'P5music' via CodenameOne
>>>>>>>>>> Discussions <[email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> In my CodenameOne app some Javascript code is injected to create
>>>>>>>>>>> a DOM, made of IFRAMES with HTML code inside.
>>>>>>>>>>> The HTML code is correct but I am debugging in Chrome and I see
>>>>>>>>>>> that when the HTML code starts an error is detected (the error is
>>>>>>>>>>> also in
>>>>>>>>>>> the IntelliJ IDEA console):
>>>>>>>>>>>
>>>>>>>>>>> The following text is the function that is made from the
>>>>>>>>>>> executeAndWait method:
>>>>>>>>>>>
>>>>>>>>>>> (function(){var BASE_URL='
>>>>>>>>>>> https://www.codenameone.com/!cn1return/';function
>>>>>>>>>>> doCallback(val) { var url = BASE_URL +
>>>>>>>>>>> encodeURIComponent(JSON.stringify(val)); if (window.cefQuery) {
>>>>>>>>>>> window.cefQuery({request:'shouldNavigate:'+url, onSuccess:
>>>>>>>>>>> function(response){}, onFailure:function(error_code, error_message)
>>>>>>>>>>> {
>>>>>>>>>>> console.log(error_message)}});} else if (window.cn1application &&
>>>>>>>>>>> window.cn1application.shouldNavigate) {
>>>>>>>>>>> window.cn1application.shouldNavigate(url) } else if (true)
>>>>>>>>>>> {window._cn1ready = window._cn1ready || [];
>>>>>>>>>>> window._cn1ready.push(function(){window.cn1application.shouldNavigate(url)});}
>>>>>>>>>>> else {window.location.href=url}} var result = {value:null,
>>>>>>>>>>> type:null,
>>>>>>>>>>> errorMessage:null, errorCode:0, callbackId:3};var callback = {
>>>>>>>>>>> onSucess:
>>>>>>>>>>> function(val) { this.onSuccess(val);}, onSuccess: function(val) {
>>>>>>>>>>> result.value = val; result.type = typeof(val); if (val !== null &&
>>>>>>>>>>> typeof
>>>>>>>>>>> val === 'object') {result.value = val.toString();}
>>>>>>>>>>> doCallback(result);},
>>>>>>>>>>> onError: function(message, code) { if (message instanceof Error)
>>>>>>>>>>> {result.errorMessage = message.message; result.errorCode = 0;} else
>>>>>>>>>>> {result.errorMessage = message; result.errorCode = code;}
>>>>>>>>>>> doCallback(result);}};try { var
>>>>>>>>>>> div=document.createElement('DIV');div.addEventListener('mousedown',
>>>>>>>>>>> function (event)
>>>>>>>>>>> {callMouseDown(div.getAttribute("id"));});div.addEventListener('mouseup',
>>>>>>>>>>> function (event) {callMouseUp(div.getAttribute("id"));});var
>>>>>>>>>>> iframe=document.createElement("IFRAME");iframe.style.zIndex="0";iframe.style.pointerEvents="none";div.style.position="relative";
>>>>>>>>>>> div.id="0";iframe.setAttribute("scrolling","no");iframe.setAttribute("frameborder","no");iframe.setAttribute("noresize","noresize");iframe.setAttribute("height","100");
>>>>>>>>>>> iframe.innerText="FALLBACK";iframe.setAttribute("srcdoc","<!DOCTYPE
>>>>>>>>>>> html>
>>>>>>>>>>>
>>>>>>>>>>> I did not paste all the function body. I stopped when the first
>>>>>>>>>>> HTML code begins for the first IFRAME and the error is there.
>>>>>>>>>>> As you can see in the attached image the red error starts at the
>>>>>>>>>>> comma (Uncaught SyntaxError: Invalid or unexpected token).
>>>>>>>>>>>
>>>>>>>>>>> (The HTML code is a text with other quotes inside as it is in
>>>>>>>>>>> normal HTML but it is correctly escaped)
>>>>>>>>>>>
>>>>>>>>>>> Can you help me? Do you see something? Could this be caused by
>>>>>>>>>>> the calling function?
>>>>>>>>>>> Thanks in advance
>>>>>>>>>>> Regards
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>> Google Groups "CodenameOne Discussions" group.
>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>> it, send an email to [email protected].
>>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>>> https://groups.google.com/d/msgid/codenameone-discussions/42678b68-78f9-40fa-adb1-7f4740b9796fn%40googlegroups.com
>>>>>>>>>>> <https://groups.google.com/d/msgid/codenameone-discussions/42678b68-78f9-40fa-adb1-7f4740b9796fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>>>>>> .
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Steve Hannah
>>>>>>>>>> Software Developer
>>>>>>>>>> Codename One
>>>>>>>>>> http://www.codenameone.com
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>>> Groups "CodenameOne Discussions" group.
>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>> send an email to [email protected].
>>>>>>>>>
>>>>>>>> To view this discussion on the web visit
>>>>>>>>> https://groups.google.com/d/msgid/codenameone-discussions/7bf62f74-3642-46d9-b446-9c2bc6aabe6en%40googlegroups.com
>>>>>>>>> <https://groups.google.com/d/msgid/codenameone-discussions/7bf62f74-3642-46d9-b446-9c2bc6aabe6en%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>>>> .
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Steve Hannah
>>>>>>>> Software Developer
>>>>>>>> Codename One
>>>>>>>> http://www.codenameone.com
>>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "CodenameOne Discussions" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to [email protected].
>>>>>>>
>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/codenameone-discussions/da7d4cbf-62fd-4503-9680-2f2a16112ed3n%40googlegroups.com
>>>>>>> <https://groups.google.com/d/msgid/codenameone-discussions/da7d4cbf-62fd-4503-9680-2f2a16112ed3n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Steve Hannah
>>>>>> Software Developer
>>>>>> Codename One
>>>>>> http://www.codenameone.com
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "CodenameOne Discussions" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>>
>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/codenameone-discussions/a400a0f3-ba0d-482b-b690-3c12e1d76ff4n%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/codenameone-discussions/a400a0f3-ba0d-482b-b690-3c12e1d76ff4n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>>
>>>> --
>>>> Steve Hannah
>>>> Software Developer
>>>> Codename One
>>>> http://www.codenameone.com
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "CodenameOne Discussions" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/codenameone-discussions/c22c8ec5-721a-485a-8dc3-54e55238017fn%40googlegroups.com
>>> <https://groups.google.com/d/msgid/codenameone-discussions/c22c8ec5-721a-485a-8dc3-54e55238017fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>> --
>> Steve Hannah
>> Software Developer
>> Codename One
>> http://www.codenameone.com
>>
> --
> You received this message because you are subscribed to the Google Groups
> "CodenameOne Discussions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/codenameone-discussions/8b4fe010-4c96-4974-aab6-786719e1dd98n%40googlegroups.com
> <https://groups.google.com/d/msgid/codenameone-discussions/8b4fe010-4c96-4974-aab6-786719e1dd98n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
Steve Hannah
Software Developer
Codename One
http://www.codenameone.com
--
You received this message because you are subscribed to the Google Groups
"CodenameOne Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/codenameone-discussions/CAGOYrKUwDmo2zBK4hb%2BHCWF0y5yvUaZ0GQJ-g8X6DezkxU1ixA%40mail.gmail.com.
