So I’m making a messaging platform for a school project, and I’m trying to both protect my database, protect XSS attacks, and also allow every single character, including newlines.
So far, I’ve got everything covered, except newlines. JSON parser cannot for the live of it parse a simple newline.
I’ve tried prefixing the newline with another backslash (\n) but that STILL doesn’t work!
What should I do?!
Edit 1: Added code that generates the JSON data
string message = "[";
string uid;
for (int i = 0; i < data.Rows.Count; i++) {
if (StringCipher.ConvertToUnixTimestamp(DateTime.Now.AddMinutes(-5)) > int.Parse(data.Rows[i][5].ToString())) {
queryDelete = "DELETE * FROM Bubbleland WHERE MessageID = " + data.Rows[i][0] + ";";
commandDelete = new OleDbCommand(queryDelete, connection);
commandDelete.ExecuteNonQuery();
} else {
message += "{"mid":" + data.Rows[i][0];
if (data.Rows[i][1].ToString() == "")
uid = "user";
else
uid = data.Rows[i][1].ToString();
message += ", "uid":"" + uid;
message += "", "name": "" + data.Rows[i][2];
message += "", "color": "" + data.Rows[i][3];
message += "", "content": "" + data.Rows[i][4];
message += ""}";
if (i + 1 < data.Rows.Count) {
message += ",";
}
}
}
message += "]";
Edit 2: Added JS processing code
async function fetchMessages() {
$.ajax({
type: "POST",
url: "../ASPX/bubblelandFetch.aspx",
success: function (data) {
console.log(data);
data = JSON.parse(data);
var container = document.getElementById("messages-container");
var uid;
container.innerHTML = "";
console.log(data);
for (var i in data) {
var message = '<div id="' + data[i]["mid"];
message += '" class="message ' + data[i]["color"] + '">';
message += '<div class="profile-container">';
if (data[i]["uid"] == "user")
uid = "/Media/user"
else
uid = "/Media/Profile/" + data[i]["uid"];
message += '<img src="' + uid + '.png"/>';
message += '<span>' + data[i]["name"] + '</span></div>';
message += '<div class="content">' + data[i]["content"] + '</div>';
container.innerHTML += message;
}
},
complete: function () {
setTimeout(fetchMessages, intevral);
}
});
}
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
After messing around with parsing the string you provided me, I have stumbled across a fix and did further research to understand why this happened in the first place.
To put it simply:
‘Single quotes “escape” single quotes’
“Double quotes ‘escape’ double quotes“
These quotes mean, when using single quotes to create a string literal, you must escape any single quotes with a backslash for the string literal to be valid. The same goes for when using double quotes to create a string literal, but escaping double quotes with a backslash.
I didn’t recognize this issue at first, even though I knew the problem in the first place and I do this all the time.
I came across this Medium article helps put things together, and I suggest you read it to freshen up on using single/double quotes with string literals.
Method 2
As it turns out, an unescaped r was messing up the JSON parser.
Whenever you Shift + Enter, it puts rn instead of a simple n. I had no idea it does this. So in my ASPX backend code, I replace rn with <br>.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0