XQuery decoding HTTP request - unable to parse query










1















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question



















  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56















1















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question



















  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56













1












1








1








In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question
















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db




xpath xquery exist-db






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 15 '18 at 18:08







jbrehr

















asked Nov 15 '18 at 17:08









jbrehrjbrehr

134212




134212







  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56












  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56







1




1





When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

– joewiz
Nov 16 '18 at 3:32






When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

– joewiz
Nov 16 '18 at 3:32





1




1





@joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

– jbrehr
Nov 16 '18 at 9:56





@joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

– jbrehr
Nov 16 '18 at 9:56












2 Answers
2






active

oldest

votes


















1














When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






share|improve this answer






























    1














    functions such as util:unescape-uri and escape-uri are your friends.
    Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



    for more elaborate operations consider normalize-unicode






    share|improve this answer

























    • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

      – jbrehr
      Nov 15 '18 at 20:29











    • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

      – duncdrum
      Nov 15 '18 at 20:45












    • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

      – jbrehr
      Nov 15 '18 at 20:54










    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53324625%2fxquery-decoding-http-request-unable-to-parse-query%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






    share|improve this answer



























      1














      When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






      share|improve this answer

























        1












        1








        1







        When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






        share|improve this answer













        When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 16 '18 at 14:51









        joewizjoewiz

        3,9821220




        3,9821220























            1














            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer

























            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54















            1














            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer

























            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54













            1












            1








            1







            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer















            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 15 '18 at 20:25

























            answered Nov 15 '18 at 20:18









            duncdrumduncdrum

            548411




            548411












            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54

















            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54
















            In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

            – jbrehr
            Nov 15 '18 at 20:29





            In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

            – jbrehr
            Nov 15 '18 at 20:29













            the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

            – duncdrum
            Nov 15 '18 at 20:45






            the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

            – duncdrum
            Nov 15 '18 at 20:45














            Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

            – jbrehr
            Nov 15 '18 at 20:54





            Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

            – jbrehr
            Nov 15 '18 at 20:54

















            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53324625%2fxquery-decoding-http-request-unable-to-parse-query%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            這個網誌中的熱門文章

            How to read a connectionString WITH PROVIDER in .NET Core?

            圖片
            6 I added .AddJsonFile("Connections.json", optional: true, reloadOnChange: true) in public Startup(IHostingEnvironment env) Connections.json contains: "ConnectionStrings": "DefaultConnection": "Server=(localdb)\mssqllocaldb;Database=DATABASE;Trusted_Connection=True;MultipleActiveResultSets=true", "COR-W81-101": "Data Source=DATASOURCE;Initial Catalog=P61_CAFM_Basic;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "COR-W81-100": "Data Source=DATASOURCE;Initial Catalog=Post_PS;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "MSEDGEWIN10": "Data Source=DATASOURCE; Initial Catalog=COR_Basic; Persist Security Info=False;Integrated Security=true;MultipleActiveResultSets=False;Packet Size=4096;Application Name="COR_Basic"", "server&qu
            閱讀完整內容

            In R, how to develop a multiplot heatmap.2 figure showing key labels successfully

            圖片
            1 2 I'm trying to develop a multiplot heatmap.2 saved to a pdf. I'm having some success but the axis labels are getting chopped off. Subplot titles are also desirable but again the labels are getting chopped. Here's my reproducible code: library(gridExtra) library(grid) library(gridGraphics) library(gplots) Col = colorRampPalette(c("red","orange","yellow", "white")) grab_grob <- function() grid.echo() grid.grab() par(cex.main=0.1, mar = c(1,1,1,1) ) #data<-read.table("heatmap.input.matrix.data.txt") lmat = rbind(c(2,3),c(4,1),c(4,1)) lwid = c(2.5,4) lhei = c(0.5,4,3) labRowvec <- c(rep(NULL, dim(matrix(runif(1000, 1,10),ncol=50))[1])) labColvec <- c(rep(NULL, dim(matrix(runif(1000, 1,10),ncol=50))[2])) gl <- lapply(1:12, function(i) heatmap.2(matrix(runif(1000, 1,10),ncol=50), dendrogram = "none",offsetRow=-0.5, offsetCol=-1,srtCol=0, density="density", lmat =lmat,lhei = l
            閱讀完整內容

            Museum of Modern and Contemporary Art of Trento and Rovereto

            圖片
            Art museum in Rovereto TN, Italy Museum of Modern and Contemporary Art of Trento and Rovereto Museo d'arte moderna e contemporanea di Trento e Rovereto MART, Entrance Location Corso Angelo Bettini, 43, 38068 Rovereto TN, Italy Coordinates 45°53′38″N 11°02′42″E  /  45.8940°N 11.0450°E  / 45.8940; 11.0450 Coordinates: 45°53′38″N 11°02′42″E  /  45.8940°N 11.0450°E  / 45.8940; 11.0450 Type Art museum Director Gianfranco Maraniello Public transit access Trento train station. Taxis outside station. Website mart.trento.it The Museum of Modern and Contemporary Art of Trento and Rovereto (MART) ( Museo d'Arte Moderna e Contemporanea di Trento e Rovereto , in Italian) is a museum centre in the Italian province of Trento. The main site is in Rovereto, and contains mostly modern and contemporary artworks, including works from renowned Giorgio Morandi, Giorgio de Chirico, Felice Casorati, Carlo Carrà and Fortunato Depero. Fortunato Depero's house in Rovereto (known as Casa d
            閱讀完整內容