XQuery decoding HTTP request - unable to parse query










1















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question



















  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56















1















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question



















  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56













1












1








1








In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db







share|improve this question
















In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:



else if (starts-with(lower-case($exist:path), "/search")) then
 <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
 <forward url="$exist:controller/search.html"/>
 <view>
 <forward url="$exist:controller/modules/view.xql">
 <add-parameter name="docset" 
 value="search:search-term-cleaner(request:get-parameter("text","norequest"))"/> 
 <add-parameter name="pagetype" value="search"/>
 </forward>
 </view>
 </dispatch>


I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:



declare function search:search-term-cleaner($text as xs:string?) as xs:string?

 let $cleanterm := replace($text,'[^A-Za-z+*0-9]', '')

 return $cleanterm
;


There are two problems, under two slightly different scenarios:



  1. If the request comes in /search?text=some%+text the site complains with


org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query
java.lang.IllegalArgumentException: Not valid encoding '%+t'




  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.



This is via local host http://localhost:8081/exist/apps/.






xpath xquery exist-db




xpath xquery exist-db






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 15 '18 at 18:08







jbrehr

















asked Nov 15 '18 at 17:08









jbrehrjbrehr

134212




134212







  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56












  • 1





    When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

    – joewiz
    Nov 16 '18 at 3:32







  • 1





    @joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

    – jbrehr
    Nov 16 '18 at 9:56







1




1





When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

– joewiz
Nov 16 '18 at 3:32






When getting parameters via request:get-parameter you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you via as space characters.

– joewiz
Nov 16 '18 at 3:32





1




1





@joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

– jbrehr
Nov 16 '18 at 9:56





@joewiz I can't believe I struggled for hours without figuring that (now obvious) fact. If you post that as an answer I'll accept. It might be useful for some future searcher. Thanks again.

– jbrehr
Nov 16 '18 at 9:56












2 Answers
2






active

oldest

votes


















1














When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






share|improve this answer






























    1














    functions such as util:unescape-uri and escape-uri are your friends.
    Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



    for more elaborate operations consider normalize-unicode






    share|improve this answer

























    • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

      – jbrehr
      Nov 15 '18 at 20:29











    • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

      – duncdrum
      Nov 15 '18 at 20:45












    • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

      – jbrehr
      Nov 15 '18 at 20:54










    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53324625%2fxquery-decoding-http-request-unable-to-parse-query%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






    share|improve this answer



























      1














      When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






      share|improve this answer

























        1












        1








        1







        When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.






        share|improve this answer













        When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 16 '18 at 14:51









        joewizjoewiz

        3,9821220




        3,9821220























            1














            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer

























            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54















            1














            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer

























            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54













            1












            1








            1







            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode






            share|improve this answer















            functions such as util:unescape-uri and escape-uri are your friends.
            Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation



            for more elaborate operations consider normalize-unicode







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 15 '18 at 20:25

























            answered Nov 15 '18 at 20:18









            duncdrumduncdrum

            548411




            548411












            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54

















            • In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

              – jbrehr
              Nov 15 '18 at 20:29











            • the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

              – duncdrum
              Nov 15 '18 at 20:45












            • Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

              – jbrehr
              Nov 15 '18 at 20:54
















            In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

            – jbrehr
            Nov 15 '18 at 20:29





            In fact, one problem is the threat that someone can just dump a 'forbidden' character into the search string such as the example I gave some%+text. I don't actually understand what is happening when that hits the controller - therefore I can't figure out a tactic for handling it.

            – jbrehr
            Nov 15 '18 at 20:29













            the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

            – duncdrum
            Nov 15 '18 at 20:45






            the best thing, imv you can do is to uri encode in the input form, and uri-decode in your xquery. If you really want to limit the characters (ǚ, , ` ` ) ppl can search for, more elaborate functions are necessary. But the basic idea remains the same, encode input decode for processing

            – duncdrum
            Nov 15 '18 at 20:45














            Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

            – jbrehr
            Nov 15 '18 at 20:54





            Yes, the input is encoded in the form which I handle fine. I'm trying to handle the contingency where a user writes the string directly in the browser (in the first example).

            – jbrehr
            Nov 15 '18 at 20:54

















            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53324625%2fxquery-decoding-http-request-unable-to-parse-query%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            這個網誌中的熱門文章

            Barbados

            圖片
            For other uses, see Barbados (disambiguation). Not to be confused with Barbuda. Coordinates: 13°10′N 59°33′W  /  13.167°N 59.550°W  / 13.167; -59.550 Barbados Flag Coat of arms Motto:  "Pride and Industry" Anthem:  In Plenty and In Time of Need Capital and largest city Bridgetown 13°06′N 59°37′W  /  13.100°N 59.617°W  / 13.100; -59.617 Official languages English Recognised regional languages Bajan Creole Ethnic groups (est. 2010 [1] ) 92.4% black 3.1% multiracial 2.7% white 1.3% East Indian 0.5% other/unspecified Religion 75.6% Christian 2.5% other 20.6% none 1.2% unspecified [1] Demonym(s) Barbadian Bajan (colloquial) Government Unitary parliamentary constitutional monarchy • Monarch Elizabeth II •  Governor-General Dame Sandra Mason • Prime Minister Mia Mottley Legislature Parliament • Upper house Senate • Lower house House of Assembly Independence • From the United Kingdom 30 November 1966 Area • Total 439 km 2 (169 sq mi) (183rd) • Water (%) Negligib
            閱讀完整內容

            How to read a connectionString WITH PROVIDER in .NET Core?

            圖片
            6 I added .AddJsonFile("Connections.json", optional: true, reloadOnChange: true) in public Startup(IHostingEnvironment env) Connections.json contains: "ConnectionStrings": "DefaultConnection": "Server=(localdb)\mssqllocaldb;Database=DATABASE;Trusted_Connection=True;MultipleActiveResultSets=true", "COR-W81-101": "Data Source=DATASOURCE;Initial Catalog=P61_CAFM_Basic;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "COR-W81-100": "Data Source=DATASOURCE;Initial Catalog=Post_PS;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "MSEDGEWIN10": "Data Source=DATASOURCE; Initial Catalog=COR_Basic; Persist Security Info=False;Integrated Security=true;MultipleActiveResultSets=False;Packet Size=4096;Application Name="COR_Basic"", "server&qu
            閱讀完整內容

            Node.js Script on GitHub Pages or Amazon S3

            圖片
            0 I'm wondering if I can run a Node.js script in my Jekyll page from GitHub Pages or Amazon S3? I think it can't run on GitHub Pages since it doesn't support server side code. Not too sure. The code is below: var Airtable = require('airtable'); var base = new Airtable(apiKey: 'YOUR_API_KEY').base('appAnZVyYqusNPV5Q'); base('Invitee list').select( // Selecting the first 3 records in Complete list: maxRecords: 3, view: "Complete list" ).eachPage(function page(records, fetchNextPage) // This function (`page`) will get called for each page of records. records.forEach(function(record) console.log('Retrieved', record.get('Email')); ); // To fetch the next page of records, call `fetchNextPage`. // If there are more records, `page` will get called again. // If there are no more records, `done` will get called. fetchNextPage(); , function done(err) if (err) console.error(err); return; ); node.js
            閱讀完整內容