0

I have seen several post about different way to get around special characters not transmitting correctly. But, I was wanting a better and simpler solution (may not find it).

I have a function that I pass an object too. In the object (myObject), there can be some text with special numbered characters (Bill & #8217;s, the right single quotation mark special numbered character).

When I try to send the data, it chokes. So, then I went through my code and escaped everywhere it accepted user input and unescaped where the information was displayed.

Problem:

  • Possibly missing places that display or accept user input.
  • The data is store with the escaped characters.

I have seen solution where the special characters would be sanitized, but it would require a list of the special characters. Or I could try to decode the escaped characters on the back end.

  • Backend - MVC .net C#

  • jQuery Version: 1.7.2

    var json = $.toJSON(myObject);

$.ajax({
    type: 'POST',
    url: RootUrl + "Viewer/Save/",
    data: { "json": json },
    async: false,
    contentType: "application/json; charset=utf-8",
    success: function (data) {
        var $("#display").(data);
    },
    error: function (xhr, status, error) {
        alert(error);
    }
});

More information:

The json string is passed to a MVC controller. The method looks like this.

public ContentResult Save(string json)
{
    try
    {
        dynamic data = new System.Web.Script.Serialization.JavaScriptSerializer().Deserialize<dynamic>(json);
    }
    catch (Excepteion ex)
    {
         // More code
    }
}

The error message I get when I am in the Chrome debugger is:

  • 500 (Internal Server Error)

More I think about it, I am wondering if there is a setting in the backend that needs to change to accept the special numbered character. The reason I say this is because if I set a break point a the beginning of the MVC controller method, it actually never makes it to the break point. But if escaped or the apostrophe sign is used, it is fine.

I will continue to search and respond back with my findings.

UPDATE

Following the information: Getting "A potentially dangerous Request.Path value was detected from the client (&)"

    [ValidateInput(false)]
    [HttpPost]
    public ContentResult SaveTailoring(string json)

I added this to my code and it solved my problem of getting the data into the controller. I am goig to research so more and would appreciate any thoughts on the pros and cons of this technique.

Community
  • 1
  • 1
Anthoney Hanks
  • 31
  • 7
  • Which part of the code is supposed to do something to notations like `’` (which must not contain spaces – the one in the question does)? As such, outside serialized HTML, `’` is just seven Ascii characters. Besides, if you are posting data expecting it to be transferred as UTF-8, as the code does, why would you consider escaping characters? – Jukka K. Korpela May 15 '13 at 19:23
  • No, it does not contain spaces. Yes, it serializes ok, but when I recieve it in the MVC controller, I get an Error 500, Internal Server Error. I was thinking about that last night and was wonder if this problem was more on the backend, not sure. – Anthoney Hanks May 16 '13 at 12:43
  • Have you tried this with an `ApiController`? I'm not an MVC expert but I found them easier to work with when constructing my jQuery ajax methods, keeping the normal `Controller`s for the pages/partials. Posting UTF-8 I wouldn't have expected to require any special escaping, but I've not tried it. – Klors May 17 '13 at 16:44
  • Let me do some research on this. I am looking for a good solution with minimal problems. – Anthoney Hanks May 17 '13 at 20:26

1 Answers1

0

If you wanted to try this with an ApiController then, assuming you have a class called myObject in your server code and a matching representation in JavaScript, this

public ContentResult Save(string json)
{
    try
    {
        dynamic data = new System.Web.Script.Serialization.JavaScriptSerializer().Deserialize<dynamic>(json);
    }
    catch (Excepteion ex)
    {
         // More code
    }
}

would become something more like this, allowing you to work reasonably seamlessly with the native types

public class myObjectController : ApiController
{
    // ... code for GET/PUT/DELETE versions omitted ...

    // POST api/myObject
    public myObject PostmyObject(myObject myObject)
    {
        // code to save and update myObject
        return myObject;
    }
}

Though the auto-created REST methods generally return an HttpResponseMessage for POSTs that have a status and a header giving a link to the get for the newly saved object.

Klors
  • 2,665
  • 2
  • 25
  • 42