I have already looked at the post: Efficient plain text template engine, but it didn't answer my question. It's documentation is more than a little lacking, and I don't see that it does what I'm trying to do.
I'm wondering if you can iterate over a template and fill in the values with a function, whose parameters come from attributes within the template. e.g.:
"The <comparison property='fruit' value='green'> and the <comparison property='bowl' value='big'>."
becomes, after iterating over each variable and passing it to a function,
"The fruit is green and the bowl is big."
I'm trying to generate a css page based upon a JSON object containing appearance settings.
EDIT: I'm wondering if there's a way to get the straight object from JsonConvert.DeserializeObject(). The JObject has a lot of information I don't need.
(I am not sure if this is what you are looking for, but) I guess, you can combine my previous answer (showing the use of JObject.SelectToken) with regex to create your own templating engine.
string Parse(string json, string template)
{
var jObj = JObject.Parse(json);
return Regex.Replace(template, #"\{\{(.+?)\}\}",
m => jObj.SelectToken(m.Groups[1].Value).ToString());
}
string json = #"{name:""John"" , addr:{state:""CA""}}";
string template = "dummy text. Hello {{name}} at {{addr.state}} dummy text.";
string result = Parse(json, template);
Related
Having some trouble with parsing some JSON data, and removing the escaped characters so that I can then assign the values to a List. I've read lots of pages on SO about this very thing, and where people are having success, I am just now. I was wondering if anyone could run their eyes over my method to see what I am doing wrong?
The API I have fetching the JSON data from is from IPStack. It allows me to capture location based data from website visitors.
Here is how I am building up the API path. The two querystrings i've added to the URI are the access key that APIStack give you to use, as well as fields=main which gives you the main location based data (they have a few other blocks of data you can also get).
string api_URI = "http://api.ipstack.com/";
string api_IP = "100.121.126.33";
string api_KEY = "8378273uy12938";
string api_PATH = string.Format("{0}{1}?access_key={2}&fields=main", api_URI, api_IP, api_KEY);
The rest of the code in my method to pull the JSON data in is as follows.
System.Net.WebClient wc = new System.Net.WebClient();
Uri myUri = new Uri(api_PATH, UriKind.Absolute);
var jsonResponse = wc.DownloadString(myUri);
dynamic Data = Json.Decode(jsonResponse);
This gives me a JSON string that looks like this. (I have entered on each key/value to show you the format better). The IP and KEY I have obfuscated from my own details, but it won't matter in this summary anyway.
"{
\"ip\":\"100.121.126.33\",
\"type\":\"ipv4\",
\"continent_code\":\"OC\",
\"continent_name\":\"Oceania\",
\"country_code\":\"AU\",
\"country_name\":\"Australia\"
}"
This is where I believe the issue lies, in that I cannot remove the escaped characters. I have tried to use Regex.Escape(jsonResponse.ToString()); and whilst this does not throw any errors, it actually doesn't remove the \ characters either. It leaves me with the exact same string that went into it.
The rest of my method is to create a List which has one public string (country_name) just for limiting the scope during the test.
List<IPLookup> List = new List<IPLookup>();
foreach (var x in Data)
{
List.Add(new IPLookup()
{
country_name = x.country_name
});
}
The actual error in Visual Studio is thrown when it tries to add country_name to the List, as it complains that it does not contain country_name, and i'm presuming because it still has it's backslash attached to it?
Any help or pointers on where I can look to fix this one up?
Resolved just from the questions posed by Jon and Luke which got me looking at the problem from another angle.
Rather than finish my method in a foreach statement and trying to assign via x.something,,, I simple replaced that block of code with the following.
List<IPLookup> List = new List<IPLookup>();
List.Add(new IPLookup()
{
country_name = Data.country_name,
});
I can now access the key/value pairs from this JSON data without having to try remove the escaped characters that my debugger was showing me to have...
I have two applications. One application saves options and configurations down as JSON and the other reads the JSON and performs it's task based on the fields in the JSON. Now I want to filter a list that is in application-2. How can I pass how I want the list to be filtered into a string to be stored in JSON and then reinterpreted by application-2?
Is there anyway to serialize linq/lambda expressions and deserialize them? Or is there a better approach like creating a class that contains some filterable options like equal-to, not-equal-to, greater-than, less-than, contains, etc?
Unfortunately there is no way to serialize and serialize a lamda expression in c#, because it is make in compile time.
The Lamda after the compilation generates a function and the compiler call this function when the lamda expression is used.
You have one option, but is not easy :) Yoy have to store a c# code in json file, and the application-2 will read it, parse it, compile it, and execute it.
But itt will be a complete assembly (like one class) not only one lamdba expression.
If you use :net framrwork here is an example:
https://www.codeproject.com/Tips/715891/Compiling-Csharp-Code-at-Runtime
If you use .Net Core, teh ypu have to use roslyn: https://josephwoodward.co.uk/2016/12/in-memory-c-sharp-compilation-using-roslyn
I hope it helps
regrads
I found for another solution for this problem. You can store and revert an Expression from string! :)
The only need, the two module (or two program in your case) must be the known the same type.
Sample code:
var discountFilter = "album => album.Quantity > 0";
var options = ScriptOptions.Default.AddReferences(typeof(Album).Assembly);
Func<Album, bool> discountFilterExpression =
await CSharpScript.EvaluateAsync<Func<Album, bool>>(discountFilter, options);
var discountedAlbums = albums.Where(discountFilterExpression);
Regrads
gy
If you want to filter javascript arrays in pure JSON, you can use Jpath and Json.Net
For example:
var token = JToken.Parse("json string here")
var tokens = token.SelectTokens("$.YourJsonArray[?(#.Property == something)]")
I am using Newtonsoft JSON deserializer. How can one clean JSON for XSS (cross site scripting)? Either cleaning the JSON string before de-serializing or writing some kind of custom converter/sanitizer? If so - I am not 100% sure about the best way to approach this.
Below is an example of JSON that has a dangerous script injected and needs "cleaning." I want a want to manage this before I de-serialize it. But we need to assume all kinds of XSS scenarios, including BASE64 encoded script etc, so the problem is more complex that a simple REGEX string replace.
{ "MyVar" : "hello<script>bad script code</script>world" }
Here is a snapshot of my deserializer ( JSON -> Object ):
public T Deserialize<T>(string json)
{
T obj;
var JSON = cleanJSON(json); //OPTION 1 sanitize here
var customConverter = new JSONSanitizer();// OPTION 2 create a custom converter
obj = JsonConvert.DeserializeObject<T>(json, customConverter);
return obj;
}
JSON is posted from a 3rd party UI interface, so it's fairly exposed, hence the server-side validation. From there, it gets serialized into all kinds of objects and is usually stored in a DB, later to be retrieved and outputted directly in HTML based UI so script injection must be mitigated.
Ok, I am going to try to keep this rather short, because this is a lot of work to write up the whole thing. But, essentially, you need to focus on the context of the data you need to sanitize. From comments on the original post, it sounds like some values in the JSON will be used as HTML that will be rendered, and this HTML comes from an un-trusted source.
The first step is to extract whichever JSON values need to be sanitized as HTML, and for each of those objects you need to run them through an HTML parser and strip away everything that is not in a whitelist. Don't forget that you will also need a whitelist for attributes.
HTML Agility Pack is a good starting place for parsing HTML in C#. How to do this part is a separate question in my opinion - and probably a duplicate of the linked question.
Your worry about base64 strings seems a little over-emphasized in my opinion. It's not like you can simply put aW5zZXJ0IGg0eCBoZXJl into an HTML document and the browser will render it. It can be abused through javascript (which your whitelist will prevent) and, to some extent, through data: urls (but this isn't THAT bad, as javascript will run in the context of the data page. Not good, but you aren't automatically gobbling up cookies with this). If you have to allow a tags, part of the process needs to be validating that the URL is http(s) (or whatever schemes you want to allow).
Ideally, you would avoid this uncomfortable situation, and instead use something like markdown - then you could simply escape the HTML string, but this is not always something we can control. You'd still have to do some URL validation though.
Interesting!! Thanks for asking. we normally use html.urlencode in terms of web forms. I have a enterprise web api running that has validations like this. We have created a custom regex to validate. Please have a look at this MSDN link.
This is the sample model created to parse the request named KeyValue (say)
public class KeyValue
{
public string Key { get; set; }
}
Step 1: Trying with a custom regex
var json = #"[{ 'MyVar' : 'hello<script>bad script code</script>world' }]";
JArray readArray = JArray.Parse(json);
IList<KeyValue> blogPost = readArray.Select(p => new KeyValue { Key = (string)p["MyVar"] }).ToList();
if (!Regex.IsMatch(blogPost.ToString(),
#"^[\p{L}\p{Zs}\p{Lu}\p{Ll}\']{1,40}$"))
Console.WriteLine("InValid");
// ^ means start looking at this position.
// \p{ ..} matches any character in the named character class specified by {..}.
// {L} performs a left-to-right match.
// {Lu} performs a match of uppercase.
// {Ll} performs a match of lowercase.
// {Zs} matches separator and space.
// 'matches apostrophe.
// {1,40} specifies the number of characters: no less than 1 and no more than 40.
// $ means stop looking at this position.
Step 2: Using HttpUtility.UrlEncode - this newtonsoft website link suggests the below implementation.
string json = #"[{ 'MyVar' : 'hello<script>bad script code</script>world' }]";
JArray readArray = JArray.Parse(json);
IList<KeyValue> blogPost = readArray.Select(p => new KeyValue {Key =HttpUtility.UrlEncode((string)p["MyVar"])}).ToList();
I need to parse in C# (key ,value wise) a string that is built in a JSON format (to be exact I need to parse the binding parameter of Knockout data-bind).
I go over the html file and I extract the bindings. I want to modify each and every binding (string-wise), but It's really hard for me to parse the string, since I can't really know where each binding stops and the other starts.
for example:
data-bind="text:'ggggg',event:{mouseover:x=function(){alert(1);return 'd,y'}}"
will result in the following string:
"text:'ggggg',event:{mouseover:x=function(){alert(1);return 'd,y'}}"
I want to modify the string in the following way:
newString= "text('gggg'),event(mouseover(x=function(){alert(1);return 'd,y'}))"
I figured out that the best way to do it is to deserialize the string by JSON and then it will be easier for me to get access to each and every binding element.
I write at C#, but since I go over the html file and each data-bind is different and can contain different amount and type of attributes I would like to have a general object that I can deserialize to.
I checked out DataContractJsonSerializer but I don't see how it solves my problem.
Can you please suggest me what's best for my case?
Mary
You can do it with something like this:
var obj = ko.bindingProvider.instance.getBindings(yourDomElement,
ko.contextFor(yourDomElement));
alert(JSON.stringify(obj));
And then do whatever you want with obj.
Fiddle
But... well... don't!
I have a basic Generic List that I want turned into XML so I can return it to jquery. What I am trying to do is update my comments section in my article directory. I am returning an array of comment text, comment id, and user name. I would like to turn all of this into an array. Thanks
if (CommentFunctions.AddComment(aid, l.GetUserID(), id, comment))
{
//lets get all the comments for the article
List<CommentType> ct = CommentFunctions.GetCommentsByArticleID(id);
}
As others have pointed out, you'll need to serialize it to convert to XML.
I'd like to mention that if you're trying to return a list of objects to JQuery, that XML isn't the best or easiest format. Have you considered returning JSON?
JavaScriptSerializer serializer = new JavaScriptSerializer();
string JSONText = serializer.Serialize(List<CommentType>);
This will automatically create necessary json to describe your list of CommentTypes. JSON is much easier to parse in javascript and is much smaller to return via HTML.
Plus, you don't need to tell it your field names. It will find them for you and your JSON will be a list of classes just like your CommentType class.
You have to serialize it to XML. There are a number of ways to do this, more or less complex depending on the relative efficiency/speed you need, and the amount of control you need over the XML output.
Have a look here:
http://msdn.microsoft.com/en-us/library/ms950721.aspx
As Robert's comment mentions, you have to serialize the array to XML. Instead of retyping out the answer, however, I would recommend reading this blog post which discusses exactly how you would go about doing that.