From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: Decoding URLs input Date: Sun, 4 Jul 2021 01:18:10 +0300 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19756"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.7+183 (3d24855) (2021-05-28) Cc: Help GNU Emacs To: Yuri Khan Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Sun Jul 04 00:21:09 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lzo0a-0004xH-Pb for geh-help-gnu-emacs@m.gmane-mx.org; Sun, 04 Jul 2021 00:21:08 +0200 Original-Received: from localhost ([::1]:47488 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lzo0Z-00004z-S5 for geh-help-gnu-emacs@m.gmane-mx.org; Sat, 03 Jul 2021 18:21:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60946) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lzo08-0008WR-D2 for help-gnu-emacs@gnu.org; Sat, 03 Jul 2021 18:20:40 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:33415) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lzo06-0000Aj-0s for help-gnu-emacs@gnu.org; Sat, 03 Jul 2021 18:20:40 -0400 Original-Received: from localhost ([::ffff:197.157.34.164]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000057EBC.0000000060E0E2B2.00001A73; Sat, 03 Jul 2021 15:20:33 -0700 Mail-Followup-To: Yuri Khan , Help GNU Emacs Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:131440 Archived-At: * Yuri Khan [2021-07-03 23:17]: > I just fed it some percent-encoded sequences that I knew would result > in invalid UTF-8 when decoded. If it were doing a full decode, I > expected it to signal an error. It didn’t. > > > The docstring is poor, it says like: "Remove %XX embedded spaces, etc in a > > URL." -- with "remove" I don't expect converting UTF-8 into bytes. > Yeah, that is bad. If I see “remove %xx” in a docstring, I expect > (string= (f "Hello%20World") "HelloWorld"). Yes. Can you correct that docstring maybe? > > I am now solving the issue that spaces are converted to plus sign and > > that I have to convert + signs maybe before: > > (decode-coding-string (url-unhex-string "Hello+There") 'utf-8) > > but maybe not before, maybe I leave it and convert later. > > You have to replace them before percent-decoding. If you try it after > percent-decoding, you will not be able to distinguish a + that encodes > a space from a + that you just decoded from %2B. Luckily, spaces never > occur in a valid encoded query string; if they did and had some > meaning, you’d have to decode + *at the same time* as %xx. Exactly. I just did not yet get into that analysis and thanks for your quick one! Now it is clear I have to do it. > By the way, you’re in for some unspecified amount of pain by trying to > implement a web application without a framework. (And by a framework I > mean a library that would give you well-tested means to encode/decode > URL parts, HTTP headers, gzipped request/response bodies, base64, > quoted-printable, application/x-www-form-urlencoded, > multipart/form-data, json, …) CGI is not nearly as simple as it > initially appears to be when you read a hello-cgi-world tutorial. Definitely not as simple. Though for the specific need it may be very compact. There also exist simple Emacs CGI libraries though nearly not as comprehensive as you mentioned it. The Double Opt-In already works with cosmetic errors. It will soon be perfected with these information. Double Opt-In is to receive subscription, redirect to the subscription confirmation page that in turn could redirect to sales page or be sales page or other page; to send email to subscriber to confirm, to receive confirmation and dispatch the Emacs hash to administrator; to receive unsubscribe request without any hesitations and dispatch to administrator; offer to visitor to subscribe again. I am designing that to be offline just as I have been doing it long time before, for years. Database is not online. No people's data should be ever released online. This is for business secret purposes. One can see that databases leak all the time on raidforums.com And practically it works well, it generates relations. I consider it one of most important scripts. The old Perl Form script type I have long converted to Common Lisp. For my specific need: - encode/decode URL parts is resolved as I only receive URL and dispatch simpler confirmation URLs; - HTTP headers, I just use these and nothing more so far: (defun rcd-cgi-headers (&optional content-type) "Prints basic HTTP headers for HTML" (let ((content-type (or content-type "text/html"))) (princ (format "Content-type: %s\n\n" content-type)))) (defun rcd-cgi-redirect (url) "Redirect to URL." (princ (concat "Location: " url "\n\n")) (unless (eq major-mode 'emacs-lisp-mode) (kill-emacs 0))) - gzipped request/response bodies -- hmm, I think I will not get gzipped request, I have no idea right now. Responses definitely not, as the only response is either error or redirect to a page. I will keep redirect pages in the URL itself to have the script totally on its own without anything much hard coded inside. - I would like to have a line encrypted request. I have used Tiny Encryption in Perl and it worked well. Do you know any single line encryption for emacs? Maybe I can use OpenSSL. I need a stream cipher. https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm#Versions I don't know how to use this one, but that maybe what I could use: https://github.com/skeeto/emacs-chacha20 as for URL subscribe requests it is best to have just one string encrypted, like doi.cgi?njadsjnasnfdkjsbfbsfbhj that nothing is shown to user. That is how I have been doing it before with Perl. I may simply use external program and encrypt URL requests similar like: echo '(mid 1 eid 2 cid 3 tile "Subscribe to business")' | openssl enc -ChaCha20 -e -k some -pbkdf2 -base64 -A U2FsdGVkX192ic8hOU15mR6zjoYK/rpRA/NkgHohy6eO2A+W8EHuopAigBcc57wKR/sxMYqPV1ESYEY523DS/h0= as the idea is to keep the script free of hard coding. It should only authorize email addresses that server is in charge of. Maybe I can do that with gnutls- functions? I just don't know how. That would be better as not to have external dependencies. - base64 functions exist in Emacs already? Any problem? I will not need it. - quoted-printable - they also exist in Emacs. - application/x-www-form-urlencoded -- yes, definitely, up - multipart/form-data, json -- json functions are there in Emacs, though I think I will not need it. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/