Using template processor corrupts response HTML if it includes % #644
Comments
rorosaurus
changed the title
|
Just confirming: if we Here's what it is trying to process: I can work around this by moving to an external stylesheet, so this is not a blocking issue. :) |
|
I can confirm this issue. The workaround you can do is put the CSS code in other file and not use the processor. In this way it works... but isn't the best solution. We hope he can fix it. |
|
I can confirm the workaround. :) I was hoping to keep everything inline for efficiency (and also since it's for a captive portal, it's a little annoying to route exceptions). |
|
Does escaping percent signs like |
|
That is a useful reference, thank you! Would that be worth adding to the readme? Or did I miss it? |
|
Yes, it probably should be added to readme, thank you |
|
Hello, I have the same issue : ...min-width: 100%;">%CFGFRM%... and wrong response ! the response with std TEMPLATE_PLACEHOLDER at % : and the response with std TEMPLATE_PLACEHOLDER at % but with in html ...min-width: 100%;">%%CFGFRM%%... : and the good response with TEMPLATE_PLACEHOLDER at $ : Best, |
|
Hi, |
|
Yes, escaping % sign should work too. Let me know if it doesn't. |
|
Hello, Thanks for your response ! I try to change to min-width: 100%%;">%CFGFRM% but it's not work too, i have a strange return : and the form is partial And the same code with TEMPLATE_PLACEHOLDER at $ :
I try to change 100% to 99%, but same way Best, |
|
Hi Franck, |
|
Hi Pablo, Thanks for you interest. A link to download a zip with all the elements https://www.franck-rondot.com/telechargement/WebServerTest_MCVE.zip Best, |
|
[STALE_SET] This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
|
I think this issues need to still open it's not solved ! |
|
[STALE_CLR] This issue has been removed from the stale queue. Please ensure activity to keep it openin the future. |
|
Ok, the issue is still there, in my case I have next behavior: becomes to So, the next part was removed: Possible workaround: return original str in template processor by default. |
|
I have no rights to create a PR with the fix, so somebody with rights pls do: cc @me-no-dev |
|
@Pablo2048 maybe you have rights? ^^^ |
|
Unfortunately no - we have to wait for @me-no-dev |
|
@me-no-dev proposal fix #737 |
|
the proposal fixes the issue for me for single occurences of % in one line. However, for e.g. |
|
@ilorevilo the proper fix should be something next: Define acceptable symbols for template name, for example |
|
I'm also having a probelm with Processor. using it with Arduino.cc compiler on ESP8266 LinLo noneMCU board. (As a check I Just downloaded a new copy of the ESPAsyncWebserver library today May 8 2020, but same problems. ) The issue manifests differently than the above and doesn't seem related to stray % signs, so it may not be the same and point to a larger problem what is happening: I have three variable Fields (%FIELD%) which are the sole text inside each of their %FIELD1% tags. Into two of them processor() inserts an HTML table and and into one of them a simple string of plain text. But... then I do an assyncronous XHTTP request update of all three Span elements by their ID tags the simple text field renders fine but the other two tables get additional copies of the other fields table in them! So if Span id= "foo1" is supposed to be html "Table 1" and Span3 is supposed to be Table3. What I see is Span1 is table1 plus also table 3 and span3 is table3 plus also table 1. The tables themselves do not contain any percent signs. (there are css modifiers that might contain percent signs defined elsewhere but nothing obvious.) I can attach images if my description of the Spans getting mixed like that isn't clear. But to repeat, after the initial page load that applies the proccessing() step the page looks correct. But after the first XHTTP Request rerites the span context the spans are incorrect. the XHTTP doesn't invoke Processor(), that only happens on the first page load However, if I turn off the processing() then I see the %FIELD% text in the initial page load but then after the XML Request update the correct information appears and doesn't get duplicated. As a workaround I have turned off the processing() and now just added javascript which runs once at page load to immediately update the fields in addition to the asyncronous xhttp updates that update it later. This works. So it seems like processing() may have a significant bug in it. |
|
|
Quick tangential question too:(since the webserver is actually doing all the request handling, is it better or worse to have loop() be empty or have it just do some long delays. It seems like leaving it empty just is going to waste cycles calling loop() repeatedly to do nothing at all. Putting a delay in there is going to put it effectively to sleep and just set some timer to interrupt back to the main tthrea periodically, wasting fewer cycles presumably?? or not? |
|
@cems2 can you show the final HTML, which you see in your web browser? (ctrl+U in chrome) |
|
This is a "pilot errror" or "GIGO" issue: For anyone who disagrees, please explain how any code can tell the difference between "%validreplacer%" and "%; height: 100%" they are both strings delimited at both ends by a % - the exact pattern that is being serached for... Given that you probably don't have a variable anywhere called "; height: 100" - how can you possibly expect the function to perform correctly? Including style info inline is bad technique in the first place and deprecated for many reasons (things like this being just one of dozens) - simple solution: Put all style information in attached stylesheet and don't put stray % characters in your html - then there is no problem to "solve" |
|
Hello, sorry for the delay. Had to find a moment to go back to my non-working code with the processor() call to regenerate the error. Below I will paste the ESP8266 code, then the the HTML as seen by the browser, then an image of the result. What You will see here is the %TEMPERATUREF% variable has been substituted for a table. When you do this initially nothing bad seems to happen but the moment the external request tries to replace the content of the same span it malfunctions. The key thing is this---
now the HTML from the browser. this seems to be okay
|
|
ANd here is what it looks like if I remove the call to processor and don't make any other changes
Here is the html seen by the broswer And for completeness here is the webserver setup code, showing how I comment out the processor() and use the line below it instead. |
|
Comment: It's hard for me to see how this is a processor() bug. It appears the processor is creating the code I expect to see filled in with the table. So I'm hoping this isn't my own stupidity here. The duplicated table parts that show up do not show up until the javascript does a replace on the span contents. But the browser HTML doesn't show what that looks like. However is seems the span content subsitution works just fine when processor is commented out. SO it's really hard to figure out this intereraction. Since the problem only occurs when processor() is used and the substituiton is a table it's confusing. |
|
I don't understand why the browser displays the table twice. There are no repeats in the HTML response. Looks like the span content substitution goes crazy if the span already includes table tag. But there is another thing which looks like it needs fixing: the processor function. Consider: In that snippet, you return |
|
You are correct about the swapped logic (oops). And furthermore that's interesting as well since it would be half way to explaining why the tables are showing up in the wrong place. (local table duplicated into the remote field, and vica versa. )
However I say half way because the span-replacement should simply nuke the contents and re-write it.
What it looks like it is doing is this (even though this should nto happen).
1. with processor()
1. variables in spans' content gets rewritten (to unintendedly wrong tables)
2. javascript span re-write simply pre-pends the replacement text to the content of the span rather than erasing it. (erase/overwrite is expected from document.getElementById(fieldname).innerHTML = this.responseText;).
2. Without processor()
1. Varables in span content remain %VARIABLENAME%
2. javascript span re-write overwrties these as expected
So... this seems to say processor is doing it's job correctly but something weird is happening with the spans not behaving as expected.
By expected, I mean this javascript is doing what I intend it to
```
function fillit(fieldname,rurl) {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById(fieldname).innerHTML = this.responseText;
}
};
```
so either innerHTML isn't what I think it is (everything between the span tags) or this.responseText does a pre-pend which would be had to beleive
|
|
Use divs instead of spans. Span is inline element, it should not contain block elements such as table. |
|
Aha! I was too quick to say there's no issue with processor() Apparently, I think, processor malfunctions when it encounters a lone % sign in the text. (a user error) But then fails to find subsequent variables after this. There's actually two different errors here. One is a malfunction caused by the user and is correctable and the other is more mysterious. Evidently it does not require a double %VARIABLE% and just a %VARIABLE will still match!. my guess is that it is looking either for a match of bracketing percent signs, or a single percent sign plus a certain fixed number of characters in length. As a result it will match any lone percent sign in the text and try to process it. Now at this point the users processor() command will get this value and try to process it. If it does not recognize the variable a typical user written processor() function might return a blank string which would basically erase some part of the HTML!!! Or it could return the matched string but then this would re-insert the % sign again and cause an infinite recursion. I chose to let it erase the bit of HTML that contained the rogue % sign. But this then revealed a mysterious error: The processor did not find the second actual variable. Weird. Example: I created a form with two variables in it %LOCAL% and %TEMPERATUREF% THe substitution for %LOCAL% accidentally on my part had a "%" symbol as part of the text (Relative Humitdiy percentage). here's what I see when I have processor print out what the variable name it is matching. So it found the variable %LOCAL% and it will now substitute the following table which happens to contain the character % You can see the rogue % sign bracketed by tags in the above text block. This is unexpected. The processor has been called with the variable named literally inspecting the text block that was inserted we see that there wasn't a trailing % sign after the letters "Pr" above. so evidently processors parser must be matching anything of that text length that begins with a percent sign and doesn't need the close-%. So obviously that was kind of a dumb move on my part to put in a percent. But then a second error emerges: the processing stops! it fails to continue hunting for the final variable "%TEMPERATUREF% Here's the code: next the HTML string it is parsing (same as before) |
|
Suggested way to change the code to avoid this pitfall.
That combination would not handle every possible user screw-up but would work for many likely cases where the user has a percent sign in a web page text. |
|
[STALE_SET] This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
|
[STALE_DEL] This stale issue has been automatically closed. Thank you for your contributions. |
I got this library successfully serving index.htm over SPIFFS, using the example provided in the readme:
request->send(SPIFFS, "/www/index.htm", "text/html");Then I tried to use the template processor to alter some variables inside the HTML:
request->send(SPIFFS, "/www/index.htm", String(), false, processor);With the processor from the readme:
This correctly replaces the
%HELLO_FROM_TEMPLATE%withHello world!, but it appears to corrupt the output HTML as well. For example, the submit button is now missing, as well as some CSS.I suspect this is related to some of the inline styles I wrote, which use %, such as:
style='width: 100%;height:80%'However, I wouldn't expect this behavior, since the template processor should just pass through any string that doesn't match, right?
... As I write that, it becomes obvious to me that the example provided in the readme returns an empty String if
vardoesn't match the template string. So anything "surrounded" with % signs gets gobbled up.Changing this to
return var;recovers some of the expected HTML, but not everything. Since the %'s on both sides get stripped, thevarvariable only contains what was between them. Tryingreturn "%" + var + "%";actually seems to reset the ESP32 (triggering a RTOS watchdog).Is there an easier way for me to ensure unexpected parts of my HTML are not altered? Maybe we can clarify that in the README?
Example code
The text was updated successfully, but these errors were encountered: