How to escape "&" and "+" in raw during POST client-side

Appreciate your help in the following:
we need to allow user to POST new topics client-side with some tags that include “&” (like UTF-8 symbol characters, starting with “&#” and some other)

we use client-side calls like that (prefix is like “title=New topic title&category=uncategorized&raw=”)

POST:

var str = prefix + raw;
         $.ajax({
            url: "http://community.yoch.tv/posts/",
            type: 'POST',
            dataType: 'json',
            contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
            processData: false,
            data: str,
            success: function () {
          console.log(JSON.stringify(data));
        },
        error: function(){
            console.log("Cannot get data");
        }
        });

and of course, it breaks at first “&” in raw body.
Question: is there any smart way to escape breaking at “&” tags? thanks

Have you tried using an object instead of a string for your data?

data: { title: "New Topic Title", category: "uncategorized", raw: "whatever" }

It doesnt work. Appreciate your advice here

        $.ajax({
        url: "http://community.yoch.tv/posts/",
        type: 'POST',
        dataType: 'json',
        //contentType: 'application/json',  //that brings 400 mistake, doesnt look that DS accepts THAT contentType 
        contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
        processData: false,
        data: { title: "New Topic Title with json data to check", category: "uncategorized", raw: "It might work with json POST. But it's not." },
        //that brings "Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)
        success: function (data) {
      console.log(JSON.stringify(data));
    },
    error: function(){
        console.log(JSON.stringify(data));
      console.log("Cannot get data");
    }
    });

Looks to me like you are trying to do a POST request without CSRF, can you confirm this JS is running on the same site that is running your Discourse?

Yes, this JS runs on the same DS under admin user.
It works with string data (looks like contentType: ‘application/json’ is not supported) and creates new topics but cut at “&” in raw (which is understandable with urlencoded POST). that we would like to overcome.

Robin suggested json workaround, but again, it looks like contentType: ‘application/json’ is not supported for POST.

There is another thing to overcome - it seems that with urlencoded POST the ‘+’ character is being deleted from raw.

Appreciate if we could find solution

that approach works.

data = { title: "New Topic Title", category: "uncategorized", raw: "whatever" };
datatopost =  $.param(data);

 $.ajax({
            url: "http://community.yoch.tv/posts/",
            type: 'POST',
            dataType: 'json',
            //contentType: 'application/json',
            contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
            processData: false,
            data: datatopost,
            success: function (data) {
          console.log(JSON.stringify(data));
        },
        error: function(){
            console.log(JSON.stringify(data));
          console.log("Cannot get data");
        }
        });
1 Like

This topic was automatically closed after 2684 days. New replies are no longer allowed.