How to escape "&" and "+" in raw during POST client-side

support
1

Appreciate your help in the following:
we need to allow user to POST new topics client-side with some tags that include “&” (like UTF-8 symbol characters, starting with “&#” and some other)

we use client-side calls like that (prefix is like “title=New topic title&category=uncategorized&raw=”)

POST:

var str = prefix + raw;
         $.ajax({
            url: "http://community.yoch.tv/posts/",
            type: 'POST',
            dataType: 'json',
            contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
            processData: false,
            data: str,
            success: function () {
          console.log(JSON.stringify(data));
        },
        error: function(){
            console.log("Cannot get data");
        }
        });

and of course, it breaks at first “&” in raw body.
Question: is there any smart way to escape breaking at “&” tags? thanks

2

Have you tried using an object instead of a string for your data?

data: { title: "New Topic Title", category: "uncategorized", raw: "whatever" }

3

It doesnt work. Appreciate your advice here

        $.ajax({
        url: "http://community.yoch.tv/posts/",
        type: 'POST',
        dataType: 'json',
        //contentType: 'application/json',  //that brings 400 mistake, doesnt look that DS accepts THAT contentType 
        contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
        processData: false,
        data: { title: "New Topic Title with json data to check", category: "uncategorized", raw: "It might work with json POST. But it's not." },
        //that brings "Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)
        success: function (data) {
      console.log(JSON.stringify(data));
    },
    error: function(){
        console.log(JSON.stringify(data));
      console.log("Cannot get data");
    }
    });
4

Looks to me like you are trying to do a POST request without CSRF, can you confirm this JS is running on the same site that is running your Discourse?

5

Yes, this JS runs on the same DS under admin user.
It works with string data (looks like contentType: ‘application/json’ is not supported) and creates new topics but cut at “&” in raw (which is understandable with urlencoded POST). that we would like to overcome.

Robin suggested json workaround, but again, it looks like contentType: ‘application/json’ is not supported for POST.

7

There is another thing to overcome - it seems that with urlencoded POST the ‘+’ character is being deleted from raw.

Appreciate if we could find solution

8

that approach works.

data = { title: "New Topic Title", category: "uncategorized", raw: "whatever" };
datatopost =  $.param(data);

 $.ajax({
            url: "http://community.yoch.tv/posts/",
            type: 'POST',
            dataType: 'json',
            //contentType: 'application/json',
            contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
            processData: false,
            data: datatopost,
            success: function (data) {
          console.log(JSON.stringify(data));
        },
        error: function(){
            console.log(JSON.stringify(data));
          console.log("Cannot get data");
        }
        });
1 Like