-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Expressions for Identifying the Protocol in an Incoming IP Packet
-
Expressions for HTTP Status Codes and Numeric HTTP Payload Data Other Than Dates
-
Operations for HTTP, HTML, and XML Encoding and “Safe” Characters
-
Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Operations for HTTP, HTML, and XML encoding and “safe” characters
The following operations work with the encoding of HTML data in a request or response and XML data in a POST body.
-
<text>.HTML_XML_SAFE: Transforms special characters into XML safe format, as in the following examples:
A left-pointing angle bracket (<) is converted to < A right-pointing angle bracket (>) is converted to > An ampersand (&) is converted to & This operation safeguards against cross-site scripting attacks. Maximum length of the transformed text is 2048 bytes. This is a read-only operation.
After applying the transformation, additional operators that you specify in the expression are applied to the selected text. Following is an example:
http.req.url.query.html_xml_safe. contains(“myQueryString”)
-
<text>.HTTP_HEADER_SAFE: Converts all new line (‘\n’) characters in the input text to ‘%0A’ to enable the input to be used safely in HTTP headers.
This operation safeguards against response-splitting attacks.
The maximum length of the transformed text is 2048 bytes. This is a read-only operation.
-
<text>.HTTP_URL_SAFE: Converts unsafe URL characters to ‘%xx’ values, where “xx” is a hex-based representation of the input character. For example, the ampersand (&) is represented as %26 in URL-safe encoding. The maximum length of the transformed text is 2048 bytes. This is a read-only operation.
Following are URL safe characters. All others are unsafe:
- Alpha-numeric characters: a-z, A-Z, 0-9
- Asterix: “*”
- Ampersand: “&”
- At-sign: “@”
- Colon: “:”
- Comma: “,”
- Dollar: “$”
- Dot: “.”
- Equals: “=”
- Exclamation mark: “!”
- Hyphen: “-“
- Open and close parentheses: “(“, “)”
- Percent: “%”
- Plus: “+”
- Semicolon: “;”
- Single quote: “’”
- Slash: “/”
- Question mark: “?”
- Tilde: “~”
- Underscore: “_”
-
<text>.MARK_SAFE:
Marks the text as safe without applying any type of data transformation.
-
** .SET_TEXT_MODE(URLENCODED NOURLENCODED)** Transforms all %HH encoding in the byte stream. This operation works with characters (not bytes). By default, a single byte represents a character in ASCII encoding. However, if you specify URLENCODED mode, three bytes can represent a character.
In the following example, a PREFIX(3) operation selects the first 3 characters in a target.
http.req.url.hostname.prefix(3)
In the following example, the Citrix ADC can select up to 9 bytes from the target:
http.req.url.hostname.set_text_mode(urlencoded).prefix(3)
-
** .SET_TEXT_MODE(PLUS_AS_SPACE NO_PLUS_AS_SPACE):** Specifies how to treat the plus character (+). The PLUS_AS_SPACE option replaces a plus character with white space. For example, the text “hello+world” becomes “hello world.” The NO_PLUS_AS_SPACE option leaves plus characters as they are.
-
** .SET_TEXT_MODE(BACKSLASH_ENCODED NO_BACKSLASH_ENCODED):** Specifies whether or not backslash decoding is performed on the text object represented by <text>.
If BACKSLASH_ENCODED is specified, the SET_TEXT_MODE operator performs the following operations on the text object:
- All occurrences of “\XXX” will be replaced with the character “Y” (where XXX represents a number in the octal system and Y represents the ASCII equivalent of XXX). The valid range of octal values for this type of encoding is 0 to 377. For example, the encoded text “http\72//” and http\072//” will both be decoded to
<http://>
, where the colon (:) is the ASCII equivalent of the octal value “72”. - All occurrences of “\xHH” will be replaced with the character “Y” (HH represents a number in the hexadecimal system and Y denotes the ASCII equivalent of HH. For example, the encoded text “http\x3a//” will be decoded to
<http://>
, where the colon (:) is the ASCII equivalent of the hexadecimal value “3a”. - All occurrences of “\uWWXX” will be replaced with the character sequence “YZ” (Where WW and XX represent two distinct hexadecimal values and Y and Z represent their ASCII equivalents of WW and XX respectively. For example, the encoded text “http%u3a2f/” and “http%u003a//” will both be decoded to
<http://>
, where “3a” and “2f” are two hexadecimal values and the colon (:) and forward slash (“/”) represent their ASCII equivalents respectively. - All occurrences of “\b”, “\n”, “\t”, “\f”, and “\r” are replaced with the corresponding ASCII characters.
If NO_BACKSLASH_ENCODED is specified, backslash decoding is not performed on the text object.
- All occurrences of “\XXX” will be replaced with the character “Y” (where XXX represents a number in the octal system and Y represents the ASCII equivalent of XXX). The valid range of octal values for this type of encoding is 0 to 377. For example, the encoded text “http\72//” and http\072//” will both be decoded to
-
** .SET_TEXT_MODE(BAD_ENCODE_RAISE_UNDEF NO_BAD_ENCODE_RAISE_UNDEF):** Performs the associated undefined action if either the URLENCODED or the BACKSLASH_ENCODED mode is set and bad encoding corresponding to the specified encoding mode is encountered in the text object represented by <text>.
If NO_BAD_ENCODE_RAISE_UNDEF is specified, the associated undefined action will not be performed when bad encoding is encountered in the text object represented by<text>.
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.