ColdFusion JSON parsing failure: Expected '"' at character 2: '&'

Forum|Forum|8 years ago
August 17, 2017
1 reply
4491 views

Hello, all,

I'm trying to convert a project so that the components folder is outside of the webroot. For the most part, this has been a smooth transition.

Until (dun dun dunnnnnnnn) I get to the parts where I am using AJaX to submit forms. When the component was in the webroot, it was very simple, very straightforward. Now that the components exist outside the webroot, cfajaxproxy is giving me fits.

If all I'm submitting is a single form field value, it works. If I'm submitting an entire form using jQuery.serializeArray(), suddenly there's a problem.

postData = $('#'+formID).serializeArray();
thisComponent = new ERC(); //Component is in F:\webdocs\_com\public\ERC.cfc and components are mapped in application.cfc
thisComponent.setHTTPmethod('POST');
thisComponent.setCallbackHandler(displayResult);
thisComponent.setErrorHandler(displayFail);
thisComponent.dtsSurvey(postData); // Submit the form to the function "dtsSurvey" in ERC.cfc

This results in the error message mentioned in the subject: JSON parsing failure: Expected '"' at character 2: '&'

The reason why is because ColdFusion sees: {"form":[{"name"... (The JSON " are being converted to ASCII.)

How can I fix this? I've Googled for it, and I'm not finding a solution.

V/r,

^ _ ^

This topic has been closed for replies.

H

haxtbh

Inspiring

Are we able to see roughly how dtsSurvey function works.

Assuming the json is correct passing it to that, then something that side maybe changing it.

WolfShadeAuthor

Brainiac

Hi, haxtbh,

The JSON isn't even making it to the function. In the very beginning of the function, I placed a <CFDUMP var="#form#" /><cfabort> (the function doesn't 'return' anything, it outputs.) I'm not getting that dump, at all. The error is being triggered in the cfajax.js because CF can't correctly parse it. I think CFAJAXPROXY is replacing the quotes, but can't be sure - something is.

But my onError() is triggering the error email before my CFTRY/CFCATCH can get it, so I'm not being given a file or line number for the error.

F12 in FireFox Developer Edition is showing that the error is in cfajax.js on multiple lines.

V/r,

^ _ ^

WolfShadeAuthor

Brainiac

I think I may have found something. onRequestStart() is taking both URL and FORM structs and performing a serializeJSON() and HTMLEditFormat() on them before sending them to Portcullis for analysis.

I'm not sure why. But I don't want to undo them, quite yet, as I don't have oWasp ESAPI involved. Yet. (EDIT: Not completely true - I am using canonicalize() on many things.)

I'm open to suggestions. Remember that I am working for US Dept of Defense, so some suggestions may not be possible.

V/r,

^ _ ^

UPDATE: Nevermind.. I didn't look at the code close enough. The lead developer who passed this on to me (he's no longer here) implemented the above described code, but he saved it to a session variable for no (apparent) reason, and still sends the url or form struct, itself, unchanged, to Portcullis.

The lead developer before me went down many rabbit holes during his time, here. And I'm the one paying for it. (smh)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded