These subroutines register the conversion character string for the conversion name enclosed by "//COBOL//" specified in the Web page for processing result output to be output by "COBW3_PUT_HTML".
The registered information is referenced during execution of COBW3_PUT_HTML, and the conversion is carried out in the Web page for processing result output according to the registered conversion data.
The following lists the meaning of each subroutine:
ASCII environment
Registers the conversion character string corresponding to an alphanumeric character string conversion name as an alphanumeric character string.
Unicode environment
Registers the conversion character string corresponding to an alphanumeric character string conversion name as an alphanumeric character string.
Registers the conversion character string corresponding to a national character string conversion name as an alphanumeric character string.
Registers the conversion character string corresponding to an alphanumeric character string conversion name as a national character string.
Registers the conversion character string corresponding to a national character string conversion name as a national character string.
Note
If multiple different conversion names are specified in the Web page for processing result output, code a separate call for each conversion name "COBW3_SET_CNV" or other subroutines to register the conversion character string.
How to write
CALL "COBW3_SET_CNV" USING COBW3.
CALL "COBW3_SET_CNV_XX" USING COBW3.
CALL "COBW3_SET_CNV_NX" USING COBW3.
CALL "COBW3_SET_CNV_XN" USING COBW3.
CALL "COBW3_SET_CNV_NN" USING COBW3.
Data setting for calling
Set the conversion name to be converted.
For COBW3_SET_CNV, COBW3_SET_CNV_XX and COBW3_SET_CNV_XN, set the conversion name to COBW3-CNV-NAME.
For COBW3_SET_CNV_NX and COBW3_SET_CNV_NN, set the conversion name to COBW3-CNV-NAME-N.
If the conversion name has a valid blank at the end, set the string length (byte length) of the conversion name including the blank.
Value | Meaning |
|---|---|
0 | Searches the conversion name using the length up to the last character excluding the blank. However, if COBW3-CNV-NAME or COBW3-CNV-NAME-N is completely blank, the string length is set to zero for processing. |
1 to 30 | Searches the conversion name using the specified string length. |
Set the conversion results (conversion string).
For COBW3_SET_CNV, COBW3_SET_CNV_XX and COBW3_SET_CNV_NX, set the conversion string to COBW3-CNV- VALUE.
For COBW3_SET_CNV_XN and COBW3_SET_CNV_NN, set the conversion string to COBW3-CNV-VALUE-N.
If the conversion string has a valid blank at the end, set the string length (byte length) of the conversion character string including the blank.
Value | Meaning |
|---|---|
0 | Registers the conversion character string using the length up to the last character excluding the blank. However, if COBW3-CNV-VALUE or COBW3-CNV-VALUE-N is completely blank, the string length is set to zero for processing. |
1 to 1024 | Registers the conversion string using the specified string length. |
Set the conversion type.
Condition name | Value | Meaning |
|---|---|---|
COBW3-CNV-MODE-ADDREP | LOW-VALUE | Adds conversion data if the specified conversion name has not been registered. |
COBW3-CNV-MODE-REPLACE | "1" | Replaces conversion data. An error is output and no conversion is carried out if the specified conversion name has not been registered. |
COBW3-CNV-MODE-ADD | "2" | Adds conversion data. If the specified conversion name has been registered, an error is output and no addition is made. |
If characters that are vulnerable to a cross site scripting attack are found in conversion data, those characters are automatically replaced. This process is referred to as "sanitizing".
For more details on cross site scripting, refer to Appendix P, Security, in the NetCOBOL User' s Guide.
COBW3_SANITIZE_CNV is valid when either COBW3_SET_CNV_XX or COBW3_SET_CNV_NX is used. However, if the code set is Unicode, COBW3_SANITIZE_CNV is also valid when COBW3_SET_CNV_XN or COBW3_SET_CNV_NN is used.
Condition name | Value | Explanation |
|---|---|---|
COBW3-SANITIZE-CNV-OFF | LOW-VALUE | Does not sanitize. |
COBW3-SANITIZE-CNV-ON | "1" | Sanitize. |
Note
The sanitization procedure replaces the five characters that are vulnerable to a cross site scripting attack (&, <, >, ", ') with the following escape characters:
& ® & < ® < > ® > " ® " ' ® '
As a result, a single character is being replaced with 4-6 characters, increasing the length of the sanitized data. This means that, depending on the content of the unsanitized data, sanitizing data may cause the maximum data length (1024 bytes) set in the Web parameter VALUE to be exceeded. If this happens, the sanitized data is truncated automatically at 1024 bytes.
It is also possible that the escape characters themselves may be truncated. In this case, the vulnerable character is deleted, not replaced. An example is given below.
Example
The unsanitized data area is 1021 bytes long. The first 1020 bytes contain n characters that do not require sanitizing, but the last character is an ampersand ( & ).
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx& <- Last character is "&" | 1021 bytes |
After sanitizing, this becomes:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx& | 1025 bytes |
This exceeds the 1024-byte limit, but truncating the data to 1024 bytes would interrupt the escape character string (&). For this reason, the ampersand is deleted instead of being replaced.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <- Trailing "&" is deleted | 1020 bytes |
As a result, the actual length of the data is reduced to 1020 bytes.
Processing result data
If COBW3_SANITIZE_CNV is set, a value that indicates whether or not the replacement procedure (sanitizing) actually took place is set.
COBW3_SANITIZED_CNV_FLAG is valid when either COBW3_SET_CNV_XX or COBW3_SET_CNV_NX is used. However, if the code set is Unicode, COBW3_SANITIZED_CNV_FLAG is also valid when COBW3_SET_CNV_XN or COBW3_SET_CNV_NN is used.
Condition name | Value | Explanation |
|---|---|---|
COBW3-SANITIZED-CNV-NON | "0" | Did not sanitize. |
COBW3-SANITIZED-CNV-EXIST | "1" | Sanitized. |
