Top
NetCOBOL V11.0 ISAPI Subroutines User's Guide
FUJITSU Software
Chapter 3 How to Use the ISAPI Subroutines > 3.5 Output Processing Results > 3.5.6 COBW3_SET_REPEAT, COBW3_SET_REPEAT_XX, COBW3_SET_REPEAT_NX, COBW3_SET_REPEAT_XN, and COBW3_SET_REPEAT_NN
PreviousNext

3.5.6 COBW3_SET_REPEAT, COBW3_SET_REPEAT_XX, COBW3_SET_REPEAT_NX, COBW3_SET_REPEAT_XN, and COBW3_SET_REPEAT_NN

These subroutines register the repetitive conversion result (conversion character string) for the conversion name enclosed by "//COBOL_REPEAT//" specified in the Web page for processing result output to be output by "COBW3_PUT_HTML".

The registered information is referenced during execution of COBW3_PUT_HTML, and the conversion name specified in the repetitive range of the Web page for processing result output is converted according to the number of registrations of the repetitive conversion result (conversion character string) registered for the same conversion name.

The following lists the meaning of each subroutine:

ASCII environment

COBW3_SET_REPEAT

Registers the conversion character string corresponding to an alphanumeric character string conversion name as an alphanumeric character string.

Unicode environment

COBW3_SET_REPEAT_XX

Registers the conversion character string corresponding to an alphanumeric character string conversion name as an alphanumeric character string.

COBW3_SET_REPEAT_NX

Registers the conversion character string corresponding to a national character string conversion name as an alphanumeric character string.

COBW3_SET_REPEAT_XN

Registers the conversion character string corresponding to an alphanumeric character string conversion name as a national character string.

COBW3_SET_REPEAT_NN

Registers the conversion character string corresponding to a national character string conversion name as a national character string.

If multiple different conversion names are specified in the Web page for processing result output, code a separate call for each conversion name "COBW3_SET_REPEAT" or other subroutines to register the repetitive conversion result (conversion character string).

The conversion character strings to be converted during repetitive conversion are converted according to the order in which they are registered by calling "COBW3_SET_REPEAT or other subroutines ".

Register the repetitive conversion result (conversion character string) for the conversion names contained in the same repetitive range so that their numbers of registrations become the same.

How to write

CALL "COBW3_SET_REPEAT" USING COBW3.
CALL "COBW3_SET_REPEAT_XX" USING COBW3.
CALL "COBW3_SET_REPEAT_NX" USING COBW3.
CALL "COBW3_SET_REPEAT_XN" USING COBW3.
CALL "COBW3_SET_REPEAT_NN" USING COBW3.

Data setting for calling

COBW3-CNV-NAME and COBW3-CNV-NAME-N

Set the conversion name to be converted.

For COBW3_SET_REPEAT, COBW3_SET_REPEAT_XX and COBW3_SET_REPEAT_XN, set the conversion name to COBW3-CNV-NAME.

For COBW3_SET_REPEAT_NX or COBW3_SET_REPEAT_NN, set the conversion name to COBW3-CNV-NAME-N.

COBW3-CNV-NAME-LENGTH [optional]

If the conversion name has a valid blank at the end, set the string length (byte length) of the conversion name including the blank.

Value

Meaning

0

Registers the conversion name using the length up to the last character excluding the blank. However, if COBW3-CNV-NAME or COBW3-CNV-NAME-N is completely blank, the string length is set to zero for processing.

1 to 30

Registers the conversion name using the specified string length.

COBW3-CNV-VALUE and COBW3-CNV-VALUE-N

Set the conversion results (conversion character string).

For COBW3_SET_REPEAT, COBW3_SET_REPEAT_XX and COBW3_SET_REPEAT_NX, set the conversion character string to COBW3-CNV-VALUE.

For COBW3_SET_REPEAT_XN or COBW3_SET_REPEAT_NN, set the conversion string to COBW3-CNV-VALUE-N.

COBW3-CNV-VALUE-LENGTH [optional]

If the conversion character string has a valid blank at the end, set the string length (byte length) of the conversion value including the blank.

Value

Meaning

0

Registers the conversion value using the length up to the last character excluding the blank. However, if COBW3-CNV-VALUE or COBW3-CNV-VALUE-N is completely blank, the string length is set to zero for processing.

1 to 1024

Registers the conversion name using the specified string length.

To specify a blank in the conversion results, register repetitive conversion data by specifying blanks to the conversion string and zero to the conversion string length.

COBW3_SANITIZE_CNV [Optional]

If characters that are vulnerable to a cross site scripting attack are found in conversion data, those characters are automatically replaced. This process is referred to as "sanitizing".

For more details on cross site scripting, refer to Appendix P, Security, in the NetCOBOL User' s Guide.

COBW3_SANITIZE_CNV is valid when either COBW3_SET_REPEAT_XX or COBW3_SET_ REPEAT_NX is used. However, if the code set is Unicode, COBW3_SANITIZE_CNV is also valid when COBW3_SET_ REPEAT_XN or COBW3_SET_ REPEAT_NN is used.

Condition name

Value

Explanation

COBW3-SANITIZE-CNV-OFF

LOW-VALUE

Does not sanitize.

COBW3-SANITIZE-CNV-ON

"1"

Sanitize.

Note

The sanitization procedure replaces the five characters that are vulnerable to a cross site scripting attack (&, <, >, ", ') with the following escape characters:

&  ®  &amp;
<  ®  &lt;
>  ®  &gt;
"  ®  &quot;
'  ®  &#39;

As a result, a single character is being replaced with 4-6 characters, increasing the length of the sanitized data. This means that, depending on the content of the unsanitized data, sanitizing data may cause the maximum data length (1024 bytes) set in the Web parameter VALUE to be exceeded. If this happens, the sanitized data is truncated automatically at 1024 bytes.

It is also possible that the escape characters themselves may be truncated. In this case, the vulnerable character is deleted, not replaced. An example is given below.

Example

The unsanitized data area is 1021 bytes long. The first 1020 bytes contain n characters that do not require sanitizing, but the last character is an ampersand ( & ).

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&    <- Last character is "&"
   |             1021 bytes                       |

After sanitizing, this becomes:

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&amp;
   |            1025 bytes                              |

This exceeds the 1024-byte limit, but truncating the data to 1024 bytes would interrupt the escape character string (&amp;). For this reason, the ampersand is deleted instead of being replaced.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx      <- Trailing "&" is deleted
   |          1020 bytes                        |

As a result, the actual length of the data is reduced to 1020 bytes.

Processing result data

COBW3_SANITIZED_CNV_FLAG

If COBW3_SANITIZE_CNV is set, a value that indicates whether or not the replacement procedure (sanitizing) actually took place is set.

COBW3_SANITIZED_CNV_FLAG is valid when either COBW3_SET_ REPEAT_XX or COBW3_SET_ REPEAT_NX is used. However, if the code set is Unicode, COBW3_SANITIZED_CNV_FLAG is also valid when COBW3_SET_ REPEAT_XN or COBW3_SET_ REPEAT_NN is used.

Condition name

Value

Explanation

COBW3-SANITIZED-CNV-NON

"0"

Did not sanitize.

COBW3-SANITIZED-CNV-EXIST

"1"

Sanitized.

PreviousNext
Copyright 2009-2015 FUJITSU LIMITED