a brief about me

My avatar
Fabio Zendhi Nagao

is an applied mathematician from IME - USP - Brazil currently working as CTO at Lojcomm Internet, a company specialized in e-commerce. + info

fields of interest: E-commerce, Collective Intelligence, Interoperability, Web 2.0, Web Design, Mathematical Programming, Pattern Recognition.

contacts: Twitter and nagaozen @hotmail.com, @gmail.com and @yahoo.com

out of date goodies

In order to help the large amount of people looking for my old widgets everyday, I'm putting below a list of the most wanted. Note that the others are still accessible at http://zendold.lojcomm.com.br/.

support my projects

If you like my free products and want to support their advancement, please consider making a small (or large!) donation or buying me a book from my Amazon wishlish.

Category : Javascript

Aug 22nd


Filed Under: ASP, AXE, Javascript, VBScript

Today I'm officially augmenting my JSON2.ASP class with a toXML method which takes a Javascript object with JSON notation and returns it's XML version. My algorithm is a very fast implementation of the prof. Stefan Gössner bijective transformation between JSON and XML exposed in this article.


This javascript:

var nagaozen = {
    full_name:"Fabio Zendhi Nagao",
    nickname: "nagaozen",
    gender: "male",
    age: 27,
    title: "Founder & CTO - Evolved",
    education: {
        "@active": true,
        technical: {
            location: "Federal Technique School of Sao Paulo",
            degree: "Technical data processing",
            final_work: "E-commerce framework"
        undergraduate: {
            location: "University of Sao Paulo",
            degree: "BSc. Applied and Computational Mathematician",
            thesis: "Mathematical Modeling of Collective Intelligence"
        graduate: {
            location: "University of Sao Paulo",
            degree: "MSc. Computing Science",
            thesis: "unknown"
    likes: ["Manoela", "Family (dogs included)", "Internet", "Programming", "Design", "Philosophy"],
    dislikes: [],
    a_few_aliens_i_know: {},
    contact: "nagaozen[at]evolved.com.br"

is converted into this XML:

<?xml version="1.0"?>
    <full_name>Fabio Zendhi Nagao</full_name>
    <title>Founder &amp; CTO - Evolved</title>
    <education active="true">
            <location>Federal Technique School of Sao Paulo</location>
            <degree>Technical data processing</degree>
            <final_work>E-commerce framework</final_work>
            <location>University of Sao Paulo</location>
            <degree>BSc. Applied and Computational Mathematician</degree>
            <thesis>Mathematical Modeling of Collective Intelligence</thesis>
            <location>University of Sao Paulo</location>
            <degree>MSc. Computing Science</degree>
    <likes>Family (dogs included)</likes>


  • Get JSON2.ASP from inside the ASP Xtreme Evolution repository.

Read More. 1 comment.

Aug 18th

Fixing Classic ASP Request.QueryString Unicode (UTF-16) bypass

Filed Under: ASP, AXE, Javascript, Optimization

Thanks for the great power of Twitter and TweetDeck, yesterday I was pointed to a terrifying bug in Request.QueryString method in the standard Classic ASP installation. THIS BUG DOES NOT EXISTS IN MY AXE FRAMEWORK (see the tests in the end).

Only God knows why for some mystical reason and under certain conditions Request.QueryString method do some automatic homoglyph (like α→a, τ→t) and homophone (like π→p) transformations in the incoming Unicode (UTF-16) QueryString helping unoccupied folks to XSS and SQLI your beloved application. Basically this stupid transformation implies that there are a lot of potential Unicode characters that can be used as '<' and ''' making the life of exploiters easier. For more information about this bug, read NoScript New Bypass Method by Unicode in ASP and Lost in Translation (ASP’s HomoXSSuality).

Since Microsoft isn't very active in supporting ASP nowadays, I've no clue if they will move a finger to fix this (usually they still release security patches). So I'm giving you Classic ASP developers the chance and the knowledge to fix this issue. Create a file named base.asp in your project and put the following code inside:

function AXE_GET(k) {
    var v = "",
        q = Request.ServerVariables("QUERY_STRING");
    try {
        v = decodeURIComponent(q);
        v = Request.QueryString(k);
    } catch(Ex) {
        var c = String(q).split('&'),
            j = k + '=';
        for(var i = 0, len = c.length; i < len; i++) {
            if( c[i].indexOf(j) === 0 ) {
                v = c[i].substring(j.length);
    return v;

Add this file to your application library (hope you made a request mapper):

<script runat="server" language="javascript" src="/lib/axe/base.asp"></script>

And replace all your Request.QueryString calls to AXE_GET:

dim name : name = Request.QueryString("name")' from this
dim name : name = AXE_GET("name")' to this

That's it, you are safer than before :D


Read More. 3 comments.

Aug 13th

Classic ASP Orderly compiler

Filed Under: ASP, AXE, Framework, Javascript, VBScript

I believe that with today's release the ASP Xtreme Evolution Framework reaches a real maturity to handle JSON. ORDERLY.ASP leverages the power of the Orderly descriptors to your Classic ASP application. Although it's bundled with the AXE, it's modularized enough to work alone for the Orderly.parse method, which returns the JSONSchema subset, or in ensemble with JSON2.ASP which enables Orderly.compile to stringify the JSONSchema representation.

The name behind this release is Zach Carter which made Orderly.js some months ago and keep updating the project since then. The only effort from my part was to document it in the AXE way and write some examples.

Here are some examples of how to use it:

Retriving the JSONSchema subset from an orderly source

<script language="javascript" runat="server" src="/lib/axe/Parsers/orderly.asp"></script>

dim source : source = join(array( _
    "object {", _
    "  string name;", _
    "  string description?;", _
    "  string homepage /^http:/;", _
    "  integer {1500,3000} invented;", _
    "}*;" _
), vbNewline)

dim Schema : set Schema = Orderly.parse(source)
Response.write( typename( Schema ) & vbNewline )
set Schema = nothing




Checking the JSONSchema stringified representation

<script language="javascript" runat="server" src="/lib/axe/Parsers/orderly.asp"></script>
<script language="javascript" runat="server" src="/lib/axe/Parsers/json2.asp"></script>

dim source : source = join(array( _
    "object {", _
    "  string name;", _
    "  string description?;", _
    "  string homepage /^http:/;", _
    "  integer {1500,3000} invented;", _
    "}*;" _
), vbNewline)

Response.write( Orderly.compile(source) & vbNewline )



    "type": "object",
    "properties": {
        "name": {
            "type": "string"
        "description": {
            "type": "string",
            "optional": true
        "homepage": {
            "type": "string",
            "pattern": "^http:"
        "invented": {
            "type": "integer",
            "minimum": 1500,
            "maximum": 3000
    "additionalProperties": true

Download & Source

Read More. 1 comment.

Aug 6th

Classic ASP JSON Revisited

Filed Under: ASP, AXE, Framework, Javascript, VBScript

UPDATE: Kate Osipova kindly made a Polish version of this article. Thanks Kate.

Hi everybody! I'm currently working on three projects using AXE (ASP Xtreme Evolution) Framework and because of their high dependency on JSON I've revisited the topic Classic ASP JSON support. The great news about it is that I found Troy Forster JSON2.ASP a really promising way to work with it. Despite the work being incomplete in terms of functionality, it used a really elegant way to READ the JSON in a fancy native looking way. Plus, the library was based on the Douglas Crockford json2.js meaning it's engine is really strict to the standards.

Because of the AXE philosophy of embrace and use the great ideas born around the world in a real collaboration environment of all languages, I felt really tempted to adopt the original work of the JSON author himself and augment the AXE Framework functionality with this little piece of gold. But I couldn't replace, also it wasn't a smart move in terms of compatibility, my old full featured JSON.ASP class with other that would restrict the freedom to manipulate the Javascript object by my own will.

And that's why I coded my own version of JSON2.ASP which instantly became an integrated piece of AXE. It provides all the functionalities from the Troy Forster work but goes beyond enabling developers to augment the object with booleans, numbers, strings, arrays (using ASP safeArrays notation) and even another objects. Plus I implemented a keys method in the Object.prototype which allows the enumeration of the object keys (this modification is fine and it's also standard in ECMAScript 5) which means that it doesn't matter in which language you are programming (Ruby, Python, VBScript etc) you can use the for each loop in same way that it's available for the language in ASP.

Here are some examples of how to use it:

Reading data from JSON

<script language="javascript" runat="server" src="/lib/axe/Parsers/json2.asp"></script>

dim Info : set Info = JSON.parse(join(array( _
    "{", _
    "  ""firstname"": ""Fabio"",", _
    "  ""lastname"": ""Nagao"",", _
    "  ""alive"": true,", _
    "  ""age"": 27,", _
    "  ""nickname"": ""nagaozen"",", _
    "  ""fruits"": [", _
    "    ""banana"",", _
    "    ""orange"",", _
    "    ""apple"",", _
    "    ""papaya"",", _
    "    ""pineapple""", _
    "  ],", _
    "  ""complex"": {", _
    "    ""real"": 1,", _
    "    ""imaginary"": 2", _
    "  }", _
    "}" _
Response.write(Info.firstname & vbNewline) ' prints Fabio
Response.write(Info.alive & vbNewline) ' prints True
Response.write(Info.age & vbNewline) ' prints 27
Response.write(Info.fruits.get(0) & vbNewline) ' prints banana
Response.write(Info.fruits.get(1) & vbNewline) ' prints orange
Response.write(Info.complex.real & vbNewline) ' prints 1
Response.write(Info.complex.imaginary & vbNewline) ' prints 2
' You can also enumerate object properties ...
dim key : for each key in Info.keys()
    Response.write( key & vbNewline )
' which prints:
' firstname
' lastname
' alive
' age
' nickname
' fruits
' complex
set Info = nothing


Building a JSON

<script language="javascript" runat="server" src="/lib/axe/Parsers/json2.asp"></script>

dim Info : set Info = JSON.parse("{""firstname"":""Fabio"", ""lastname"":""Nagao""}")
Info.set "alive", true
Info.set "age", 27
Info.set "nickname", "nagaozen"
Info.set "fruits", array("banana","orange","apple","papaya","pineapple")
Info.set "complex", JSON.parse("{""real"":1, ""imaginary"":1}")
Response.write( JSON.stringify(Info, null, 2) & vbNewline ) ' prints the text below:
'  "firstname": "Fabio",
'  "lastname": "Nagao",
'  "alive": true,
'  "age": 27,
'  "nickname": "nagaozen",
'  "fruits": [
'    "banana",
'    "orange",
'    "apple",
'    "papaya",
'    "pineapple"
'  ],
'  "complex": {
'    "real": 1,
'    "imaginary": 1
'  }
set Info = nothing


Download & Source

Read More. 13 comments.

May 11th

Tidy and GeSHi WebServices for the mankind

Filed Under: Application, ASP, Javascript, Optimization, PHP, Services

"Tidy and GeSHi webservices"


Sometime ago I spent a good amount of time playing with Wez Furlong PHPScript to merge PHP functionalities directly into ASP pages. Although it really can be done, I couldn't feel comfortable enough with the stability of the final application. In fact, the merge between PHP and other ASP languages (VBScript, Javascript, Ruby, Perl and Python) in the same script caused the application to work only in odd requests and not in even ones. Plus it was triggering processing errors in the server. This is incredibly strange and clearly shows that the Active Script port of PHP is flawed. It works fine for .wsc and other command lines things but not plays well with ASP.

Since PHP has a huge community which create really good things, it's interesting to get the benefits of their work in other environments that doesn't run the language. Two notable examples of the good things available in PHP are GeSHi, an incredible code highlighting extension that currently work with over than 130 languages, and Tidy, a nice extension to wrap and indent your XML and HTML. As we can't live without them, I've built the webservices for them both.

Read More. No comments made.

May 7th

Event-Driven-Programming and lambda function in ASP/VBScript

Filed Under: ASP, IIS, Javascript, Server, VBScript


In this article, I'll speak a little about some issues that I believe are relevant to all modern programmers. However the examples will be written in ASP/VBScript+JScript, so I'll be coherent with the purpose of these articles, which will showcase ASP as an extremely versatile and efficient environment. Here is the list of articles:

  1. ASP, a misinterpreted technology
  2. Event-Driven-Programming and lambda function in ASP/VBScript.
  3. TDD (Test Driven Development) in ASP/VBScript.
  4. Languages: Based on Objects and Object Oriented.
  5. Object Oriented in ASP/VBScript "Hackers way".
  6. "Scripting Components", the ace in the role.
  7. Caching: the concept of DRY (Don't Repeat Yourself) applied to ASP.

If you're reading one of my articles for the first time, I strongly recommend that you read the previous ones first, because I'm trying to lead you into a great abstraction, presenting the topics incrementally.

Read More. 4 comments.

Jan 5th

Reserved Words in ASP

Filed Under: ASP, Javascript, Python, Server, VBScript

First of all, HAPPY NEW YEAR! Finally, the first entry in 2009! I’ve been working really hard in the latest days, hoping to get a release version of AXE with tons of new features like: Events, XSession, Markdown and Textile parsers and a lot lot more.

This entry is about reserved words in ASP. My current main languages to code ASP are VBScript, Javascript and Python and they are interacting perfectly under the god damn awesome Microsoft CLI. Enough talk, let’s start! The post is about the boring fact that when developing low-level code, you inevitably fall in the task of recreating something important that you feel is missing or is lacking features. You go for it, start a project and everything goes fine until you need to baptize your new child. Spent a little time thinking, you knows the perfect name, try to assign it and Bang! An error happen. This is usually related to reserved words and the devil lives in the ones that you never used and forgot about their existance because they are simply reserved words don’t have any meaning to the compiler! For a quick reference, see below a list of the reserved words of the cited languages. Rare words are in strong.

Read More. 1 comment.

May 9th

Goodbye old school javascript

Filed Under: Client, Framework, Javascript, Mootools, Optimization

There are times in the life when you realise that the world has really changed and the things that was once so important to you doesn’t matter anymore. This is the case of my old dithered-extended quirksmode javascript library. It cost me years to enhance and extend but nothing more makes sense in a better standardized world.

Read More. 2 comments.