Search Results

Search found 518 results on 21 pages for 'vbscript'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 14/21 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • ASP/HTML problem with spaces and monofonts

    - by nickik
    I have a ASP has a Function that converts ä to &auml so far so good. I have lets say space for 10 char's if there are more cut them of if there are less fill the space up with &nbsp's. . Like this: test &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp but if i say "täst" it does this: te &auml t &nbsp It interprets the &auml not as one char it looks at it as 6 chars. Is there a clever way around that? This problem messes up my design because I need the right count of spaces. The whole thing goes into a big select box. Of you have to add a ; at the end of ever &... I could add them because the Editor would really interprt them.

    Read the article

  • removing <br/> from GET request

    - by tking
    I'm using a get request to get some page data but need to strip the break tags from the finished file. Basically what I'm doing is taking the output of the get request and saving it to a file but it has hundereds of break tags in it I need removed. I'm fine with running a batch or vb script after the file is saved to remove the tags but I'm not sure how on how to do that either. So far the only solutions I have seen is to remove entire lines.

    Read the article

  • ASP error 424 Object required

    - by jeff
    I've got a problem with the following code pasted below, the problem seems to be coming from the openastextstream this carries on from another question: Set str_text_stream = obj_file.OpenAsTextStream(ForReading, TristateUseDefault) response.Write "<table>" int_j = 0 int_x = 0 Err.number = 0 Do While Not str_text_stream.AtEndOfStream str_po_insert_sql = "INSERT into tbl_purchase_orders (purchase_order_number, purchase_order_vendor_number, purchase_order_vendor_name) " str_po_insert_sql = str_po_insert_sql & " VALUES (" str_line = str_text_stream.readline arr_line = Split(str_line, """,""", -1) if Ubound(arr_line) <> 2 then Response.write "<tr><td>The line " & str_line & " could not be imported.</td></tr>" int_x = 1 else int_y = Instr(arr_line(2), """,") - 1 str_field_0 = Replace(arr_line(0), """", "") str_field_0 = Replace(str_field_0, "'", "''") str_field_1 = Replace(arr_line(1), "'", "''") str_field_2 = Left(arr_line(2), int_y) str_field_2 = Replace(str_field_2, "'", "''") str_po_insert_sql = str_po_insert_sql & "'" & str_field_0 & "', '" & arr_line(1) & "', '" & str_field_2 & "')" rs_po_insert.Open str_po_insert_sql, dbConnection, 3 if Err.number <> 0 then Response.write "<tr><td>The line " & str_po_insert_sql & " was imported.</td></tr>" end if Err.number = 0 int_j = int_j + 1 end if loop data from test import: "4501366934","800002","Clancy Docwra Ltd",04/05/2010 00:00:00 "4501366935","800004","Clancy Docwra Ltd",04/05/2010 00:00:00 "4501366936","800004","Clancy Docwra Ltd",04/05/2010 00:00:00

    Read the article

  • [Resolved] OWC does not work with IE8

    - by mactov
    Hi, I have a web page that is generated with Access 2003 and uses Office Web Components. It worked fine with IE6 and IE7 but does not work anymore with IE8. Here are more details. I create an MSODSC component and a WSH object to get my ConnectionString in the registry. Then the Dropdown Lists are fed by a request to the database. It works perfect with IE6 and IE7, works locally with IE8 but if the page is served by IIS to IE8, the drop down lists are empty. Can anyone help me ? Thanks Mactov It was just a security issue. I had put my site in the confidence zone (according to the error message). I transfered it into intranet zone and it works perfect.

    Read the article

  • Windows batch/script code to conditionally process based on date value in text file

    - by CarolinaJay65
    I am using Windows XP. The code can be used in a batch file or vbs script. I intend to use Windows scheduler to run the program. I need code to read a date from a text file (could be the only line in the text file or the date could be included in the filename, I control the process that generates the file) The code would then need to evaluate the text file date against the current date to confirm that the text file date is from the prior month. I'm starting to build a process to be able to run 1st-of-the-month jobs once the monthly data has been refreshed. I'm new to building this kind of process using batch/script files. Thanks for your time

    Read the article

  • Type Mismatch using VBScript to create Pivot Table/Chart

    - by Rodricks
    I get Run time error:Type mismatch for the following code: Dim Field Field="Gen8" '''' ============================================================================== EXCEL Sheet '==============Errors -Stacked Chart by Year and Week --ALL WEEKS ''''=================================================== objExcel.ActiveWorkbook.Worksheets.Add SheetNumber = SheetNumber ' add adds in front so sheetnumber stays 1 objExcel.Sheets(SheetNumber).Select objExcel.Sheets(SheetNumber).Activate objExcel.Sheets(SheetNumber).Name = "YRWk" SheetName = "SYS_Product_YRWeeks" '============== strSQLCustomers = "select isnull(AB.Week,D.Week_Num) AS YRWk,ISNULL(AB.UnCorrectable,0) as UE," & _ "isnull(AB.Correctable,0) as CE, isnull(AB.SYS_Product,'" & Field & "'" & _ ") as SYS_Product from AHS_Dates D Left Join (select * from P_tot where " & _ "SYS_Product = '" & Field & "'" & _ " ) AB on AB.Year_=D.Year_ and AB.Week=D.Week_Num order by YRWk" FetchData2.Open strSQLCustomers, openConnection, adOpenStatic, adLockReadOnly If FetchData2.RecordCount > 0 Then **objExcel.ActiveWorkbook.Connections.Add SheetName, "", _ Array(Array( _ "ODBC;DRIVER=SQL Server Native Client 10.0;SERVER=" & sServerIP & ";TimeOut=5000000; Trusted_Connection=Yes;Integrated Security=SSPI;" _ ), Array("DATABASE=" & sDataBaseName & ";")), Array(strSQLCustomers), 2** objExcel.ActiveWorkbook.PivotCaches.Create(SourceType:=xlExternal, SourceData:= _ objExcel.ActiveWorkbook.Connections(SheetName), Version:= _ xlPivotTableVersion14).CreatePivotTable TableDestination:=objExcel.Sheets(SheetNumber).Name & "!R3C7", _ TableName:="PivotTable" & SheetNumber, DefaultVersion:=xlPivotTableVersion14 Set ws = objExcel.ActiveWorkbook.Worksheets(objExcel.Sheets(SheetNumber).Name) objExcel.Cells(3, 7).Select ws.Shapes.AddChart.Select objExcel.ActiveWorkbook.ActiveChart.ChartType = xlAreaStacked objExcel.ActiveWorkbook.ActiveChart.SetSourceData Source:=ws.Range(objExcel.Sheets(SheetNumber).Name & "!$G$3:$I$20") With ws.PivotTables("PivotTable1").PivotFields("SYS_PRoduct") .Orientation = xlColumnField .Position = 1 End With With ws.PivotTables("PivotTable1").PivotFields("YRWk") .Orientation = xlRowField .Position = 1 End With ' With ws.PivotTables("PivotTable1").PivotFields("Year_") ' .Orientation = xlRowField ' .Position = 2 ' End With objExcel.ActiveWorkbook.ActiveChart.ChartTitle.Text = " Errors by Week and Year -ALLWEEKS" ws.PivotTables("PivotTable1").AddDataField ws.PivotTables( _ "PivotTable1").PivotFields("UE"), "Sum of UnCorrectable", xlSum ws.PivotTables("PivotTable1").AddDataField ws.PivotTables( _ "PivotTable1").PivotFields("CE"), "Sum of Correctable", xlSum End If ''MsgBox (FetchData2.RecordCount) FetchData2.Close I have used the same pivot chart + table in other slides. The problem I think is the query length My question: 1.Is there a better way for me to access the query results. Would appreciate the steps if any. 2.If I can make it a procedure how do I modify the pivot chart/table creation. Thanks. The query results with all 52 weeks: Week UE CE SYS_Product(or Field) 1 0 0 Gen8 2 0 0 Gen8 3 0 0 Gen8 4 0 0 Gen8 5 0 0 Gen8 6 0 0 Gen8

    Read the article

  • VB script + replace word only in specific line

    - by yael
    hi I find way to replace word in text file as the following strNewText = Replace(strText, "OLD_WORD", "NEW_WORD")t but this replace every OLD_WORD in the file my question is if it possible to replace the OLD_WORD with the NEW_WORD only on specific line for example I want to replace only on line that start with "THIS_LOCATION" THIS_LOCATION=OLD_WORD THX for help

    Read the article

  • How do I get back results running a VB Script from C#?

    - by Tom
    I want to be able to call VB scripts from C#, which is easy enough, but I need to be able to get back the results from these scripts at times. Should I use the method referenced with something to read back, or should I use a different method? I've found a method to getting data back from powershell scripts using Runspaces and Pipelines, but I don't know enough about this technology to know if it will work with VB scripts as well. Ideally, I'd like to do something similar to the powershell method where I can just pass in the contents of the script without needing to reference an external file and get back the results. Can anyone tell me how to do this? Thanks.

    Read the article

  • Selectively Including files in C#.net web application [migrated]

    - by segnosaur
    I am attempting to modify an application with the following characteristics: Written in C#.net Using Visual Studio 2010 The application uses a Master sheet to maintain commonality The Master sheet has the following: <%@ Master Language="C#" AutoEventWireup="true" CodeFile="mysheet.master.cs" Inherits="master_mysheet" %> Now, currently, the master sheet has an include file that brings in a common footer: #include file="inc/my-footer.inc" Here's what I want to do: I would like to modify the master sheet to be able to read in a footer based on the value contained in a session variable... i.e. (not real code, but just something to give an idea of what I want) if session("x") = "a" then #include file="inc/my-footer1.inc" else #include file="inc/my-footer2.inc" My first instinct was to go with some vbscript: <script type="text/vbscript" language="vbscript"> document.write("vbscript example.") </script> However, it doesn't run the vbscript code automatically on page load. Does anyone know: - The syntax I need to actually get this to work? i.e. to get the vbscript to run automatically on page load, AND to do the page include? - Or, is there a better way to go about this? (perhaps by doing some coding in C#) Note: I am experienced in C#; however, I haven't done any vbscript since the days of ASP classic, so my knowledge there is out of date.

    Read the article

  • Why is String Templating Better Than String Concatenation from an Engineering Perspective?

    - by stephen
    I once read (I think it was in "Programming Pearls") that one should use templates instead of building the string through the use of concatenation. For example, consider the template below (using C# razor library) <in a properties file> Browser Capabilities Type = @Model.Type Name = @Model.Browser Version = @Model.Version Supports Frames = @Model.Frames Supports Tables = @Model.Tables Supports Cookies = @Model.Cookies Supports VBScript = @Model.VBScript Supports Java Applets = @Model.JavaApplets Supports ActiveX Controls = @Model.ActiveXControls and later, in a separate code file private void Button1_Click(object sender, System.EventArgs e) { BrowserInfoTemplate = Properties.Resources.browserInfoTemplate; // see above string browserInfo = RazorEngine.Razor.Parse(BrowserInfoTemplate, browser); ... } From a software engineering perspective, how is this better than an equivalent string concatentation, like below: private void Button1_Click(object sender, System.EventArgs e) { System.Web.HttpBrowserCapabilities browser = Request.Browser; string s = "Browser Capabilities\n" + "Type = " + browser.Type + "\n" + "Name = " + browser.Browser + "\n" + "Version = " + browser.Version + "\n" + "Supports Frames = " + browser.Frames + "\n" + "Supports Tables = " + browser.Tables + "\n" + "Supports Cookies = " + browser.Cookies + "\n" + "Supports VBScript = " + browser.VBScript + "\n" + "Supports JavaScript = " + browser.EcmaScriptVersion.ToString() + "\n" + "Supports Java Applets = " + browser.JavaApplets + "\n" + "Supports ActiveX Controls = " + browser.ActiveXControls + "\n" ... }

    Read the article

  • Vbscript / webcam. using flash API - Save streaming file as image

    - by remi
    Hi. Based on a php app we've tried to developp our own webapp in vbscript. All is working well. The camera starts, etc.. The problem we're left with is the following: the flash API is streaming the content of the video to a webpage, this page saves the photo as a jpg. The PHP code we're trying to emulate is as follow $str = file_get_contents("php://input"); file_put_contents("/tmp/upload.jpg", pack("H*", $str)); After intensive googling the best we can come up with is Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Dim sImagePath As String = Server.MapPath("/registration/") & "test.jpg" Dim data As Byte() = Request.BinaryRead(Request.TotalBytes) Dim Ret As Array Dim imgbmp As New System.Drawing.Bitmap("test.jpg") Dim ms As MemoryStream = New MemoryStream(data) imgbmp.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg) Ret = ms.ToArray() Dim fs As New FileStream(sImagePath, FileMode.Create, FileAccess.Write) fs.Write(Ret, 0, Ret.Length) fs.Flush() fs.Close() End Sub which is not working, does anybody have any suggestion?

    Read the article

  • Best way to run remote VBScript in ASP.net? WMI or PsExec?

    - by envinyater
    I am doing some research to find out the best and most efficient method for this. I will need to execute remote scripts on a number of Window Servers/Computers (while we are building them). I have a web application that is going to automate this task, I currently have my prototype working to use PsExec to execute remote scripts. This requires PsExec to be installed on the system. A colleague suggested I should use WMI for this. I did some research in WMI and I couldn't find what I'm looking for. I want to either upload the script to the server and execute it and read the results, or already have the script on the server and execute it and read the results. I would prefer the first option though! Which is more ideal, PsExec or WMI? For reference, this is my prototype PsExec code. This script is only executing a small script to get the Windows OS and Service Pack Info. Protected Sub windowsScript(ByVal COMPUTERNAME As String) ' Create an array to store VBScript results Dim winVariables(2) As String nameLabel.Text = Name.Text ' Use PsExec to execute remote scripts Dim Proc As New System.Diagnostics.Process ' Run PsExec locally Proc.StartInfo = New ProcessStartInfo("C:\Windows\psexec.exe") ' Pass in following arguments to PsExec Proc.StartInfo.Arguments = COMPUTERNAME & " -s cmd /C c:\systemInfo.vbs" Proc.StartInfo.RedirectStandardInput = True Proc.StartInfo.RedirectStandardOutput = True Proc.StartInfo.UseShellExecute = False Proc.Start() ' Pause for script to run System.Threading.Thread.Sleep(1500) Proc.Close() System.Threading.Thread.Sleep(2500) 'Allows the system a chance to finish with the process. Dim filePath As String = COMPUTERNAME & "\TTO\somefile.txt" 'Download file created by script on Remote system to local system My.Computer.Network.DownloadFile(filePath, "C:\somefile.txt") System.Threading.Thread.Sleep(1000) ' Pause so file gets downloaded ''Import data from text file into variables textRead("C:\somefile.txt", winVariables) WindowsOSLbl.Text = winVariables(0).ToString() SvcPckLbl.Text = winVariables(1).ToString() System.Threading.Thread.Sleep(1000) ' ''Delete the file on server - we don't need it anymore Dim Proc2 As New System.Diagnostics.Process Proc2.StartInfo = New ProcessStartInfo("C:\Windows\psexec.exe") Proc2.StartInfo.Arguments = COMPUTERNAME & " -s cmd /C del c:\somefile.txt" Proc2.StartInfo.RedirectStandardInput = True Proc2.StartInfo.RedirectStandardOutput = True Proc2.StartInfo.UseShellExecute = False Proc2.Start() System.Threading.Thread.Sleep(500) Proc2.Close() ' Delete file locally File.Delete("C:\somefile.txt") End Sub

    Read the article

  • how do I access XHR responseBody from Javascript?

    - by Cheeso
    I've got a web page that uses XMLHttpRequest to download a binary resource. Because it's binary I'm trying to use xhr.responseBody to access the bytes. I've seen a few posts suggesting that it's impossible to access the bytes directly from Javascript. This sounds crazy to me. Weirdly, xhr.responseBody is accessible from VBScript, so the suggestion is that I must define a method in VBScript in the webpage, and then call that method from Javascript. See jsdap for one example. var IE_HACK = (/msie/i.test(navigator.userAgent) && !/opera/i.test(navigator.userAgent)); if (IE_HACK) document.write('<script type="text/vbscript">\n\ Function BinaryToArray(Binary)\n\ Dim i\n\ ReDim byteArray(LenB(Binary))\n\ For i = 1 To LenB(Binary)\n\ byteArray(i-1) = AscB(MidB(Binary, i, 1))\n\ Next\n\ BinaryToArray = byteArray\n\ End Function\n\ </script>'); var xml = (window.XMLHttpRequest) ? new XMLHttpRequest() // Mozilla/Safari/IE7+ : (window.ActiveXObject) ? new ActiveXObject("MSXML2.XMLHTTP") // IE6 : null; // Commodore 64? xml.open("GET", url, true); if (xml.overrideMimeType) { xml.overrideMimeType('text/plain; charset=x-user-defined'); } else { xml.setRequestHeader('Accept-Charset', 'x-user-defined'); } xml.onreadystatechange = function() { if (xml.readyState == 4) { if (!binary) { callback(xml.responseText); } else if (IE_HACK) { // call a VBScript method to copy every single byte callback(BinaryToArray(xml.responseBody).toArray()); } else { callback(getBuffer(xml.responseText)); } } }; xml.send(''); Is this really true? The best way? copying every byte? For a large binary stream that's not gonna be very efficient. There is also a possible technique using ADODB.Stream, which is a COM equivalent of a MemoryStream. See here for an example. It does not require VBScript but does require a separate COM object. if (typeof (ActiveXObject) != "undefined" && typeof (httpRequest.responseBody) != "undefined") { // Convert httpRequest.responseBody byte stream to shift_jis encoded string var stream = new ActiveXObject("ADODB.Stream"); stream.Type = 1; // adTypeBinary stream.Open (); stream.Write (httpRequest.responseBody); stream.Position = 0; stream.Type = 1; // adTypeBinary; stream.Read.... /// ???? what here } I don't think that's gonna work - ADODB.Stream is disabled on most machines these days. In The IE8 developer tools - the IE equivalent of Firebug - I can see the responseBody is an array of bytes and I can even see the bytes themselves. The data is right there. I don't understand why I can't get to it. Is it possible for me to read it with responseText? hints? (other than defining a VBScript method)

    Read the article

  • ASP 3.0 Folder/File Permissions Settings (ASP Classic)

    - by ASP Pee-Wee
    Dear Stack Exchange, Hi, I have built a form input page in HTML that has an action to post to an ASP handler/processor .asp file. The form handler/processor .asp file contains only <% Insert VBScript Here % and no HTML output whatsoever. The .asp file was never intended to be a "web viewable" .asp file like an .asp home page file or html file would. It's supposed to be for my eyes only- not the public's however it does need to take info posted by the public and do something with it on it's end. I have used VBScript/ASP3.0 to build the form handler/processor file and would like to know how to keep someone from viewing the actual VBScript in the handler/processor .asp file. I am aware of obfuscation but I would like to know how to keep prying eyes from even being able to take a look at the obfuscated code in the handler/processor file. I realize that the server executes the .asp file first before outputting anything to the browser so I guess that my main concern is mostly that someone may could "download" the form handler/processor .asp file, then view it's contents on their machine. Assuming the form handler .asp file is where it is, behind the root, and is on a windows server (no htaccess approach) how could one protect it so that it could never be viewed or simply pulled down via anonymous ftp or something like that? Is there something like "script only" permissions that the system administrator could set up for a particular folder? Remember, with shared hosting I can't go above the root. If so, would the form still be able to post? How would any of you guys go about protecting the asp file in addition to obfuscation? Any help would be greatly appreciated. Thanks, ASP Pee-Wee

    Read the article

  • Shutdown and WakeUp Script C#

    - by Stephen Murby
    Hiya I am very new to C#, infact this is basically my first task set by work whilst i learn the language. Yes i am also new to programming, be gentle :). Context: My script needs to query active directory, grab of OU's and put them to a combo box in a form. Next query ActDir for a list of machines in a selected OU (Done this in a vbscript already) Next query the machines in turn for there IP, and MAC addresses.(Done this in a vbscript already) Next needs to shut those machines down(Done this in a vbscript already) and dump all the machine and NIC info to a txt file The other half of the script grabs the info for the machines out of the text file and sends them a magic packet to wake them up. The shutdown section i have already written a VBscript for, but decided it wasn't future prrof, and i was learninc C# at home, so figured it was the best option to start over with. Im not looking for anyone to write this for me, but if anyone had any pointers on where to go for information etc. . . It would be more than appreciated :)

    Read the article

  • Using 32bit COM object from C# or VBS on Vista 64bit and getting error 80004005

    - by alexandroid
    I need some mind reading here, since I am trying to do what I do not completely understand. There is a 32-bit application (electronic trading application called CQG) which provides a COM API for external access. I have sample programs and scripts which access this API from Excel, .NET (C++, VB and C#) and shell VBScript. I have these .NET applications as source code and as compiled executables (32-bit, compiled on Windows XP). Now I have Windows Vista Home 64-bit which makes my head to spin. Excel examples work just fine (in Excel 2003). Compiled .NET sample executables work as well. But when I am trying to run .NET C# sample converted to and compiled by Visual Studio C# Expression, or run the VBScript script, I am getting error 80004005 when trying to create an object. Initially the .NET application also gave me 80040154 but then I figured how to make it produce 32-bit code and not 64-bit, so now the errors in C# and VBScript applications are the same. That's all the progress I got for now. And yes, I tried running 32-bit versions of cscript.exe/WScript from SysWOW64 folder on my VBS, but still the result is the same (80004005). How to solve this problem? I am almost ready to believe it is practically impossible, but the fact that Excel VBA works and .NET executables compiled on Windows XP run just fine just makes me angry. There should be a way to beat this thing (some secret which probably only Windows Vista developers know)! I will appreciate any help! PS: I believe code samples do not make much sense here, but this is the line of VBScript which fails: Set CEL = WScript.CreateObject("CQG.CQGCEL.4.0", "CEL_") And this is C#: CQGCEL CEL = new CQGCEL(); Update: Forgot to say UAC is off, of course. And I am working from account with administrator priviledges. I also tried watching which registry keys are read using Process Monitor but everything looks OK for GUIDs of this object. I could not recognize some other GUIDs so I am not sure whether they were critical or not. Is there a chance that this COM object uses Internet Explorer and gets the wrong one (like Internet Explorer 7 instead of Internet Explorer 6 engine or something)?

    Read the article

  • what is the difference between response.redirect and response status 301 redirects in asp ?

    - by Nikhil Vaghela
    Our asp application is moving to new server and i want to implement a permenant url redirection. I am aware of following two approaches , i need to understand which one to user over other and when ? Option 1: <%@ Language=VBScript %><% Response.Redirect “http://www.new-url.com” %> Option 2: <%@ Language=VBScript %><% Response.Status="301 Moved Permanently" Response.AddHeader "Location","http://www.new-url.com/" %> Thanks, Nikhil.

    Read the article

  • Finding a dll whose CLSID is known

    - by deostroll
    I've downloaded the w3sockets. Primarily using for trying to do telnet via an application. So far we've been experimenting with vbscript. In vbscript we do something like: Set socket = CreateObject("Socket.Tcp") I am trying to use this for a .net application. I need to know the dll it is hosted in. Anyway I can find this?

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • Can this be improved? Scrubing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • Does anyone use Fortify 360 with Classic ASP? a Header Manipulation vulnerability story

    - by j_green71
    Good morning, everyone. I'm on a short-term contracting gig, trying to patch some vulnerabilities in their legacy code. The application I'm working on is a combination of Classic ASP(VBScript) and .Net 2.0 (C#). One of the tools they have purchased is Fortify 360. Let's say that this is a current classic ASP page in the application: <%@ Language=VBScript %> <% Dim var var = Request.QueryString("var") ' do stuff Response.Redirect "nextpage.asp?var=" & var %> I know, I know, short and very dangerous. So we wrote some (en/de)coders and validation/verification routines: <%@ Language=VBScript %> <% Dim var var = Decode(Request.QueryString("var")) ' do stuff if isValid(var) then Response.Redirect "nextpage.asp?var=" & Encode(var) else 'throw error page end if %> And still Fortify flags this as vulnerable to Header Manipulation. How or what exactly is Fortify looking for? The reason I suspect that Fortify is looking for specific key words is that on the .Net side of things, I can include the Microsoft AntiXss assembly and call functions such as GetSafeHtmlFragment and UrlEncode and Fortify is happy. Any advice?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >