Search Results

Search found 33438 results on 1338 pages for 'html tags'.

Page 173/1338 | < Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >

  • Can this be improved? Scrubbing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); } Edit 2 people have suggested whitelisting. I actually like the idea of whitelisting but never actually did it because no one can actually tell me how to do it in C# and I can't even really find tutorials for how to do it in c#(the last time I looked. I will check it out again). How do you make a white list? Is it just a list collection? How do you actual parse out all html tags, script tags and every other tag? Once you have the tags how do you determine which ones are allowed? Compare them to you list collection? But what happens if the content is coming in and has like 100 tags and you have 50 allowed. You got to compare each of those 100 tag by 50 allowed tags. Thats quite a bit to go through and could be slow. Once you found a invalid tag how do you remove it? I don't really want to reject a whole set of text if one tag was found to be invalid. I rather remove and insert the rest. Should I be using html agility pack?

    Read the article

  • Seeing release markers in svn log

    - by chuanose
    Whenever we make a release of a project we'll create a tag to capture the snapshot. It will be very helpful to be able to see which revisions in the trunk history were used in certain releases. I know the TortoiseSVN revision graph shows this information, but I'm wondering if there's a way to see it in the command-line svn log? I'm coming from a Clearcase background where we'll be able to see the release labels in the history.

    Read the article

  • using internationalization on list data

    - by singh
    i am using Struts2 in application. <s:iterator value="listObject"> <s:component template="abc.vm"> <s:param name="text" value="listValue" /> <s:param name="prefix" value="listIndex" /> </s:component> </s:iterator> listValue is a values of list. i am using iterator to traverse the list. now on listValue, i want to put here internationalization concept.so that all the list value can be display based on Locale which store in a list. please suggest!

    Read the article

  • JSF - <h:outputText> making some of words Bold

    - by karansardana
    How can we go about making some of the words in a sentence appear in BOLD for example - I'm trying to put one of the words of a sentence in BOLD i.e. sentence is "please select the amount" amount should be in BOLD, and now, when I use message = "please select the amount " This doesn't work. It simply shows please select the amount . How can I get this to work?

    Read the article

  • rich:editor ruins html?

    - by Ben
    Hi, Strange behaviour. I use rich:editor with these attributes: (Irrelevant data removed) HtmlEditor editor = new HtmlEditor(); editor.setValueExpression("value", ve); editor.setTheme("advanced"); editor.setValueExpression("viewMode", viewModeValueExpression); panel.getChildren().add(editor); Now my problem is that whenever I load a ready-made html text such as this (In source mode): <html lang="en" xml:lang="en"> <head> <title>Done</title> </head> <body style="direction: ltr; font-size: medium; color: #0000FF;"> <p>When the menu loads, navigate to and open Image Editor.</p> </body> </html> Change to VisualMode and then back to SourceMode, I see that the editor removed all of my html data and now the source mode is this: <p>When the menu loads, navigate to and open Chul Muzal.</p> Anyone knows why this happens? Thanks!!

    Read the article

  • Get table row based on radio button using prototype/javascript

    - by David Buckley
    I have an html table that has a name and a radio button like so: <table id="cars"> <thead> <tr> <th>Car Name</th> <th></th> </tr> </thead> <tbody> <tr> <td class="car">Ford Focus</td> <td><input type="radio" id="selectedCar" name="selectedCar" value="8398"></td> </tr> <tr> <td class="car">Lincoln Navigator</td> <td><input type="radio" id="selectedCar" name="selectedCar" value="2994"></td> </tr> </tbody> </table> <input type="button" value="Select Car" onclick="selectCar()"></input> I want to be able to select a radio button, then click another button and get the value of the radio button (which is a unique ID) as well as the car name text (like Ford Focus). How should I code the selectCar method? I've tried a few things like: val1 = $('tr input[name=selectedCar]:checked').parent().find('#cars').html(); val1 = $("td input[name='selectedCar']:checked").parents().find('.cars').html(); val1 = $('selectedCar').checked; but I can't get the proper values. I'm using prototype, but the solution can be plain javascript as well.

    Read the article

  • Presentation Issue in an Unordered List

    - by phreeskier
    I'm having an issue with correctly presenting items in an unordered list. The labels are floating left and the related spans that are long in length are wrapping and showing below the label. I need a solution that keeps the related spans in their respective columns. In other words, I don't want long spans to show under the labels. What property can I take advantage of so that I get the desired layout in all of the popular browsers, including IE6? Thanks in advance for the help. My code is as follows: <ul> <li> <label>Name</label> <span><%= Html.Encode(Model.Name) %></span> </li> <li> <label>Entity</label> <span><%= Html.Encode(Model.Entity) %></span> </li> <li> <label>Phone</label> <span><%= Html.Encode(Model.Phone) %></span> </li> </ul> My CSS styling is as follows: ul { display:block; list-style-type:none; margin:0; padding:0; } ul li label { float:left; width:100px; }

    Read the article

  • XBAP Browser Control - Invoking Click event of the html Input type button

    - by maharaj
    Hi, Here is what I have. 1.XBAP application with WPF Browser control, hosted on Page1.xaml 2.XBAP in Full Trust, certificate installed in client browser 3.Once the XBAP loaded, the browser control is navigated to some third party site. 4.We are using MVVM for XAML stuff So, when a certain page is loaded, I attach click event handler to the input button with id="submit" on the html page displayed in the browser control (used the code similar to whats in this URL http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/a4f0e4d0-78bf-44c5-a3fe-8faf2e7a0568/). It works just fine as long as I dont make a wcf web service call in my ViewModel, before or after I attach this event hander. Idea is to invoke the click event for the html button and grab the data from the html page before calling the webservice to save data from the page. Here is the issue: When I make the wcf webservice call (sync or async, it doesnt matter) the click event doesnt happen but if I comment out the the code for wcf service call the click event of the html input of type button gets invoked. Any help would be appreciated. Thanks, Salil

    Read the article

  • How do I make nested regroups in Django?

    - by Marcio Cruz
    I've got the following situation in this system: Each category of products has many subcategories, and each subcategory has many products under it. I'm trying to make a product searh, which returns a list, and in my template, I show an overview of the results, like this: Cellphones Dumbphones (2 results) Smartphones (3 results) Monitors CRT (1 result) LCD (3 results) I'm my template I have only the list of products. I've tryed many combinations of nested regroups, without success. Any ideas?

    Read the article

  • Regular input in ASP.NET

    - by coffeeaddict
    Here's an example of a regular standard HTML input for my radiobuttonlist: <label><input type="radio" name="rbRSelectionGroup" checked value="0" />None</label> <asp:Repeater ID="rptRsOptions" runat="server"> <ItemTemplate> <div> <label><input type="radio" name="rbRSelectionGroup" value='<%# ((RItem)Container.DataItem).Id %>' /><%# ((RItem)Container.DataItem).Name %></label> </div> </ItemTemplate> </asp:Repeater> I removed some stuff for this thread, one being I put an r for some name that I do not want to expose here so just an fyi. Now, I would assume that this would or should happen: Page loads the first time, the None radio button is checked / defaulted I go and select a different radiobutton in this radiobutton list I do an F5 refresh in my browser The None radio button is pre-selected again after it has come back from the refresh but #4 is not happening. It's retaining the radiobutton that I selected in #2 and I don't know why. I mean in regular HTML it's stateless. So what could be holding this value? I want this to act like a normal input button. I know the question of "why not use an ASP.NET control" will come up. Well there are 2 reasons: The stupid radiobuttonlist bug that everyone knows about I just want to brush up more on standard input tags We are not moving to MVC so this is as close as I'll get and it's ok, because the rest of the team is on par with having mixed ASP.NET controls with standard HTML controls in our pages Anyway my main question here is I'm surprised that it's retaining the change in selection after postback.

    Read the article

  • Backbone.js Collection Iteration Using .each()

    - by the_archer
    I've been doing some Backbone.js coding and have come across a particular problem where I am having trouble iterating over the contents of a collection. The line Tasker_TodoList.each(this.addOne, this);in the addAll function in AppView is not executing properly for some reason, throwing the error: Uncaught TypeError: undefined is not a function the code in question is: $(function() { var Todo = Backbone.Model.extend({ defaults: { title: "Some Title...", status: 0 //not completed } }); var TodoList = Backbone.Collection.extend({ model: Todo, localStorage: new Store('tasker') }); var Tasker_TodoList = new TodoList(); var TodoView = Backbone.View.extend({ tagName: 'li', template: _.template($('#todoTemplate').html()), events: { 'click .delbtn': 'delTodo' }, initialize: function(){ console.log("a new todo initialized"); //this.model.on('change', this.render, this); }, render: function(){ this.$el.html(this.template(this.model.toJSON())); return this; }, delTodo: function(){ console.log("deleted todo"); } }); var AppView = Backbone.View.extend({ el: 'body', events: { 'click #addBtn': 'createOnClick' }, initialize: function(){ Tasker_TodoList.fetch(); Tasker_TodoList.on('add', this.addAll); console.log(Tasker_TodoList); }, addAll: function(){ $('#tasksList').html(''); console.log("boooooooma"); Tasker_TodoList.each(this.addOne, this); }, addOne: function(todo){ console.log(todo); }, createOnClick: function(){ Tasker_TodoList.create(); } }); var Tasker = new AppView(); }); can somebody help me in finding out what I am doing wrong? Thank you all for your help :-)

    Read the article

  • Extremely strange glitch in Chrome - parses contents of string!

    - by George Edison
    Okay - this is the dumbest glitch I have seen in a while: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <script type='text/javascript'> var data = "</script>"; </script> </head> <body> This should break! </body> </html> This causes syntax errors because the JavaScript parser is actually reading the contents of the string. How stupid! How can I put </script> in my code. Is there any way? Is there a valid reason for this behavior?

    Read the article

  • Validation error while putting <h> tag inside <a> tag(document type does not allow element "h2")

    - by makmour
    when using this code: <div class="menu"> <ul id="mainnav"> <li><h2><a href="dir1/" >AAAAA</a></h2> <ul> <li><a href="dir1/xxx.php"><h3>xxx</h3></a></li> <li><a href="dir1/xxx2.php"><h3>xxx2</h3></a></li> <li><a href="dir1/hxxx3.php"><h3>hxxx3</h3></a></li> </ul> </li> I get an error while validating saying that I should put <h2> outside of <a>. document type does not allow element <h2> When I do this validation passes without any problems but my styling breaks. Is there a way to keep both validation and styling? This is styling for menu and <h2> .menu li a{ font: 100% Helvetica, Arial, sans-serif; display:inline-block; color: #fff; } .menu li a:hover{ color: #014661; background: url('../images/menu1.png') center left no-repeat; } .menu li a h2{ font-size: 92%; padding: 8px 18px; font-weight: bold; text-transform: uppercase; } .menu h3{ font-size: 87%; font-weight: bold; text-transform: uppercase; } .menu li a h2:hover{ background: url('../images/menu2.png') center right no-repeat; }

    Read the article

  • Vertically and horizontally align

    - by user1760649
    My problem is the following: I've vertically centered a div. However, I'd like to center another div horizontally. The problem is that I don't manage to center it horizontally. Here are my (X)HTML and CSS (X)HTML: <body> <div id="strut"></div> <div id="page"> <div id="inner_page"> <h1>Galidie "jQzz" Clément</h1> </div> </div> CSS: html, body { margin: 0; padding: 0; height: 100%; } #strut, #page { display: inline-block; vertical-align: middle; } #strut { height: 100%; } #page { border: 1px solid #c00; } #inner_page { width: 750px; margin: 0 auto; background-color: #c00; } h1 { text-align: center; margin: 0; } strut is the marker for vertically center an element. page is centered vertically. The idea is to try to center horizontally the inner_page block. Should I use absolute position? Or anything else? Did I choose the good method? Thank for your futur help.

    Read the article

  • key-words highlight in <textarea> (again)

    - by Halst
    Wait, I know! I know that this "syntax highlight in textarea"-question was raised like a million times on stackoverflow! But, please, listen. offtopic: I'm not a web-developer, and technically I'm not a programmer at all. I study mechatronics and deal mostly with control-engineering and digital-hardware. And I'm so pissed off that whenever I want to share some application (that would be helpful in my field) and embed it into the web, I need to know such a crazy amount of technologies, like html, css, javascript, flash, etc.. that takes time, which I could have been spending for the benefit of my own field. Right now I'm playing with hardware-description-languages and I'm writing some Python-libraries to convert one HDL into another. And I wanted to embed such feature on the web: http://xhdl2vhdl.appspot.com/ I wanted to implement some basic syntax highlighting (only keywords highlighting will be enough) so that the code could be readable. But the whole idea highlighting something in textarea is not trivial at all. The other difficulty is that the languages I work with are rare, and there are no out-of-box solutions for them. I tried to dig into these solutions, but they are very complicated for me: http://www.nicolarizzo.com/gamesroom/experimental/CodeEditor.html http://marijn.haverbeke.nl/codemirror/jstest.html and there is no clear descriptions how to use them (for my level of knowledge of web-development). So, is there a simple solution, just to highlight a bunch of key-words in textarea or perform something equivalent? Thank you.

    Read the article

  • HTML5 Flash 100% IE8 and Firefox

    - by Jason
    I need to have a flash intro for my website (a requirement from my teacher). I created the intro and embedded it into my page. I takes up the entire screen in both Chrome and Chromium. In IE8, Firefox and Opera the size is incorrect. What am I doing wrong? <!DOCTYPE html> <html> <head> <meta http-equiv="Refresh" content="3; url=template.htm"> <meta charset="UTF-8"> <title>Com Tech Projects | Jason Cook</title> </head> <body style="background: black;"> <embed style="height: 100%; width: 100%;" src="Flash/Introv6.swf"/> </body> </html>

    Read the article

  • Cannot access implict object from within method in custom JSP tag file

    - by David Hamilton
    I'm attempting to create a custom jsp tag. Everything is working fine, except for the fact that I the request seems to be out-of-scope for my custom function. Here is the relevant bit from the .tag file: <%! private String process(String age, BigDecimal amount) { //Attempting to access request here results in an compile time error trying to: String url=request.getURL; } %> I'm very new to JSP so I'm sure I'm missing something obvious..but I can't seem to figure out what. Any help is appreciated.

    Read the article

  • How can I access a parent DOM from an iframe on a different domain?

    - by Dexter
    I have a website and my domain is registered through Network Solutions. I'm using their Web Forwarding feature which allows me to "mask" my domain so that when a user visits http://lucasmccoy.com they are actually seeing http://lucasmccoy.comlu.com/ through an HTML frame. The advantages of this are that the address bar still shows http://lucasmccoy.com/. The disadvantages are that I cannot directly edit the HTML page in which the frame is owned. For example, I cannot change the page title or favicon. I have tried doing it like so: $(function() { parent.document.title = 'Lucas McCoy'; }); But of course this gives me a JavaScript error: Unsafe JavaScript attempt to access frame with URL http://lucasmccoy.com/ from frame with URL http://lucasmccoy.comlu.com/. Domains, protocols and ports must match. I looked at this question attempting to do the same thing except the OP has access to the other pages HTML whereas I do not. Is there anyway in JavaScript/jQuery to make a cross-domain request to the DOM when you don't have access to that domain? Or is this something browsers just will not let happen for security reasons.

    Read the article

  • J2EE: Default values for custom tag attributes

    - by Nick
    So according to Sun's J2EE documentation (http://docs.sun.com/app/docs/doc/819-3669/bnani?l=en&a=view), "If a tag attribute is not required, a tag handler should provide a default value." My question is how in the hell do I define a default value as per the documentation's description. Here's the code: <%@ attribute name="visible" required="false" type="java.lang.Boolean" %> <c:if test="${visible}"> My Tag Contents Here </c:if> Obviously, this tag won't compile because it's lacking the tag directive and the core library import. My point is that I want the "visible" property to default to TRUE. The "tag attribute is not required," so the "tag handler should provide a default value." I want to provide a default value, so what am I missing? Any help is greatly appreciated.

    Read the article

  • "Access is denied" by executing .hta file with JScript on Windows XP x64

    - by mem64k
    I have a simple HTML (as HTA) application that shows strange behavior on Windows XP x64 machine. I getting periodically (not every time) error message "Access is denied." when i start the application. The same application on Windows XP 32bit runs just fine... Does somebody has any idea or explanation? Error message: Line: 18 Char: 6 Error: Access is denied. Code: 0 URL: file:///D:/test_j.hta Here is the code of my "test_j.hta": <html> <head> <title>Test J</title> <HTA:APPLICATION ID="objTestJ" APPLICATIONNAME="TestJ" SCROLL="no" SINGLEINSTANCE="yes" WINDOWSTATE="normal" > <script language="JScript"> function main() { //window.alert("test"); window.resizeTo(500, 300); } function OnExit() { window.close(); } </script> </head> <body onload="main()"> <input type="button" value="Exit" name="Exit" onClick="OnExit()" title="Exit"> </body> </html>

    Read the article

  • How add class='active' to html menu with php

    - by meow
    Hello I want to put my html navigation in a separate php file so when I need to edit it, I only have to edit it once. The problem starts when I want to add the class active to the active page. I've got three pages and one common file. common.php : <?php $nav = <<<EOD <div id="nav"> <ul> <li><a <? if($page == 'one'): ?> class="active"<? endif ?> href="index.php">Tab1</a>/</li> <li><a href="two.php">Tab2</a></li> <li><a href="three.php">Tab3</a></li> </ul> </div> EOD; ?> index.php : All three pages are identical except their $page is different on each page. <?php $page = 'one'; require_once('common.php'); ?> <html> <head></head> <body> <?php echo $nav; ?> </body> </html> This simply won't work unless I put my nav on each page, but then the whole purpose of separating the nav from all pages is ruined. Is what I want to accomplish even possible? What am I doing wrong? Thanks EDIT: When doing this, the php code inside the li don't seem to run, it's just being printed as if it was html

    Read the article

  • how do I call a javacript function every 60 seconds?

    - by William
    So I'm trying to work on a Canvas demo, and I want this square to move from one side to the other, but I can't figure out how to call javascript in a way that repeats every 60 seconds. Here's what I got so far: <!DOCTYPE html> <html lang="en"> <head> <title>Canvas test</title> <meta charset="utf-8" /> <link href="/bms/style.css" rel="stylesheet" /> <style> body { text-align: center; background-color: #000000;} canvas{ background-color: #ffffff;} </style> <script type="text/javascript"> var x = 50; var y = 250; function update(){ draw(); x = x + 5; } function draw(){ var canvas = document.getElementById('screen1'); if (canvas.getContext){ var ctx = canvas.getContext('2d'); ctx.fillStyle = 'rgb(236,138,68)'; ctx.fillRect(x,y,24,24); } } </script> </head> <body onLoad="setTimeout(update(), 0);"> <canvas id="screen1" width="500" height="500"></canvas> </body> </html>

    Read the article

< Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >