Search Results

Search found 21548 results on 862 pages for 'url mapping'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 517/862 | < Previous Page | 513 514 515 516 517 518 519 520 521 522 523 524  | Next Page >

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • Routing without a controller and action name

    - by Eden
    Hi, I've a very basic ASP.NET MVC application that uses the default routing. Now I need to route all the requests that comes with out a specific URL to one action with a single parameter. Examples: www.myapp.com/2374982 www.myapp.com/3242342 should be routed to the same action: public ActionResult ViewById(intid) .... Thanks, Eden

    Read the article

  • Nested partial output caching in asp.net mvc 3

    - by Anwar Chandra
    Hi All, I am using Razor view engine in ASP.Net MVC 3 RC 2 this is part of my view city.cshtml (drastically simplified for the sake of simple example) <!-- in city.cshtml --> <div class="list"> @foreach(var product in SQL.GetProducts(Model.City) ) { <div class="product"> <div>@product.Name</div> <div class="category"> @foreach(var category in SQL.GetCategories(product.ID) ) { <a href="@category.Url">@category.Name</a> » } </div> </div> } </div> I want to cache this part of my output using OutputCache attribute. so I created an action ProductList with OutputCache attribute enabled <!-- in city.cshtml --> <div class="list"> @Html.Action("ProductList", new { City = Model.City }) </div> and I created the view in ProductList.cshtml as below <!-- in ProductList.cshtml --> @foreach(var product in Model.Products ) { <div class="product"> <div>@product.Name</div> <div class="category"> @foreach(var category in SQL.GetCategories(product.ID) ) { <a href="@category.Url">@category.Name</a> » } </div> </div> } but I still need to cache the category path output on each product. so I created an action CategoryPath with OutputCache attribute enabled <!-- in ProductList.cshtml --> @foreach(var product in Model.Products ){ <div class="product"> <div>@product.Name</div> <div class="category"> @Html.Action("CategoryPath", new { ProductID = product.ID }) </div> </div> } but apparently this is not allowed. I got this error.. OutputCacheAttribute is not allowed on child actions which are children of an already cached child action. I believe they have a good reason why they need to disallow this. but I really want this kind of nested Output Caching Please, any idea for a workaround?

    Read the article

  • IE Automation - How to Trap 'NewProcess' event

    - by dpb
    In Environment - Standard User, Win7x64, IE8 on opening Unprotected URL, IE 8 will first start a tab with low integrity and the swap out this tab with another tab of medium integrity. This is done behind the scene and the original IWebBrowser2 pointer is lost. I want to catch the 'NewProcess' Event which will get generated during this swap out, please help me how to go about this. Sample code can help me, me using C++ Ref - http://blogs.msdn.com/b/ieinternals/archive/2011/08/03/internet-explorer-automation-protected-mode-lcie-default-integrity-level-medium.aspx Thank You

    Read the article

  • How does XmlSiteMapProvider check user to be in specified role?

    - by abatishchev
    I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider. I want to override logic of checking user to be in a role specified in siteMapNode's property roles: <siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" /> How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

    Read the article

  • REST pass multiple inputs to GET method

    - by Subramanian
    I have deployed a simple REST based application in RAD. A simple URL is accessed using http://localhost/<contextroot>/users/<username> where <username> is accessed using reqeust.getAttributes(). Now, how do i pass more than one attribute to the REST service?

    Read the article

  • Downloading file with Python results in only 4.1kB

    - by Vlad Ogay
    I'm using simple code: import urllib2 response = urllib2.urlopen("http://www.mysite.com/getfile/4355") output = open('myfile.zip','wb') output.write(response.read()) output.close() The web-server is IIS + ASP.NET MVC 4 It returns FileResult wrapping a zip-file with "application/octet-stream" content-type. The problem is that downloaded zip file is broken - only 4.1kB size, where it must be 24kB. When I type the url adress in web-browser directly - it downloads and opens fine. Could you please, suggest, what's wrong with my Python code?

    Read the article

  • Omniauth Facebook authentication on localhost

    - by Ryan Foster
    I am trying to set up Omniauth as described in this Railscast. While it works with Twitter, I am unable to get it working with Facebook. I also set up 'http://localhost:3000' as siteurl and 'localhost' as domain but still see the following error message in the browser: Invalid redirect_uri: Given URL is not allowed by the Application configuration. Does anyone of you have any suggestions on how to fix this? Thanks in advance.

    Read the article

  • Internal redirection to tomcat from IIS 7.0?

    - by user294754
    Hello All, I am running some sites on IIS 7.0. But yesterday one of my client me to host a Java website. I cant host that website directly so I installed tomcat server on port 8080. Now I want whenever browser send a request for that website it should redirected to my tomcat internally. The client URL should not update. Regards, Prateek

    Read the article

  • Can I execute SQL statements directly in a JDO environment?

    - by Carl Rosenberger
    I am using Datanucleus JDO on top of HSqlDb. I would like to execute the following SQL statement to tell HsqlDb to set the write delay to 0: "SET WRITE_DELAY 0" Is there a way I can do this from a JDO PersistenceManager or a PersistenceManagerFactory? On a sidenote: I have tried to modify write_delay by using the following connection URL: jdbc:hsqldb:file:data/hsqldb/dbbench;write_delay=false It didn't work. I debugged the HsqlDb sources and I could still see the write delay being set to 10 seconds.

    Read the article

  • Support for encoding query string or POST data in YUI ?

    - by faB
    How do you encode a javascript object/hash (pairs of properties and values) into a URL-encoded query string with YUI (2.7.0 or 3.0.0 Beta) ? I want to do the equivalent of Object.toQueryString() from Prototype: I need this to encode parameters for GET and POST requests with YAHOO.util.Connect. It turns out YAHOO.util.Connect has a setForm() method to serialize a form but that still leaves me out cold to encode parameters for GET requests, or the 4th parameter of YAHOO.util.Connect.asyncRequest() to pass post data.

    Read the article

  • Replace a div content with PHP

    - by Zakaria
    hi everybody, yesterday, I posted a question about "Hom to change a DIV id with a php function" and someone found the right answer with a regular expression. The problem is that I wanted to use this answer to aplly the method on other same problems. But, as I'm very bad at regular expressions, I couldn't. So the problem is that I upload some videos with FCKEditor and put the video script in my database and the result is like that: <div id="player959093-parent" style="text-align: center;float: left;"> <div style="border-style: none; height: 160px; width: 270px; overflow: hidden; background-color: rgb(220, 220, 220); background-image: url(http://localhost/fckeditor/editor/plugins/flvPlayer/flvPlayer.gif); background-repeat:no-repeat; background-position:center;"><script src="http://localhost/fckeditor/editor/plugins/flvPlayer/swfobject.js" type="text/javascript"></script> <div id="player959093"><a href="http://www.macromedia.com/go/getflashplayer">Get the Flash Player</a> to see this player. <div id="player959093-config" style="display: none;visibility: hidden;width: 0px;height:0px;overflow: hidden;">url=/editeur/images/flash/FOO.flv width=270 height=160 loop=false play=false downloadable=false fullscreen=true displayNavigation=true displayDigits=true align=left dispPlaylist=none playlistThumbs=false</div> </div> <script type="text/javascript"> var s1 = new SWFObject("http://localhost/editeur/javascript/fckeditor/editor/plugins/flvPlayer/mediaplayer.swf","single","270","160","7"); s1.addVariable("width","270"); s1.addVariable("height","160"); s1.addVariable("autostart","false"); s1.addVariable("file","/editeur/images/flash/FOO.flv"); s1.addVariable("repeat","false"); s1.addVariable("image",""); s1.addVariable("showdownload","false"); s1.addVariable("link","/editeur/images/flash/FOO.flv"); s1.addParam("allowfullscreen","true"); s1.addVariable("showdigits","true"); s1.addVariable("shownavigation","true"); s1.addVariable("logo",""); s1.write("player959093"); </script></div> </div> When I echo this content once in my PHP page, It works great. More than once, the videos doesn't appear. Which is obvious because of the unique ID. As you can see, the content has these ids: div id="player959093-parent" div id="player959093" div id="player959093-config s1.write("player959093"); So my question is: Is there a function that can replace the string "player959093" or concatenate it with some other string to resolve the display problem? Thank you very much, Regards.

    Read the article

  • UTF-8 GET using Indy 10.5.8.0 and Delphi XE2

    - by Bogdan Botezatu
    I'm writing my first Unicode application with Delphi XE2 and I've stumbled upon an issue with GET requests to an Unicode URL. Shortly put, it's a routine in a MP3 tagging application that takes a track title and an artist and queries Last.FM for the corresponding album, track no and genre. I have the following code: function GetMP3Info(artist, track: string) : TMP3Data //<---(This is a record) var TrackTitle, ArtistTitle : WideString; webquery : WideString; [....] WebQuery := UTF8Encode('http://ws.audioscrobbler.com/2.0/?method=track.getcorrection&api_key=' + apikey + '&artist=' + artist + '&track=' + track); //[processing the result in the web query, getting the correction for the artist and title] // eg: for artist := Bucovina and track := Mestecanis, the corrected values are //ArtistTitle := Bucovina; // TrackTitle := Mestecani?; //Now here is the tricky part: webquery := UTF8Encode('http://ws.audioscrobbler.com/2.0/?method=track.getInfo&api_key=' + apikey + '&artist=' + unescape(ArtistTitle) + '&track=' + unescape(TrackTitle)); //the unescape function replaces spaces (' ') with '+' to comply with the last.fm requests [some more processing] end; The webquery looks in a TMemo just right (http://ws.audioscrobbler.com/2.0/?method=track.getInfo&api_key=e5565002840xxxxxxxxxxxxxx23b98ad&artist=Bucovina&track=Mestecani?) Yet, when I try to send a GET() to the webquery using IdHTTP (with the ContentEncoding property set to 'UTF-8'), I see in Wireshark that the component is GET-ing the data to the ANSI value '/2.0/?method=track.getInfo&api_key=e5565002840xxxxxxxxxxxxxx23b98ad&artist=Bucovina&track=Mestec?ni?' Here is the full headers for the GET requests and responses: GET /2.0/?method=track.getInfo&api_key=e5565002840xxxxxxxxxxxxxx23b98ad&artist=Bucovina&track=Mestec?ni? HTTP/1.1 Content-Encoding: UTF-8 Host: ws.audioscrobbler.com Accept: text/html, */* Accept-Encoding: identity User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23 SearchToolbar/1.22011-10-16 20:20:07 HTTP/1.0 400 Bad Request Date: Tue, 09 Oct 2012 20:46:31 GMT Server: Apache/2.2.22 (Unix) X-Web-Node: www204 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Cache-Control: max-age=10 Expires: Tue, 09 Oct 2012 20:46:42 GMT Content-Length: 114 Connection: close Content-Type: text/xml; charset=utf-8; <?xml version="1.0" encoding="utf-8"?> <lfm status="failed"> <error code="6"> Track not found </error> </lfm> The question that puzzles me is am I overseeing anything related to setting the property of the tidhttp control? How can I stop the well-formated URL i'm composing in the application from getting wrongfully sent to the server? Thanks.

    Read the article

  • jquery resize image

    - by Scarface
    Hey guys, quick question, all I want to do is resize an image to fit inside a small container when I run this function. Right now, only a portion of the image is shown inside the div. If anyone has any ideas, I would appreciate any advice. $(this) .css({ backgroundImage : 'url(' + src + ')', // set background image backgroundPosition : 'center center', // position background image backgroundRepeat : 'no-repeat' // don't repeat image });

    Read the article

  • How to watch DNR TV in iTunes

    - by TimH
    I have subscribed to DNR TV in iTunes, but it won't download episodes (audio podcasts work fine). Am I missing something? I added this URL in iTunes: http://feeds.feedburner.com/DnrtvWmv

    Read the article

  • Clojure program reading its own MANIFEST.MF

    - by Ralph
    How can a Clojure program find its own MANIFEST.MF (assuming it is packaged in a JAR file). I am trying to do this from my "-main" function, but I can't find a class to use in the following code: (.getValue (.. (java.util.jar.Manifest. (.openStream (java.net.URL. (str "jar:" (.. (class **WHAT-GOES-HERE**) getProtectionDomain getCodeSource getLocation) "!/META-INF/MANIFEST.MF")))) getMainAttributes) "Build-number")) Thanks.

    Read the article

  • how to play wave file using http

    - by angelina
    Dear all, how can i play wave file using http .my content(wave files ) are on remote server. Client-Server-ContenrServer I m able to play mp3 files using following code <embed id="wmp" type="application/x-mplayer2" pluginspage="http://www.microsoft.com/Windows/MediaPlayer/" name="mediaplayer1" ShowStatusBar="true" EnableContextMenu="false" autostart="true" width="320" height="240" loop="false" src=<%= request.getParameter("url") %> />

    Read the article

  • How does XmlSiteMapProvider check user to be in specific role?

    - by abatishchev
    I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider. I want to override logic of checking user to be in a role specified in siteMapNode's property roles: <siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" /> How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

    Read the article

  • Stop images from wrapping when div width is to small.

    - by razass
    I have a div that contains a ul and in each li there is a picture. I have floated the pictures left to get them to line up in a straight line however once it reaches the end of the div, it wraps. I would like the pictures to continue on to the right, hidden, so that I am able to create a carousel. My code is below. The HTML <div id="container"> <div class="lfbtn"></div> <ul id="image_container"> <li class="the_image"> <img src="" /> </li> </ul> <div class="rtbtn"></div> </div> The CSS #container { width: 900px; height: 150px; margin: 10px auto; } #image_container { position: relative; left: 50px; list-style-type: none; width: 700px; height: 110px; overflow: hidden; } #image_container li { display: inline-block; padding: 7px 5px 7px 5px; float: left; } .lfbtn { background-image: url(../../img/left.gif); background-repeat: no-repeat; margin: 10px; position: relative; float: left; top: -12px; left: 50px; height: 90px; width: 25px; } .rtbtn { background-image: url(../../img/right.gif); background-repeat: no-repeat; height: 90px; width: 25px; margin: 10px; position: relative; top: -101px; left: 795px; } Thanks in advance!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 513 514 515 516 517 518 519 520 521 522 523 524  | Next Page >