Search Results

Search found 98173 results on 3927 pages for 'maintaining old code'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 655/3927 | < Previous Page | 651 652 653 654 655 656 657 658 659 660 661 662  | Next Page >

  • &lt;%: %&gt;, HtmlEncode, IHtmlString and MvcHtmlString

    - by Shaun
    One of my colleague and friend, Robin is playing and struggling with the ASP.NET MVC 2 on a project these days while I’m struggling with a annoying client. Since it’s his first time to use ASP.NET MVC he was meetings with a lot of problem and I was very happy to share my experience to him. Yesterday he asked me when he attempted to insert a <br /> element into his page he found that the page was rendered like this which is bad. He found his <br /> was shown as a part of the string rather than creating a new line. After checked a bit in his code I found that it’s because he utilized a new ASP.NET markup supported in .NET 4.0 – “<%: %>”. If you have been using ASP.NET MVC 1 or in .NET 3.5 world it would be very common that using <%= %> to show something on the page from the backend code. But when you do it you must ensure that the string that are going to be displayed should be Html-safe, which means all the Html markups must be encoded. Otherwise this might cause an XSS (cross-site scripting) problem. So that you’d better use the code like this below to display anything on the page. In .NET 4.0 Microsoft introduced a new markup to solve this problem which is <%: %>. It will encode the content automatically so that you will no need to check and verify your code manually for the XSS issue mentioned below. But this also means that it will encode all things, include the Html element you want to be rendered. So I changed his code like this and it worked well. After helped him solved this problem and finished a spreadsheet for my boring project I considered a bit more on the <%: %>. Since it will encode all thing why it renders correctly when we use “<%: Html.TextBox(“name”) %>” to show a text box? As you know the Html.TextBox will render a “<input name="name" id="name" type="text"/>” element on the page. If <%: %> will encode everything it should not display a text box. So I dig into the source code of the MVC and found some comments in the class MvcHtmlString. 1: // In ASP.NET 4, a new syntax <%: %> is being introduced in WebForms pages, where <%: expression %> is equivalent to 2: // <%= HttpUtility.HtmlEncode(expression) %>. The intent of this is to reduce common causes of XSS vulnerabilities 3: // in WebForms pages (WebForms views in the case of MVC). This involves the addition of an interface 4: // System.Web.IHtmlString and a static method overload System.Web.HttpUtility::HtmlEncode(object). The interface 5: // definition is roughly: 6: // public interface IHtmlString { 7: // string ToHtmlString(); 8: // } 9: // And the HtmlEncode(object) logic is roughly: 10: // - If the input argument is an IHtmlString, return argument.ToHtmlString(), 11: // - Otherwise, return HtmlEncode(Convert.ToString(argument)). 12: // 13: // Unfortunately this has the effect that calling <%: Html.SomeHelper() %> in an MVC application running on .NET 4 14: // will end up encoding output that is already HTML-safe. As a result, we're changing out HTML helpers to return 15: // MvcHtmlString where appropriate. <%= Html.SomeHelper() %> will continue to work in both .NET 3.5 and .NET 4, but 16: // changing the return types to MvcHtmlString has the added benefit that <%: Html.SomeHelper() %> will also work 17: // properly in .NET 4 rather than resulting in a double-encoded output. MVC developers in .NET 4 will then be able 18: // to use the <%: %> syntax almost everywhere instead of having to remember where to use <%= %> and where to use 19: // <%: %>. This should help developers craft more secure web applications by default. 20: // 21: // To create an MvcHtmlString, use the static Create() method instead of calling the protected constructor. The comment said the encoding rule of the <%: %> would be: If the type of the content is IHtmlString it will NOT encode since the IHtmlString indicates that it’s Html-safe. Otherwise it will use HtmlEncode to encode the content. If we check the return type of the Html.TextBox method we will find that it’s MvcHtmlString, which was implemented the IHtmlString interface dynamically. That is the reason why the “<input name="name" id="name" type="text"/>” was not encoded by <%: %>. So if we want to tell ASP.NET MVC, or I should say the ASP.NET runtime that the content is Html-safe and no need, or should not be encoded we can convert the content into IHtmlString. So another resolution would be like this. Also we can create an extension method as well for better developing experience. 1: using System; 2: using System.Collections.Generic; 3: using System.Linq; 4: using System.Web; 5: using System.Web.Mvc; 6:  7: namespace ShaunXu.Blogs.IHtmlStringIssue 8: { 9: public static class Helpers 10: { 11: public static MvcHtmlString IsHtmlSafe(this string content) 12: { 13: return MvcHtmlString.Create(content); 14: } 15: } 16: } Then the view would be like this. And the page rendered correctly.         Summary In this post I explained a bit about the new markup in .NET 4.0 – <%: %> and its usage. I also explained a bit about how to control the page content, whether it should be encoded or not. We can see the ASP.NET MVC gives us more points to control the web pages.   Hope this helps, Shaun All documents and related graphics, codes are provided "AS IS" without warranty of any kind. Copyright © Shaun Ziyan Xu. This work is licensed under the Creative Commons License.

    Read the article

  • Google Games Chat, September 13

    Google Games Chat, September 13 The Google Games Chat (official motto: "Still not cancelled") is back for yet another rousing debate about industry trends, the state of gaming in general, and, frankly, any other random thoughts that happen to cross our minds. We don't really filter what we say very much. This week, we'll be talking about App Discovery, a subject near and dear to everybody's heart. From: GoogleDevelopers Views: 0 2 ratings Time: 00:00 More in Science & Technology

    Read the article

  • Marvell TOPDOG (TM) PCI-Express 802.11n Wireless (EC85)

    - by Jareb
    I was running Windows Vista, but hard drive got wipe out and couldn't reinstall it, so I install Ubuntu. My problem is that I cannot get wireless internet. I have search and search, but nothing help or it was too old and the forms got removed. I'm new at Linux. My computer is Gateway M-6752, running a (I believe) Marvell TOPDOG (TM) PCI-Express 802.11n Wireless (EC85), driver. How do I get my wireless working?

    Read the article

  • Parallel task in C# 4.0

    - by Jalpesh P. Vadgama
    In today’s computing world the world is all about Parallel processing. You have multicore CPU where you have different core doing different work parallel or its doing same task parallel. For example I am having 4-core CPU as follows. So the code that I write should take care of this.C# does provide that kind of facility to write code for multi core CPU with task parallel library. We will explore that in this post. Read More

    Read the article

  • Best way to move your domain and keep the Google position

    - by netadictos
    I have to move one domain to a new one which is semantically better for SEO. I would like to know the best way to do it so that the new domain keeps the google position. I know the basic steps: to put a redirection 301 in the old one, with an apache script, it can be very detailed, but the important is the 301 header for google you can tell them through the webmaster tools page try to gain pagerank for the new domain

    Read the article

  • Will default applications be automatically changed during release upgrade?

    - by Jasper Loy
    Suppose LibreOffice and Banshee are set to replace OpenOffice and Rhythmbox in Natty Narwhal. Of course doing a fresh install will give me these new applications to be the default ones. However if I choose to upgrade via the update manager, will the old applications be uninstalled and the new ones installed automatically, or do I have to do these manually so that I get the same experience as a fresh install?

    Read the article

  • Coppock Chart

    This article demonstrates building a web based interactive chart and is my attempt to assimilate some of the recent updates and best practices that have emerged with Visual Studio 2010 and .NET Framework 4 into my software lexicon.

    Read the article

  • Hangouts API v1.1 Walkthrough

    Hangouts API v1.1 Walkthrough Introduction to 3 new features in v1.1 of the Hangouts API. This release introduces the ability for your app to respond to face movements in real time. It also provides a new overlay positioned relative to the video feed, new low-latency messages, Hangouts on Air support, the ability to enter any OAuth scope, and a few other miscellaneous features. From: GoogleDevelopers Views: 4425 0 ratings Time: 01:14 More in Science & Technology

    Read the article

  • The Problem Should Define the Process, Not the Tool

    - by thatjeffsmith
    All around awesome tool, but not the only gadget in your toolbox.I’m stepping down from my SQL Developer pulpit today and standing up on my philosophical soap box. I’m frequently asked to help folks transition from one set of database tools over to Oracle SQL Developer, which I’m MORE than happy to do. But, I’m not looking to simply change the way people interact with Oracle database. What I care about is your productivity. Is there a faster, more efficient way for you to connect the dots, get from A to B, or just get home to your kids or to the pub for happy hour? If you have defined a business process around a specific tool, what happens when that tool ‘goes away?’ Does the business stop? No, you feel immediate pain until you are able to re-implement the process using another mechanism. Where I get confused, or even frustrated, is when someone asks me to redesign our tool to match their problem. Tools are just tools. Saying you ‘can’t load your data anymore because XYZ’ isn’t valid when you could easily do that same task via SQL*Loader, Create Table As Selects, or 9 other different mechanisms. Sometimes changes brings opportunity for improvement in the process. Don’t be afraid to step back and re-evaluate a problem with a fresh set of eyes. Just trying to replicate your process in another tool exactly as it was done in the ‘old tool’ doesn’t always make sense. Quick sidebar: scheduling a Windows program to kick off thousands if not millions of table inserts from Excel versus using a ‘proper’ server process using SQL*Loader and or external tables means sacrificing scalability and reliability for convenience. Don’t let old habits blind you to new solutions and possibilities. Of couse I’m not going to sit here and say that our tools aren’t deficient in some areas or can’t be improved upon. But I bet if we work together we can find something that’s not only better for the business, but is also better for you. What do you ‘miss’ since you’ve started using SQL Developer as your primary Oracle database tools? I’d love to start a thread here and share ideas on how we can better serve you and your organizations needs. The end solution might not look exactly what you have in mind starting out, but I had no idea I’d be a Product Manager when I started college either What can you no longer ‘do’ since you picked up SQL Developer? What hurts more than it should? What keeps you from being great versus just good?

    Read the article

  • Google I/O 2011: Accelerated Android Rendering

    Google I/O 2011: Accelerated Android Rendering Romain Guy, Chet Haase Android 3.0 introduced a new hardware accelerated 2D rendering pipeline. In this talk, you will be introduced to the overall graphics architecture of the Android platform and get acquainted with the various rendering APIs at your disposal. You will learn how to choose the one that best fits your application. This talk will also deliver tips and tricks on how to use the new hardware accelerated pipeline to its full potential. From: GoogleDevelopers Views: 11086 62 ratings Time: 48:58 More in Science & Technology

    Read the article

  • Dartisans ep 12 - Dart and Web Components

    Dartisans ep 12 - Dart and Web Components Ask and vote for questions: developers.google.com Web Components are ushering in the "declarative renaissance" for modern web development. Watch this episode of Dartisans to learn how you can build Web Components with Dart, and compile them into JavaScript to run across the modern web. From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • How to download apps from different OS to USB and then transfer to Ubuntu?

    - by kb67
    I just installed Ubuntu on my old desktop computer, and I have to say—I freaking love it! Except at the moment I do not have internet connection (i'm using a unsecured connection) and i'm using my Windows 7 Laptop to get a connection to the web. I would love to install some useful apps on the desktop, but I can't figure out how to do this, is there any way to download Ubuntu/Linux apps on my windows computer and put them into a USB then transfer to the desktop?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 651 652 653 654 655 656 657 658 659 660 661 662  | Next Page >