Search Results

Search found 20 results on 1 pages for 'sanitizer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • PHP HTML sanitizer

    - by Mark Blades
    Hi, I'm wondering if anybody has used this class and found it to be reliable? http://www.phpclasses.org/package/3746-PHP-Remove-unsafe-tags-and-attributes-from-HTML-code.html Many thanks!

    Read the article

  • Ajax Control Toolkit July 2011 Release and the New HTML Editor Extender

    - by Stephen Walther
    I’m happy to announce the July 2011 release of the Ajax Control Toolkit which includes important bug fixes and a completely new HTML Editor Extender control. You can download the July 2011 Release by visiting the Ajax Control Toolkit CodePlex site at: http://AjaxControlToolkit.CodePlex.com Using the New HTML Editor Extender Control You can use the new HTML Editor Extender to extend any standard ASP.NET TextBox control so that it supports rich formatting such as bold, italics, bulleted lists, numbered lists, typefaces and different foreground and background colors. The following code illustrates how you can extend a standard ASP.NET TextBox control with the HtmlEditorExtender: <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Simple.aspx.cs" Inherits="WebApplication1.Simple" %> <%@ Register TagPrefix="asp" Namespace="AjaxControlToolkit" Assembly="AjaxControlToolkit" %> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Simple</title> </head> <body> <form id="form1" runat="server"> <asp:ToolkitScriptManager runat="Server" /> <asp:TextBox ID="txtComments" TextMode="MultiLine" Columns="60" Rows="8" runat="server" /> <asp:HtmlEditorExtender TargetControlID="txtComments" runat="server" /> </form> </body> </html> This page has the following three controls: ToolkitScriptManager – The ToolkitScriptManager renders all of the scripts required by the Ajax Control Toolkit. TextBox – The TextBox control is a standard ASP.NET TextBox which is set to display multiple lines (a TextArea instead of an Input element). HtmlEditorExtender – The HtmlEditorExtender is set to extend the TextBox control. You can use the standard TextBox Text property to read the rich text entered into the TextBox control on the server. Lightweight and HTML5 The HTML Editor Extender works on all modern browsers including the most recent versions of Mozilla Firefox (Firefox 5), Google Chrome (Chrome 12), and Apple Safari (Safari 5). Furthermore, the HTML Editor Extender is compatible with Microsoft Internet Explorer 6 and newer. The HTML Editor Extender is very lightweight. It takes advantage of the HTML5 ContentEditable attribute so it does not require an iframe or complex browser workarounds. If you select View Source in your browser while using the HTML Editor Extender, we hope that you will be pleasantly surprised by how little markup and script is generated by the HTML Editor Extender. Customizable Toolbar Buttons Depending on the web application that you are building, you will want to display different toolbar buttons with the HTML Editor Extender. One of the design goals of the HTML Editor Extender was to make it very easy for you to customize the toolbar buttons. Imagine, for example, that you want to use the HTML Editor Extender when accepting comments on blog posts. In that case, you might want to restrict the type of formatting that a user can display. You might want to enable a user to format text as bold or italic but you do not want the user to make any other formatting changes. The following page illustrates how you can customize the HTML Editor Extender toolbar: <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="CustomToolbar.aspx.cs" Inherits="WebApplication1.CustomToolbar" %> <%@ Register TagPrefix="asp" Namespace="AjaxControlToolkit" Assembly="AjaxControlToolkit" %> <html> <head runat="server"> <title>Custom Toolbar</title> </head> <body> <form id="form1" runat="server"> <asp:ToolkitScriptManager Runat="server" /> <asp:TextBox ID="txtComments" TextMode="MultiLine" Columns="50" Rows="10" Text="Hello <b>world!</b>" Runat="server" /> <asp:HtmlEditorExtender TargetControlID="txtComments" runat="server"> <Toolbar> <asp:Bold /> <asp:Italic /> </Toolbar> </asp:HtmlEditorExtender> </form> </body> </html> Notice that the HTML Editor Extender in the page above has a Toolbar subtag. You can list the toolbar buttons which you want to appear within the subtag. In the case above, only Bold and Italic buttons are displayed. Here is a complete list of the Toolbar buttons currently supported by the HTML Editor Extender: Undo Redo Bold Italic Underline StrikeThrough Subscript Superscript JustifyLeft JustifyCenter JustifyRight JustifyFull InsertOrderedList InsertUnorderedList CreateLink UnLink RemoveFormat SelectAll UnSelect Delete Cut Copy Paste BackgroundColorSelector ForeColorSelector FontNameSelector FontSizeSelector Indent Outdent InsertHorizontalRule HorizontalSeparator Of course the HTML Editor Extender was designed to be extensible. You can create your own buttons and add them to the control. Compatible with the AntiXSS Library When using the HTML Editor Extender on a public facing website, we strongly recommend that you use the HTML Editor Extender with the AntiXSS Library. If you allow users to submit arbitrary HTML, and you don’t take any action to strip out malicious markup, then you are opening your website to Cross-Site Scripting Attacks (XSS attacks). The HTML Editor Extender uses the Provider Model to support different Sanitizer Providers. The July 2011 release of the Ajax Control Toolkit ships with a single Sanitizer Provider which uses the AntiXSS library (see http://AntiXss.CodePlex.com ). A Sanitizer Provider is responsible for sanitizing HTML markup by removing any malicious elements, attributes, and attribute values. For example, the AntiXss Sanitizer Provider will take the following block of HTML: <b><a href=""javascript:doEvil()"">Visit Grandma</a></b> <script>doEvil()</script> And return the following sanitized block of HTML: <b><a href="">Visit Grandma</a></b> Notice that the JavaScript href and <SCRIPT> tag are both stripped out. Be aware that there are a depressingly large number of ways to sneak evil markup into your HTML. You definitely want a Sanitizer as a safety net. Before you can use the AntiXSS Sanitizer Provider, you must add three assemblies to your web application: AntiXSSLibrary.dll, HtmlSanitizationLibrary.dll, and SanitizerProviders.dll. All three assemblies are included with the CodePlex download of the Ajax Control Toolkit in the SanitizerProviders folder. Here’s how you modify your web.config file to use the AntiXSS Sanitizer Provider: <configuration> <configSections> <sectionGroup name="system.web"> <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/> </sectionGroup> </configSections> <system.web> <compilation targetFramework="4.0" debug="true"/> <sanitizer defaultProvider="AntiXssSanitizerProvider"> <providers> <add name="AntiXssSanitizerProvider" type="AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider"></add> </providers> </sanitizer> </system.web> </configuration> You can detect whether the HTML Editor Extender is using the AntiXSS Sanitizer Provider by checking the HtmlEditorExtender SanitizerProvider property like this: if (MyHtmlEditorExtender.SanitizerProvider == null) { throw new Exception("Please enable the AntiXss Sanitizer!"); } When the SanitizerProvider property has the value null, you know that a Sanitizer Provider has not been configured in the web.config file. Because the AntiXSS library requires Full Trust, you cannot use the AntiXSS Sanitizer Provider with most shared website hosting providers. Because most shared hosting providers only support Medium Trust and not Full Trust, we do not recommend using the HTML Editor Extender with a public website hosted with a shared hosting provider. Why a New HTML Editor Control? The Ajax Control Toolkit now includes two HTML Editor controls. Why did we introduce a new HTML Editor control when there was already an existing HTML Editor? We think you will like the new HTML Editor much more than the previous one. We had several goals with the new HTML Editor Extender: Lightweight – We wanted to leverage HTML5 to create a lightweight HTML Editor. The new HTML Editor generates much less markup and script than the previous HTML Editor. Secure – We wanted to make it easy to integrate the AntiXSS library with the HTML Editor. If you are creating a public facing website, we strongly recommend that you use the AntiXSS Provider. Customizable – We wanted to make it easy for users to customize the toolbar buttons displayed by the HTML Editor. Compatibility – We wanted to ensure that the HTML Editor will work with the latest versions of the most popular browsers (including Internet Explorer 6 and higher). The old HTML Editor control is still included in the Ajax Control Toolkit and continues to live in the AjaxControlToolkit.HTMLEditor namespace. We have not modified the control and you can continue to use the control in the same way as you have used it in the past. However, we hope that you will consider migrating to the new HTML Editor Extender for the reasons listed above. Summary We’ve introduced a new Ajax Control Toolkit control with this release. I want to thank the developers and testers on the Superexpert team for the huge amount of work which they put into this control. It was a non-trivial task to build an entirely new control which has the complexity of the HTML Editor in less than 6 weeks. Please let us know what you think! We want to hear your feedback. If you discover issues with the new HTML Editor Extender control, or you have questions about the control, or you have ideas for how it can be improved, then please post them to this blog. Tomorrow starts a new sprint

    Read the article

  • Announcing the June 2012 Release of the Ajax Control Toolkit

    - by Stephen.Walther
    I’m excited to announce the June 2012 release of the Ajax Control Toolkit. You can download the new release by visiting http://AjaxControlToolkit.CodePlex.com or (better) download the new release with NuGet: Install-Package AjaxControlToolkit The Ajax Control Toolkit continues to be super popular. The previous release (May 2012) had over 87,000 downloads from CodePlex.com and over 16,000 downloads from NuGet. That’s over 100,000 downloads in less than 2 months. Security Improvements for the HtmlEditorExtender Unfortunately, in the previous release, we made the HtmlEditorExtender too secure! We upgraded the version of the Microsoft Anti-Cross Site Scripting Library included in the Ajax Control Toolkit to the latest version (version 4.2.1) and the latest version turned out to be way too aggressive about stripping HTML. It not only strips dangerous tags such as <script> tags, it also strips innocent tags such as <b> tags. When the latest version of the Microsoft Anti-Cross Site Scripting Library is used with the HtmlEditorExtender, the library strips all rich content from the HtmlEditorExtender control which defeats the purpose of using the control. Therefore, we had to find a replacement for the Microsoft Anti-Cross Site Scripting Library. In this release, we’ve created a new HTML sanitizer built on the HTML Agility Pack. If you were using the AntiXssSanitizerProvider then you will need to substitute the HtmlAgilityPackSanitizerProvider. In particular, you need to modify the sanitizer sections in your Web.config file like this: <configuration> <configSections> <sectionGroup name="system.web"> <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit" /> </sectionGroup> </configSections> <system.web> <sanitizer defaultProvider="HtmlAgilityPackSanitizerProvider"> <providers> <add name="HtmlAgilityPackSanitizerProvider" type="AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider"></add> </providers> </sanitizer> </system.web> </configuration> We made one other backwards-breaking change to improve the security of the HtmlEditorExtender. We want to make sure that users don’t accidently use the HtmlEditorExtender without an HTML sanitizer by accident. Therefore, if you don’t configure a HTML sanitizer provider in the web.config file then you’ll get the following error: If you really want to use the HtmlEditorExtender without using an HTML sanitizer – for example, you are using the HtmlEditorExtender for an Intranet application and you trust all of your fellow employees – then you can explicitly indicate that you don’t want to enable HTML sanitization by setting the EnableSanitization property to false like this: <ajaxToolkit:HtmlEditorExtender TargetControlID="txtComments" EnableSanitization="false" runat="server" /> Please don’t ever set the EnableSanitization property to false for a public website. If you disable HTML sanitization then you are making your website an easy target for Cross-Site Scripting attacks. Lots of Fixes for the ComboBox Control In the latest release, we also made several important bug fixes and feature enhancements to the ComboBox control. Here’s the list of issues that we fixed: 22930 — ComboBox doesn’t close its drop down list when losing input focus to another ComboBox control 23140 — ComboBox Issues – Delete, Backspace, Period 23142 — ComboxBox SelectedIndex = -1 does not clear text 24440 — ComboBox postback on enter 25295 — ComboBox problems when container is hidden at page load 25469 — ComboBox – MaxLength ignored 26686 — Backspace and Delete exception when optionList is null 27148 — Combobox breaks if ClientIDMode is static Fixes to Other Controls In this release, we also made bug fixes and enhancements to the UpdatePanelAnimation, Tabs, and Seadragon controls: 21310 — OnUpdated animation starts before OnUpdating has finished 26690 — Seadragon Control’s openTileSource() method doesn’t work (with fix) Title is required We also fixed an issue with the Tabs control which would result in an InvalidOperation exception. Summary I want to thank the Superexpert team for the hard work that they put into this release. In particular, I want to thank them for their effort in researching, building, and writing unit tests for the HtmlAgilityPack HTML sanitizer.

    Read the article

  • PHP sandbox/sanitize code passed to create_function

    - by kpowerinfinity
    Hello, I am using create_function to run some user-code at server end. I am looking for any of these two: Is there a way to sanitize the code passed to it to prevent something harmful from executing? Alternately, is there a way to specify this code to be run in a sandboxed environment so that the user can't play around with anything else. Thanks!

    Read the article

  • New January 2013 Release of the Ajax Control Toolkit

    - by Stephen.Walther
    I am super excited to announce the January 2013 release of the Ajax Control Toolkit! I have one word to describe this release and that word is “Charts” – we’ve added lots of great new chart controls to the Ajax Control Toolkit. You can download the new release directly from http://AjaxControlToolkit.CodePlex.com – or, just fire the following command from the Visual Studio Library Package Manager Console Window (NuGet): Install-Package AjaxControlToolkit You also can view the new chart controls by visiting the “live” Ajax Control Toolkit Sample Site. 5 New Ajax Control Toolkit Chart Controls The Ajax Control Toolkit contains five new chart controls: the AreaChart, BarChart, BubbleChart, LineChart, and PieChart controls. Here is a sample of each of the controls: AreaChart: BarChart: BubbleChart: LineChart: PieChart: We realize that people love to customize the appearance of their charts so all of the chart controls include properties such as color properties. The chart controls render the chart on the browser using SVG. The chart controls are compatible with any browser which supports SVG including Internet Explorer 9 and new and recent versions of Google Chrome, Mozilla Firefox, and Apple Safari. (If you attempt to display a chart on a browser which does not support SVG then you won’t get an error – you just won’t get anything). Updates to the HTML Sanitizer If you are using the HtmlEditorExtender on a public-facing website then it is really important that you enable the HTML Sanitizer to prevent Cross-Site Scripting (XSS) attacks. The HtmlEditorExtender uses the HTML Sanitizer by default. The HTML Sanitizer strips out any suspicious content (like JavaScript code and CSS expressions) from the HTML submitted with the HtmlEditorExtender. We followed the recommendations of OWASP and ha.ckers.org to identify suspicious content. We updated the HTML Sanitizer with this release to protect against new types of XSS attacks. The HTML Sanitizer now has over 220 unit tests. The Ajax Control Toolkit team would like to thank Gil Cohen who helped us identify and block additional XSS attacks. Change in Ajax Control Toolkit Version Format We ran out of numbers. The Ajax Control Toolkit was first released way back in 2006. In previous releases, the version of the Ajax Control Toolkit followed the format: Release Year + Date. So, the previous release was 60919 where 6 represented the 6th release year and 0919 represent September 19. Unfortunately, the AssembyVersion attribute uses a UInt16 data type which has a maximum size of 65,534. The number 70123 is bigger than 65,534 so we had to change our version format with this release. Fortunately, the AssemblyVersion attribute actually accepts four UInt16 numbers so we used another one. This release of the Ajax Control Toolkit is officially version 7.0123. This new version format should work for another 65,000 years. And yes, I realize that 7.0123 is less than 60,919, but we ran out of numbers. Summary I hope that you find the chart controls included with this latest release of the Ajax Control Toolkit useful. Let me know if you use them in applications that you build. And, let me know if you run into any issues using the new chart controls. Next month, back to improving the File Upload control – more exciting stuff.

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Adding the New HTML Editor Extender to a Web Forms Application using NuGet

    - by Stephen Walther
    The July 2011 release of the Ajax Control Toolkit includes a new, lightweight, HTML5 compatible HTML Editor extender. In this blog entry, I explain how you can take advantage of NuGet to quickly add the new HTML Editor control extender to a new or existing ASP.NET Web Forms application. Installing the Latest Version of the Ajax Control Toolkit with NuGet NuGet is a package manager. It enables you to quickly install new software directly from within Visual Studio 2010. You can use NuGet to install additional software when building any type of .NET application including ASP.NET Web Forms and ASP.NET MVC applications. If you have not already installed NuGet then you can install NuGet by navigating to the following address and clicking the giant install button: http://nuget.org/ After you install NuGet, you can add the Ajax Control Toolkit to a new or existing ASP.NET Web Forms application by selecting the Visual Studio menu option Tools, Library Package Manager, Package Manager Console: Selecting this menu option opens the Package Manager Console. You can enter the command Install-Package AjaxControlToolkit in the console to install the Ajax Control Toolkit: After you install the Ajax Control Toolkit with NuGet, your application will include an assembly reference to the AjaxControlToolkit.dll and SanitizerProviders.dll assemblies: Furthermore, your Web.config file will be updated to contain a new tag prefix for the Ajax Control Toolkit controls: <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> <pages> <controls> <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" /> </controls> </pages> </system.web> </configuration> The configuration file installed by NuGet adds the prefix ajaxToolkit for all of the Ajax Control Toolkit controls. You can type ajaxToolkit: in source view to get auto-complete in Source view. You can, of course, change this prefix to anything you want. Using the HTML Editor Extender After you install the Ajax Control Toolkit, you can use the HTML Editor Extender with the standard ASP.NET TextBox control to enable users to enter rich formatting such as bold, underline, italic, different fonts, and different background and foreground colors. For example, the following page can be used for entering comments. The page contains a standard ASP.NET TextBox, Button, and Label control. When you click the button, any text entered into the TextBox is displayed in the Label control. It is a pretty boring page: Let’s make this page fancier by extending the standard ASP.NET TextBox with the HTML Editor extender control: Notice that the ASP.NET TextBox now has a toolbar which includes buttons for performing various kinds of formatting. For example, you can change the size and font used for the text. You also can change the foreground and background color – and make many other formatting changes. You can customize the toolbar buttons which the HTML Editor extender displays. To learn how to customize the toolbar, see the HTML Editor Extender sample page here: http://www.asp.net/ajaxLibrary/AjaxControlToolkitSampleSite/HTMLEditorExtender/HTMLEditorExtender.aspx Here’s the source code for the ASP.NET page: <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication1.Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Add Comments</title> </head> <body> <form id="form1" runat="server"> <div> <ajaxToolkit:ToolkitScriptManager ID="TSM1" runat="server" /> <asp:TextBox ID="txtComments" TextMode="MultiLine" Columns="50" Rows="8" Runat="server" /> <ajaxToolkit:HtmlEditorExtender ID="hee" TargetControlID="txtComments" Runat="server" /> <br /><br /> <asp:Button ID="btnSubmit" Text="Add Comment" Runat="server" onclick="btnSubmit_Click" /> <hr /> <asp:Label ID="lblComment" Runat="server" /> </div> </form> </body> </html> Notice that the page above contains 5 controls. The page contains a standard ASP.NET TextBox, Button, and Label control. However, the page also contains an Ajax Control Toolkit ToolkitScriptManager control and HtmlEditorExtender control. The HTML Editor extender control extends the standard ASP.NET TextBox control. The HTML Editor TargetID attribute points at the TextBox control. Here’s the code-behind for the page above:   using System; namespace WebApplication1 { public partial class Default : System.Web.UI.Page { protected void btnSubmit_Click(object sender, EventArgs e) { lblComment.Text = txtComments.Text; } } }   Preventing XSS/JavaScript Injection Attacks If you use an HTML Editor -- any HTML Editor -- in a public facing web page then you are opening your website up to Cross-Site Scripting (XSS) attacks. An evil hacker could submit HTML using the HTML Editor which contains JavaScript that steals private information such as other user’s passwords. Imagine, for example, that you create a web page which enables your customers to post comments about your website. Furthermore, imagine that you decide to redisplay the comments so every user can see them. In that case, a malicious user could submit JavaScript which displays a dialog asking for a user name and password. When an unsuspecting customer enters their secret password, the script could transfer the password to the hacker’s website. So how do you accept HTML content without opening your website up to JavaScript injection attacks? The Ajax Control Toolkit HTML Editor supports the Anti-XSS library. You can use the Anti-XSS library to sanitize any HTML content. The Anti-XSS library, for example, strips away all JavaScript automatically. You can download the Anti-XSS library from NuGet. Open the Package Manager Console and execute the command Install-Package AntiXSS: Adding the Anti-XSS library to your application adds two assemblies to your application named AntiXssLibrary.dll and HtmlSanitizationLibrary.dll. After you install the Anti-XSS library, you can configure the HTML Editor extender to use the Anti-XSS library your application’s web.config file: <?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <sectionGroup name="system.web"> <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/> </sectionGroup> </configSections> <system.web> <sanitizer defaultProvider="AntiXssSanitizerProvider"> <providers> <add name="AntiXssSanitizerProvider" type="AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider"></add> </providers> </sanitizer> <compilation debug="true" targetFramework="4.0" /> <pages> <controls> <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" /> </controls> </pages> </system.web> </configuration> Summary In this blog entry, I described how you can quickly get started using the new HTML Editor extender – included with the July 2011 release of the Ajax Control Toolkit – by installing the Ajax Control Toolkit with NuGet. If you want to learn more about the HTML Editor then please take a look at the Ajax Control Toolkit sample site: http://www.asp.net/ajaxLibrary/AjaxControlToolkitSampleSite/HTMLEditorExtender/HTMLEditorExtender.aspx

    Read the article

  • CodePlex Daily Summary for Wednesday, June 04, 2014

    CodePlex Daily Summary for Wednesday, June 04, 2014Popular ReleasesSEToolbox: SEToolbox 01.032.018 Release 1: Added ability to merge/join two ships, regardless of origin. Added Language selection menu to set display text language (for SE resources only), and fixed inherent issues. Added full support for Dedicated Servers, allowing use on PC without Steam present, and only the Dedicated Install. Added Browse button for used specified save game selection in Load dialog. Installation of this version will replace older version.DNN Blog: 06.00.07: Highlights: Enhancement: Option to show management panel on child modules Fix: Changed SPROC and code to ensure the right people are notified of pending comments. (CP-24018) Fix: Fix to have notification actions authentication assume the right module id so these will work from the messaging center (CP-24019) Fix: Fix to issue in categories in a post that will not save when no categories and no tags selectedcsv2xlsx: Source code: Source code of applicationHigLabo: HigLabo_20140603: Bug fix of MimeParser for nested MimeContent parsing.Family Tree Analyzer: Version 4.0.0.0-beta2: This major release introduces a significant new feature the ability to search the UK Ordnance Survey 50k Gazetteer for small placenames that often don't appear on a modern Google Map. This means significant numbers of locations that were previously not found by Google Geocoding will now be found by using OS Geocoding. In addition I've added support for loading the Scottish 1930 Parish boundary maps, whilst slightly different from the parish boundaries in use in the 1800s that are familiar to...TEncoder: 4.0.0: --4.0.0 -Added: Video downloader -Added: Total progress will be updated more smoothly -Added: MP4Box progress will be shown -Added: A tool to create gif image from video -Added: An option to disable trimming -Added: Audio track option won't be used for mpeg sources as default -Fixed: Subtitle position wasn't used -Fixed: Duration info in the file list wasn't updated after trimming -Updated: FFMpegSSIS Multiple Hash: Multiple Hash 1.6.2.3: Release Notes This release is an SQL 2014 fix release. It addresses the following: The 1.6.1.2 release's SQL 2014 installer didn't work for SQL 2014 RTM. The x64 installer also showed x86 for both x64 and x86 in SQL 2014. Please download the x64 of x32 file based on the bitness of your SQL Server installation. BIDS or SSDT/BI ONLY INSTALLS ARE NOT DETECTED. You MUST use the Custom install, to install when the popup is shown, and select which versions of SQL Server are available. A war...QuickMon: Version 3.14 (Pie release): This is unofficially the 'Pie' release. There are two big changes.1. 'Presets' - basically templates. Future releases might build on this to allow users to add more presets. 2. MSI Installer now allows you to choose components (in case you don't want all collectors etc.). This means you don't have to download separate components anymore (AllAgents.zip still included in case you want to use them separately) Some other changes:1. Add/changed default file extension for monitor packs to *.qmp (...VeraCrypt: VeraCrypt version 1.0d: Changes between 1.0c and 1.0d (03 June 2014) : Correct issue while creating hidden operating system. Minor fixes (look at git history for more details).Keepass2Android: 0.9.4-pre1: added plug-in support: See settings for how to get plug-ins! published QR plug-in (scan passwords, display passwords as QR code, transfer entries to other KP2A devices) published InputStick plugin (transfer credentials to your PC via bluetooth - requires InputStick USB stick) Third party apps can now simply implement querying KP2A for credentials. Are you a developer? Please add this to your app if suitable! added TOTP support (compatible with KeeOTP and TrayTotp) app should no l...The IRIS Toolbox Project: IRIS Reference Manual Release 20140602: Reference Manual for Release 20140602.Microsoft Web Protection Library: AntiXss Library 4.3.0: Download from nuget or the Microsoft Download Center This issue finally addresses the over zealous behaviour of the HTML Sanitizer which should now function as expected once again. HTML encoding has been changed to safelist a few more characters for webforms compatibility. This will be the last version of AntiXSS that contains a sanitizer. Any new releases will be encoding libraries only. We recommend you explore other sanitizer options, for example AntiSamy https://www.owasp.org/index....Z SqlBulkCopy Extensions: SqlBulkCopy Extensions 1.0.0: SqlBulkCopy Extensions provide MUST-HAVE methods with outstanding performance missing from the SqlBulkCopy class like Delete, Update, Merge, Upsert. Compatible with .NET 2.0, SQL Server 2000, SQL Azure and more! Bulk MethodsBulkDelete BulkInsert BulkMerge BulkUpdate BulkUpsert Utility MethodsGetSqlConnection GetSqlTransaction You like this library? Find out how and why you should support Z Project Become a Memberhttp://zzzproject.com/resources/images/all/become-a-member.png|ht...Tweetinvi a friendly Twitter C# API: Tweetinvi 0.9.3.x: Timelines- Added all the parameters available from the Timeline Endpoints in Tweetinvi. - This is available for HomeTimeline, UserTimeline, MentionsTimeline // Simple query var tweets = Timeline.GetHomeTimeline(); // Create a parameter for queries with specific parameters var timelineParameter = Timeline.CreateHomeTimelineRequestParameter(); timelineParameter.ExcludeReplies = true; timelineParameter.TrimUser = true; var tweets = Timeline.GetHomeTimeline(timelineParameter); Tweetinvi 0.9.3.1...Sandcastle Help File Builder: Help File Builder and Tools v2014.5.31.0: General InformationIMPORTANT: On some systems, the content of the ZIP file is blocked and the installer may fail to run. Before extracting it, right click on the ZIP file, select Properties, and click on the Unblock button if it is present in the lower right corner of the General tab in the properties dialog. This release completes removal of the branding transformations and implements the new VS2013 presentation style that utilizes the new lightweight website format. Several breaking cha...ClosedXML - The easy way to OpenXML: ClosedXML 0.71.2: More memory and performance improvements. Fixed an issue with pivot table field order.Magick.NET: Magick.NET 6.8.9.101: Magick.NET linked with ImageMagick 6.8.9.1. Breaking changes: - Int/short Set methods of WritablePixelCollection are now unsigned. - The Q16 build no longer uses HDRI, switch to the new Q16-HDRI build if you need HDRI.fnr.exe - Find And Replace Tool: 1.7: Bug fixes Refactored logic for encoding text values to command line to handle common edge cases where find/replace operation works in GUI but not in command line Fix for bug where selection in Encoding drop down was different when generating command line in some cases. It was reported in: https://findandreplace.codeplex.com/workitem/34 Fix for "Backslash inserted before dot in replacement text" reported here: https://findandreplace.codeplex.com/discussions/541024 Fix for finding replacing...SoundCloud Downloader: SC Downloader V1.0: Newest release Requirements .NET Framework 4.0/4.5 Changes since releasing the source Replaced ProgressBar and Buttons with the ones i created from scratch, you may use the .dll files on your own risk. Changed the authentication mode to Windows NOTE! When extracted, execute setup.exe to launch the installer! NOTE! ENJOY!VG-Ripper & PG-Ripper: VG-Ripper 2.9.59: changes NEW: Added Support for 'GokoImage.com' links NEW: Added Support for 'ViperII.com' links NEW: Added Support for 'PixxxView.com' links NEW: Added Support for 'ImgRex.com' links NEW: Added Support for 'PixLiv.com' links NEW: Added Support for 'imgsee.me' links NEW: Added Support for 'ImgS.it' linksNew Projects2112110148: 2112110148 Kieu Thi Phuong AnhAutoHelp: Inspired by Docy, AutoHelp exposes XML documentation embedded in sources code. a MVC 5 / typescripted connected on Webapi, AutoHelp is a modern HTML 5 appFeedbackata: An exercise in interactive development.Ideaa: A place to get inspired and find ideas about a topic you are interested inImpression Studio - Free presentation Maker Tool: Impression Studio is a free presentation maker tool based on impress.js library. It aims to be free alternative to prezi. This tool is under heavy development.LavaMite: LavaMite is a program that aims to capture the random wax formations that arise in a lava lamp before it is bubbling freely.Load Runner - HTTP Pressure Test Tool: A Lightweight HTTP pressure test tool supports multi methods / content type / requests, written in C# 4.0.Microsoft Research Software Radio SDK: Microsoft Research Software Radio SDKMsp: MspPower Torrent: Windows PowerShell module enabling BitTorrent (R) functionalities.

    Read the article

  • CodePlex Daily Summary for Friday, June 06, 2014

    CodePlex Daily Summary for Friday, June 06, 2014Popular ReleasesVirto Commerce Enterprise Open Source eCommerce Platform (asp.net mvc): Virto Commerce 1.10: Virto Commerce Community Edition version 1.10. To install the SDK package, please refer to SDK getting started documentation To configure source code package, please refer to Source code getting started documentation This release includes bug fixes and improvements (including Commerce Manager localization and https support). More details about this release can be found on our blog at http://blog.virtocommerce.com.Load Runner - HTTP Pressure Test Tool: Load Runner 1.3: 1. gracefully stop distributed engine 2. added error handling for distributed load tasks if fail to send the tasks. 3. added easter egg ;-) NPOI: NPOI 2.1: Assembly Version: 2.1.0 New Features a. XSSFSheet.CopySheet b. Excel2Html for XSSF c. insert picture in word 2007 d. Implement IfError function in formula engine Bug Fixes a. fix conditional formatting issue b. fix ctFont order issue c. fix vertical alignment issue in XSSF d. add IndexedColors to NPOI.SS.UserModel e. fix decimal point issue in non-English culture f. fix SetMargin issue in XSSF g.fix multiple images insert issue in XSSF h.fix rich text style missing issue in XSSF i. fix cell...HigLabo: HigLabo_20140605: Modify AsciiCharOnly method implementation. Code clean up of RssItem.Description.51Degrees - Device Detection and Redirection: 3.1.2.3: Version 3.1 HighlightsDevice detection algorithm is over 100 times faster. Regular expressions and levenshtein distance calculations are no longer used. The device detection algorithm performance is no longer limited by the number of device combinations contained in the dataset. Two modes of operation are available: Memory – the detection data set is loaded into memory and there is no continuous connection to the source data file. Slower initialisation time but faster detection performanc...CS-Script for Notepad++ (C# intellisense and code execution): Release v1.0.27.0: CodeMap now indicates the type name for all members Implemented running scripts 'as administrator'. Just add '//css_npp asadmin' to the script and run it as usual. 'Prepare script for distribution' now aggregates script dependency assemblies. Various improvements in CodeSnipptet, Autcompletion and MethodInfo interactions with each other. Added printing line number for the entries in CodeMap (subject of configuration value) Improved debugging step indication for classless scripts ...Kartris E-commerce: Kartris v2.6003: Bug fixes: Fixed issue where category could not be saved if parent categories not altered Updated split string function to 500 chars otherwise problems with attribute filtering in PowerPack Improvements: If a user has group pricing below that available through qty discounts, that will show in place of the qty discountClosedXML - The easy way to OpenXML: ClosedXML 0.72.3: 70426e13c415 ClosedXML for .Net 4.0 now uses Open XML SDK 2.5 b9ef53a6654f Merge branch 'master' of https://git01.codeplex.com/forks/vbjay/closedxml 727714e86416 Fix range.Merge(Boolean) for .Net 3.5 eb1ed478e50e Make public range.Merge(Boolean checkIntersects) 6284cf3c3991 More performance improvements when saving.SEToolbox: SEToolbox 01.032.018 Release 1: Added ability to merge/join two ships, regardless of origin. Added Language selection menu to set display text language (for SE resources only), and fixed inherent issues. Added full support for Dedicated Servers, allowing use on PC without Steam present, and only the Dedicated Server install. Added Browse button for used specified save game selection in Load dialog. Installation of this version will replace older version.DNN Blog: 06.00.07: Highlights: Enhancement: Option to show management panel on child modules Fix: Changed SPROC and code to ensure the right people are notified of pending comments. (CP-24018) Fix: Fix to have notification actions authentication assume the right module id so these will work from the messaging center (CP-24019) Fix: Fix to issue in categories in a post that will not save when no categories and no tags selectedTEncoder: 4.0.0: --4.0.0 -Added: Video downloader -Added: Total progress will be updated more smoothly -Added: MP4Box progress will be shown -Added: A tool to create gif image from video -Added: An option to disable trimming -Added: Audio track option won't be used for mpeg sources as default -Fixed: Subtitle position wasn't used -Fixed: Duration info in the file list wasn't updated after trimming -Updated: FFMpegVeraCrypt: VeraCrypt version 1.0d: Changes between 1.0c and 1.0d (03 June 2014) : Correct issue while creating hidden operating system. Minor fixes (look at git history for more details).Microsoft Web Protection Library: AntiXss Library 4.3.0: Download from nuget or the Microsoft Download Center This issue finally addresses the over zealous behaviour of the HTML Sanitizer which should now function as expected once again. HTML encoding has been changed to safelist a few more characters for webforms compatibility. This will be the last version of AntiXSS that contains a sanitizer. Any new releases will be encoding libraries only. We recommend you explore other sanitizer options, for example AntiSamy https://www.owasp.org/index....Z SqlBulkCopy Extensions: SqlBulkCopy Extensions 1.0.0: SqlBulkCopy Extensions provide MUST-HAVE methods with outstanding performance missing from the SqlBulkCopy class like Delete, Update, Merge, Upsert. Compatible with .NET 2.0, SQL Server 2000, SQL Azure and more! Bulk MethodsBulkDelete BulkInsert BulkMerge BulkUpdate BulkUpsert Utility MethodsGetSqlConnection GetSqlTransaction You like this library? Find out how and why you should support Z Project Become a Memberhttp://zzzproject.com/resources/images/all/become-a-member.png|ht...Tweetinvi a friendly Twitter C# API: Tweetinvi 0.9.3.x: Timelines- Added all the parameters available from the Timeline Endpoints in Tweetinvi. - This is available for HomeTimeline, UserTimeline, MentionsTimeline // Simple query var tweets = Timeline.GetHomeTimeline(); // Create a parameter for queries with specific parameters var timelineParameter = Timeline.CreateHomeTimelineRequestParameter(); timelineParameter.ExcludeReplies = true; timelineParameter.TrimUser = true; var tweets = Timeline.GetHomeTimeline(timelineParameter); Tweetinvi 0.9.3.1...Sandcastle Help File Builder: Help File Builder and Tools v2014.5.31.0: General InformationIMPORTANT: On some systems, the content of the ZIP file is blocked and the installer may fail to run. Before extracting it, right click on the ZIP file, select Properties, and click on the Unblock button if it is present in the lower right corner of the General tab in the properties dialog. This release completes removal of the branding transformations and implements the new VS2013 presentation style that utilizes the new lightweight website format. Several breaking cha...Image View Slider: Image View Slider: This is a .NET component. We create this using VB.NET. Here you can use an Image Viewer with several properties to your application form. We wish somebody to improve freely. Try this out! Author : Steven Renaldo Antony Yustinus Arjuna Purnama Putra Andre Wijaya P Martin Lidau PBK GENAP 2014 - TI UKDWAspose for Apache POI: Missing Features of Apache POI WP - v 1.1: Release contain the Missing Features in Apache POI WP SDK in Comparison with Aspose.Words for dealing with Microsoft Word. What's New ?Following Examples: Insert Picture in Word Document Insert Comments Set Page Borders Mail Merge from XML Data Source Moving the Cursor Feedback and Suggestions Many more examples are yet to come here. Keep visiting us. Raise your queries and suggest more examples via Aspose Forums or via this social coding site.babelua: 1.5.6.0: V1.5.6.0 - 2014.5.30New feature: support quick-cocos2d-x project now; support text search in scripts folder now, you can use this function in Search Result Window;Credit Component: Credit Component: This is a sample release of Credit Component that has been made by Microsoft Visual Studio 2010. To try and use it, you need .NET framework 4.0 and Microsoft Visual Studio 2010 or newer as a minimum requirement in this download you will get media player as a sample application that use this component credit component as a main component media player source code as source code and sample usage of credit component credit component source code as source code of credit component important...New ProjectsBack Up Your SharePoint: SPSBackUp is a PowerShell script tool to Backup your SharePoint environment. It's compatible with SharePoint 2010 & 2013.ChoMy: mrkidconsoledemo: a basic app about the knowledge in c# domainDecision Architect Server Client in C#: This project is a client for Decision Architect Server API.InnVIDEO365 Agile SharePoint-Kaltura App: InnVIDEO365 Agile SharePoint - Kaltura App for SharePoint Online is a complete video content solution for Microsoft SharePoint Online.JacOS: JacOS is an open-source operating system created with COSMOSKISS Workflow Foundation: This project was born from the idea that everyone should be able to use Workflow Foundation in best conditions. It contain sample to take WF jump start!Media Player (Technology Area): A now simple, yet somehow complex music, photo viewer I have some plans for the best tools for the player in the futureMetalurgicaInstitucional: MetalurgicaInstitucionalmoodlin8: Moodlin8 try to exploit significant parts of Moodle, the popular LMS, in a mobile or fixed environment based on the Modern Interface of Windows 8.1.NewsletterSystem: This is a test projectpesho2: Ala bala portokalaProyecto web Lab4 Gioia lucas: proyecto para lab4 utn pachecoRallyRacer: TSD Rally Compute helperVideo-JS Webpart for Sharepoint: Video-JS Webpart for SharepointYanZhiwei_CSharp_UtilHelp: ??C#???????????API: ????? Web API

    Read the article

  • CodePlex Daily Summary for Saturday, June 07, 2014

    CodePlex Daily Summary for Saturday, June 07, 2014Popular ReleasesSFDL.NET: SFDL.NET (2.2.9.3): Changelog: Retry Bugfix (Error Counter wurde nicht korrekt zurückgesetzt) Neue Einstellung: Retry Wartezeit ist nun EinstellbarLoad Runner - HTTP Pressure Test Tool: Load Runner 1.2: 1. added support for distributed load test (read documentation for details) 2. added detail documentationAspose for Apache POI: Aspose.Words vs Apache POI WP - v 1.1: Release contain the Code Comparison for Features in Apache POI WP SDK and Aspose.Words What's New ?Following Examples: Working with Headers Working with Footers Access Ranges in Document Delete Ranges in Document Insert Before and After Ranges Feedback and Suggestions Many more examples are yet to come here. Keep visiting us. Raise your queries and suggest more examples via Aspose Forums or via this social coding site.babelua: 1.5.7.0: V1.5.7.0 - 2014.6.6Stability improvement: use "lua scripts folder" as lua search path when debugging;SEToolbox: SEToolbox 01.033.007 Release 1: Fixed breaking changes in Space Engineers in latest update. Installation of this version will replace older version.Virto Commerce Enterprise Open Source eCommerce Platform (asp.net mvc): Virto Commerce 1.10: Virto Commerce Community Edition version 1.10. To install the SDK package, please refer to SDK getting started documentation To configure source code package, please refer to Source code getting started documentation This release includes bug fixes and improvements (including Commerce Manager localization and https support). More details about this release can be found on our blog at http://blog.virtocommerce.com.NPOI: NPOI 2.1: Assembly Version: 2.1.0 New Features a. XSSFSheet.CopySheet b. Excel2Html for XSSF c. insert picture in word 2007 d. Implement IfError function in formula engine Bug Fixes a. fix conditional formatting issue b. fix ctFont order issue c. fix vertical alignment issue in XSSF d. add IndexedColors to NPOI.SS.UserModel e. fix decimal point issue in non-English culture f. fix SetMargin issue in XSSF g.fix multiple images insert issue in XSSF h.fix rich text style missing issue in XSSF i. fix cell...51Degrees - Device Detection and Redirection: 3.1.2.3: Version 3.1 HighlightsDevice detection algorithm is over 100 times faster. Regular expressions and levenshtein distance calculations are no longer used. The device detection algorithm performance is no longer limited by the number of device combinations contained in the dataset. Two modes of operation are available: Memory – the detection data set is loaded into memory and there is no continuous connection to the source data file. Slower initialisation time but faster detection performanc...CS-Script for Notepad++ (C# intellisense and code execution): Release v1.0.27.0: CodeMap now indicates the type name for all members Implemented running scripts 'as administrator'. Just add '//css_npp asadmin' to the script and run it as usual. 'Prepare script for distribution' now aggregates script dependency assemblies. Various improvements in CodeSnipptet, Autcompletion and MethodInfo interactions with each other. Added printing line number for the entries in CodeMap (subject of configuration value) Improved debugging step indication for classless scripts ...Kartris E-commerce: Kartris v2.6003: Bug fixes: Fixed issue where category could not be saved if parent categories not altered Updated split string function to 500 chars otherwise problems with attribute filtering in PowerPack Improvements: If a user has group pricing below that available through qty discounts, that will show in place of the qty discountClosedXML - The easy way to OpenXML: ClosedXML 0.72.3: 70426e13c415 ClosedXML for .Net 4.0 now uses Open XML SDK 2.5 b9ef53a6654f Merge branch 'master' of https://git01.codeplex.com/forks/vbjay/closedxml 727714e86416 Fix range.Merge(Boolean) for .Net 3.5 eb1ed478e50e Make public range.Merge(Boolean checkIntersects) 6284cf3c3991 More performance improvements when saving.DNN Blog: 06.00.07: Highlights: Enhancement: Option to show management panel on child modules Fix: Changed SPROC and code to ensure the right people are notified of pending comments. (CP-24018) Fix: Fix to have notification actions authentication assume the right module id so these will work from the messaging center (CP-24019) Fix: Fix to issue in categories in a post that will not save when no categories and no tags selectedcsv2xlsx: Source code: Source code of applicationFamily Tree Analyzer: Version 4.0.0.0-beta5: This major release introduces a significant new feature the ability to search the UK Ordnance Survey 50k Gazetteer for small placenames that often don't appear on a modern Google Map. This means significant numbers of locations that were previously not found by Google Geocoding will now be found by using OS Geocoding. In addition I've added support for loading the Scottish 1930 Parish boundary maps, whilst slightly different from the parish boundaries in use in the 1800s that are familiar to...TEncoder: 4.0.0: --4.0.0 -Added: Video downloader -Added: Total progress will be updated more smoothly -Added: MP4Box progress will be shown -Added: A tool to create gif image from video -Added: An option to disable trimming -Added: Audio track option won't be used for mpeg sources as default -Fixed: Subtitle position wasn't used -Fixed: Duration info in the file list wasn't updated after trimming -Updated: FFMpegVeraCrypt: VeraCrypt version 1.0d: Changes between 1.0c and 1.0d (03 June 2014) : Correct issue while creating hidden operating system. Minor fixes (look at git history for more details).Microsoft Web Protection Library: AntiXss Library 4.3.0: Download from nuget or the Microsoft Download Center This issue finally addresses the over zealous behaviour of the HTML Sanitizer which should now function as expected once again. HTML encoding has been changed to safelist a few more characters for webforms compatibility. This will be the last version of AntiXSS that contains a sanitizer. Any new releases will be encoding libraries only. We recommend you explore other sanitizer options, for example AntiSamy https://www.owasp.org/index....ConEmu - Windows console with tabs: ConEmu 140602 [Alpha]: ConEmu - developer build x86 and x64 versions. Written in C++, no additional packages required. Run "ConEmu.exe" or "ConEmu64.exe". Some useful information you may found: http://superuser.com/questions/tagged/conemu http://code.google.com/p/conemu-maximus5/wiki/ConEmuFAQ http://code.google.com/p/conemu-maximus5/wiki/TableOfContents If you want to use ConEmu in portable mode, just create empty "ConEmu.xml" file near to "ConEmu.exe" Tweetinvi a friendly Twitter C# API: Tweetinvi 0.9.3.x: Timelines- Added all the parameters available from the Timeline Endpoints in Tweetinvi. - This is available for HomeTimeline, UserTimeline, MentionsTimeline // Simple query var tweets = Timeline.GetHomeTimeline(); // Create a parameter for queries with specific parameters var timelineParameter = Timeline.CreateHomeTimelineRequestParameter(); timelineParameter.ExcludeReplies = true; timelineParameter.TrimUser = true; var tweets = Timeline.GetHomeTimeline(timelineParameter); Tweetinvi 0.9.3.1...Sandcastle Help File Builder: Help File Builder and Tools v2014.5.31.0: General InformationIMPORTANT: On some systems, the content of the ZIP file is blocked and the installer may fail to run. Before extracting it, right click on the ZIP file, select Properties, and click on the Unblock button if it is present in the lower right corner of the General tab in the properties dialog. This release completes removal of the branding transformations and implements the new VS2013 presentation style that utilizes the new lightweight website format. Several breaking cha...New Projects.NET Extended Framework: .NET Extended FrameworkActivity Diagram: This is an attempt to parse C# Operation source and convert them into UML Activity Diagrams. The development of a suitable diagram editor is the next priorityBango Payment Flow in-app payments: Bango Payment Flow in-app paymentsDeckEditor: ?????????????????????????????????。 ?????????、CSV????、???????????。demodjango: just a demo project to record how to using djangoExport Bugs: This application will export all the bugs in a current project from TFS. It also has the option to export all attachments in the current projectFantom - Expression Based Dynamic Language Manager: Easy Dynamic Language (over MSSQL) Management for Asp.Net Web Forms. Very easy create dynamic multi language Asp.Net web site.JIRAShell: Provides PowerShell cmdlets for working with JIRA.PipeUtil: PipeUtil is a library that simplifies use the feature PIPE windows. Has the capability of client and server with threads support.Post Deployment Smoke Tester: This tool enables you to easily carry out post deployment smoke tests against your installed deployments to determine if your environment is in a good state.Quan Ly Dang Ki Internet: quan ly dang ki internetToolKD: ToolKD console application designed to change the binary code for directories that are used KitchenDraw program. Wiki Parsing Service: A web service to Parse wiki mark-up to HTML and vice versaXBee-API for .NET: This is .NET library for communication with XBee/XBee-Pro series 1 (IEEE 802.15.4) and series 2 (ZB/ZigBee Pro) OEM RF Modules. XPinterest: XPinterestZSoft-CMS: the project is going to use a new approach other than regular modular cms es.

    Read the article

  • CodePlex Daily Summary for Tuesday, June 03, 2014

    CodePlex Daily Summary for Tuesday, June 03, 2014Popular ReleasesQuickMon: Version 3.14 (Pie release): This is unofficially the 'Pie' release. There are two big changes.1. 'Presets' - basically templates. Future releases might build on this to allow users to add more presets. 2. MSI Installer now allows you to choose components (in case you don't want all collectors etc.). This means you don't have to download separate components anymore (AllAgents.zip still included in case you want to use them separately) Some other changes:1. Add/changed default file extension for monitor packs to *.qmp (...VeraCrypt: VeraCrypt version 1.0d: Changes between 1.0c and 1.0d (03 June 2014) : Correct issue while creating hidden operating system. Minor fixes (look at git history for more details).Keepass2Android: 0.9.4-pre1: added plug-in support: See settings for how to get plug-ins! published QR plug-in (scan passwords, display passwords as QR code, transfer entries to other KP2A devices) published InputStick plugin (transfer credentials to your PC via bluetooth - requires InputStick USB stick) Third party apps can now simply implement querying KP2A for credentials. Are you a developer? Please add this to your app if suitable! added TOTP support (compatible with KeeOTP and TrayTotp) app should no l...Microsoft Web Protection Library: AntiXss Library 4.3.0: Download from http://www.microsoft.com/en-us/download/details.aspx?id=43126 This issue finally addresses the over zealous behaviour of the HTML Sanitizer which should now function as expected once again. HTML encoding has been changed to safelist a few more characters for webforms compatibility. This will be the last version of AntiXSS that contains a sanitizer. Any new releases will be encoding libraries only. We recommend you explore other sanitizer options, for example AntiSamy htt...Z SqlBulkCopy Extensions: SqlBulkCopy Extensions 1.0.0: SqlBulkCopy Extensions provide MUST-HAVE methods with outstanding performance missing from the SqlBulkCopy class like Delete, Update, Merge, Upsert. Compatible with .NET 2.0, SQL Server 2000, SQL Azure and more! Bulk MethodsBulkDelete BulkInsert BulkMerge BulkUpdate BulkUpsert Utility MethodsGetSqlConnection GetSqlTransaction You like this library? Find out how and why you should support Z Project Become a Memberhttp://zzzproject.com/resources/images/all/become-a-member.png|ht...Portable Class Library for SQLite: Portable Class Library for SQLite - 3.8.4.4: This pull request from mattleibow addresses an issue with custom function creation (define functions in C# code and invoke them from SQLite as id they where regular SQL functions). Impact: Xamarin iOSTweetinvi a friendly Twitter C# API: Tweetinvi 0.9.3.x: Timelines- Added all the parameters available from the Timeline Endpoints in Tweetinvi. - This is available for HomeTimeline, UserTimeline, MentionsTimeline // Simple query var tweets = Timeline.GetHomeTimeline(); // Create a parameter for queries with specific parameters var timelineParameter = Timeline.CreateHomeTimelineRequestParameter(); timelineParameter.ExcludeReplies = true; timelineParameter.TrimUser = true; var tweets = Timeline.GetHomeTimeline(timelineParameter); Tweetinvi 0.9.3.1...Sandcastle Help File Builder: Help File Builder and Tools v2014.5.31.0: General InformationIMPORTANT: On some systems, the content of the ZIP file is blocked and the installer may fail to run. Before extracting it, right click on the ZIP file, select Properties, and click on the Unblock button if it is present in the lower right corner of the General tab in the properties dialog. This release completes removal of the branding transformations and implements the new VS2013 presentation style that utilizes the new lightweight website format. Several breaking cha...Image View Slider: Image View Slider: This is a .NET component. We create this using VB.NET. Here you can use an Image Viewer with several properties to your application form. We wish somebody to improve freely. Try this out! Author : Steven Renaldo Antony Yustinus Arjuna Purnama Putra Andre Wijaya P Martin Lidau PBK GENAP 2014 - TI UKDWAspose for Apache POI: Missing Features of Apache POI WP - v 1.1: Release contain the Missing Features in Apache POI WP SDK in Comparison with Aspose.Words for dealing with Microsoft Word. What's New ?Following Examples: Insert Picture in Word Document Insert Comments Set Page Borders Mail Merge from XML Data Source Moving the Cursor Feedback and Suggestions Many more examples are yet to come here. Keep visiting us. Raise your queries and suggest more examples via Aspose Forums or via this social coding site.babelua: V1.5.6.0: V1.5.6.0 - 2014.5.30New feature: support quick-cocos2d-x project now; support text search in scripts folder now, you can use this function in Search Result Window;Credit Component: Credit Component: This is a sample release of Credit Component that has been made by Microsoft Visual Studio 2010. To try and use it, you need .NET framework 4.0 and Microsoft Visual Studio 2010 or newer as a minimum requirement in this download you will get media player as a sample application that use this component credit component as a main component media player source code as source code and sample usage of credit component credit component source code as source code of credit component important...SEToolbox: 01.032.014 Release 1: Added fix when loading game Textures for icons causing 'Unable to read beyond the end of the stream'. Added new Resource Report, that displays all in game resources in a concise report. Added in temp directory cleaner, to keep excess files from building up. Fixed use of colors on the windows, to work better with desktop schemes. Adding base support for multilingual resources. This will allow loading of the Space Engineers resources to show localized names, and display localized date a...ClosedXML - The easy way to OpenXML: ClosedXML 0.71.2: More memory and performance improvements. Fixed an issue with pivot table field order.Composite Iconote: Composite Iconote: This is a composite has been made by Microsoft Visual Studio 2013. Requirement: To develop this composite or use this component in your application, your computer must have .NET framework 4.5 or newer.Magick.NET: Magick.NET 6.8.9.101: Magick.NET linked with ImageMagick 6.8.9.1. Breaking changes: - Int/short Set methods of WritablePixelCollection are now unsigned. - The Q16 build no longer uses HDRI, switch to the new Q16-HDRI build if you need HDRI.fnr.exe - Find And Replace Tool: 1.7: Bug fixes Refactored logic for encoding text values to command line to handle common edge cases where find/replace operation works in GUI but not in command line Fix for bug where selection in Encoding drop down was different when generating command line in some cases. It was reported in: https://findandreplace.codeplex.com/workitem/34 Fix for "Backslash inserted before dot in replacement text" reported here: https://findandreplace.codeplex.com/discussions/541024 Fix for finding replacing...VG-Ripper & PG-Ripper: VG-Ripper 2.9.59: changes NEW: Added Support for 'GokoImage.com' links NEW: Added Support for 'ViperII.com' links NEW: Added Support for 'PixxxView.com' links NEW: Added Support for 'ImgRex.com' links NEW: Added Support for 'PixLiv.com' links NEW: Added Support for 'imgsee.me' links NEW: Added Support for 'ImgS.it' linksToolbox for Dynamics CRM 2011/2013: XrmToolBox (v1.2014.5.28): XrmToolbox improvement XrmToolBox updates (v1.2014.5.28)Fix connecting to a connection with custom authentication without saved password Tools improvement New tool!Solution Components Mover (v1.2014.5.22) Transfer solution components from one solution to another one Import/Export NN relationships (v1.2014.3.7) Allows you to import and export many to many relationships Tools updatesAttribute Bulk Updater (v1.2014.5.28) Audit Center (v1.2014.5.28) View Layout Replicator (v1.2014.5.28) Scrip...Microsoft Ajax Minifier: Microsoft Ajax Minifier 5.10: Fix for Issue #20875 - echo switch doesn't work for CSS CSS should honor the SASS source-file comments JS should allow multi-line comment directivesNew ProjectsAirline Management Solutions: Three layers architecture PHP Maria DB Metro-StyleBAOnline: tttboomteam: Fitness videoscsv2xlsx: this project was created to simplify process of converting csv text files to Excel tables. It uses Apache POI to work with Excel Hazza.ShapeField: Adds a field that lets you input the name of a shape to be displayed.HP AGM Monitor Service: Just for internal usage.HP AGM RestAPI Wrapper: HP AGM Rest API .Net WrapperIO Performance Verifier: IO Performance verifier is for verifying IO from fx SAN/NAS in a virtualized environment on Windows servers. Useful to verify SLA or configuration change effectIRIS Tutorials: This a repository of tutorials for the IRIS Toolbox project.Node Service Host: Host application to run node app as a service. Runs service as root with app as specified user, restarts, logging. Linux, OSX and windows.SEND SMS ALERT FROM YOUR SOFTWARE / WEBSITE: SMS API allows you to send SMS to all mobile operators across Pakistan or any other country at very very cheap rates. It allows you to send SMS through http://CSharePoint Audit Facilities Demo: Sample demo code for SharePoint Audit Log extraction and methods used. SharePoint Permission Analyzer: Permission Analyzer will scan through a SharePoint site collection and create a permission structure of the site. Works on SharePoint 2010 and SP 2013Spotify WinRT Component: WinRT Component wrapper for libspotify https://developer.spotify.com/technologies/libspotify/Windows API Interop Library: A collection of interop code in C# for the Windows API. Key exported methods, constants and structures defined. Some extension methods for WinForms controls.WPF Pricing unit: await async wpf Entity framework 6zzswire: ????

    Read the article

  • CodePlex Daily Summary for Thursday, June 05, 2014

    CodePlex Daily Summary for Thursday, June 05, 2014Popular Releases51Degrees - Device Detection and Redirection: 3.1.2.3: Version 3.1 HighlightsDevice detection algorithm is over 100 times faster. Regular expressions and levenshtein distance calculations are no longer used. The device detection algorithm performance is no longer limited by the number of device combinations contained in the dataset. Two modes of operation are available: Memory – the detection data set is loaded into memory and there is no continuous connection to the source data file. Slower initialisation time but faster detection performanc...CS-Script for Notepad++ (C# intellisense and code execution): Release v1.0.27.0: CodeMap now indicates the type name for all members Implemented running scripts 'as administrator'. Just add '//css_npp asadmin' to the script and run it as usual. 'Prepare script for distribution' now aggregates script dependency assemblies. Various improvements in CodeSnipptet, Autcompletion and MethodInfo interactions with each other. Added printing line number for the entries in CodeMap (subject of configuration value) Improved debugging step indication for classless scripts ...Load Runner - HTTP Pressure Test Tool: Load Runner 1.1: 1. added support for measuring total in time / hits / traffic / requests 2. abstracted log, default log to console / text file 3. refactored codeKartris E-commerce: Kartris v2.6003: Bug fixes: Fixed issue where category could not be saved if parent categories not altered Updated split string function to 500 chars otherwise problems with attribute filtering in PowerPack Improvements: If a user has group pricing below that available through qty discounts, that will show in place of the qty discountMagicaVoxel: MagicaVoxel Renderer ver 0.01: MagicaVoxel Renderer (Win 0.01)ClosedXML - The easy way to OpenXML: ClosedXML 0.72.3: 70426e13c415 ClosedXML for .Net 4.0 now uses Open XML SDK 2.5 b9ef53a6654f Merge branch 'master' of https://git01.codeplex.com/forks/vbjay/closedxml 727714e86416 Fix range.Merge(Boolean) for .Net 3.5 eb1ed478e50e Make public range.Merge(Boolean checkIntersects) 6284cf3c3991 More performance improvements when saving.MCE Controller: MCE Controller V1.8.6: BETA. Adds option to disable all internal commands. If the "Disable Internal Commands" checkbox in settings is checked, MCE Controller will disable all internally defined commands (e.g. VK key codes, single characters, mouse commands, etc...) and only respond to commands defined in the MCEControl.commmands file. Attempts to fix inability for clients to reconnect after they forcibly close the connection. Build 1.8.6.37445Visual F# Tools: Daily Builds Preview 06-04-2014: This preview is released for use under a proprietary license.SEToolbox: SEToolbox 01.032.018 Release 1: Added ability to merge/join two ships, regardless of origin. Added Language selection menu to set display text language (for SE resources only), and fixed inherent issues. Added full support for Dedicated Servers, allowing use on PC without Steam present, and only the Dedicated Server install. Added Browse button for used specified save game selection in Load dialog. Installation of this version will replace older version.Service monitor: Version 3.1: Added the ability of the tool to restart itself in 'Admin' mode without UAC prompt. Note that this only works after the tool has run in 'Admin' mode at least once before. This is only supported on Vista, Windows 7 or later. See my blog post on how it is done.DNN Blog: 06.00.07: Highlights: Enhancement: Option to show management panel on child modules Fix: Changed SPROC and code to ensure the right people are notified of pending comments. (CP-24018) Fix: Fix to have notification actions authentication assume the right module id so these will work from the messaging center (CP-24019) Fix: Fix to issue in categories in a post that will not save when no categories and no tags selectedTEncoder: 4.0.0: --4.0.0 -Added: Video downloader -Added: Total progress will be updated more smoothly -Added: MP4Box progress will be shown -Added: A tool to create gif image from video -Added: An option to disable trimming -Added: Audio track option won't be used for mpeg sources as default -Fixed: Subtitle position wasn't used -Fixed: Duration info in the file list wasn't updated after trimming -Updated: FFMpegQuickMon: Version 3.14 (Pie release): This is unofficially the 'Pie' release. There are two big changes.1. 'Presets' - basically templates. Future releases might build on this to allow users to add more presets. 2. MSI Installer now allows you to choose components (in case you don't want all collectors etc.). This means you don't have to download separate components anymore (AllAgents.zip still included in case you want to use them separately) Some other changes:1. Add/changed default file extension for monitor packs to *.qmp (...VeraCrypt: VeraCrypt version 1.0d: Changes between 1.0c and 1.0d (03 June 2014) : Correct issue while creating hidden operating system. Minor fixes (look at git history for more details).Keepass2Android: 0.9.4-pre1: added plug-in support: See settings for how to get plug-ins! published QR plug-in (scan passwords, display passwords as QR code, transfer entries to other KP2A devices) published InputStick plugin (transfer credentials to your PC via bluetooth - requires InputStick USB stick) Third party apps can now simply implement querying KP2A for credentials. Are you a developer? Please add this to your app if suitable! added TOTP support (compatible with KeeOTP and TrayTotp) app should no l...Microsoft Web Protection Library: AntiXss Library 4.3.0: Download from nuget or the Microsoft Download Center This issue finally addresses the over zealous behaviour of the HTML Sanitizer which should now function as expected once again. HTML encoding has been changed to safelist a few more characters for webforms compatibility. This will be the last version of AntiXSS that contains a sanitizer. Any new releases will be encoding libraries only. We recommend you explore other sanitizer options, for example AntiSamy https://www.owasp.org/index....Z SqlBulkCopy Extensions: SqlBulkCopy Extensions 1.0.0: SqlBulkCopy Extensions provide MUST-HAVE methods with outstanding performance missing from the SqlBulkCopy class like Delete, Update, Merge, Upsert. Compatible with .NET 2.0, SQL Server 2000, SQL Azure and more! Bulk MethodsBulkDelete BulkInsert BulkMerge BulkUpdate BulkUpsert Utility MethodsGetSqlConnection GetSqlTransaction You like this library? Find out how and why you should support Z Project Become a Memberhttp://zzzproject.com/resources/images/all/become-a-member.png|ht...Tweetinvi a friendly Twitter C# API: Tweetinvi 0.9.3.x: Timelines- Added all the parameters available from the Timeline Endpoints in Tweetinvi. - This is available for HomeTimeline, UserTimeline, MentionsTimeline // Simple query var tweets = Timeline.GetHomeTimeline(); // Create a parameter for queries with specific parameters var timelineParameter = Timeline.CreateHomeTimelineRequestParameter(); timelineParameter.ExcludeReplies = true; timelineParameter.TrimUser = true; var tweets = Timeline.GetHomeTimeline(timelineParameter); Tweetinvi 0.9.3.1...Sandcastle Help File Builder: Help File Builder and Tools v2014.5.31.0: General InformationIMPORTANT: On some systems, the content of the ZIP file is blocked and the installer may fail to run. Before extracting it, right click on the ZIP file, select Properties, and click on the Unblock button if it is present in the lower right corner of the General tab in the properties dialog. This release completes removal of the branding transformations and implements the new VS2013 presentation style that utilizes the new lightweight website format. Several breaking cha...Magick.NET: Magick.NET 6.8.9.101: Magick.NET linked with ImageMagick 6.8.9.1. Breaking changes: - Int/short Set methods of WritablePixelCollection are now unsigned. - The Q16 build no longer uses HDRI, switch to the new Q16-HDRI build if you need HDRI.New Projects12306helper: 12306 ????2112110044: dasda2112110202: asdfsdfsdfsd2112110298: TieuDan2112110315: vftgcdxfrBaidu PCS: BaiduPCSExcel2Sobek: Here the project Excel2Sobek is hosted. Excel2Sobek is a preprocessor in Excel's VBA for the SOBEK 2 hydrological and hydraulic simulation model by Deltares.Help Desk Pro: Manage a business of customer serviceMARGYE: MARGYE CMS CMR E-CommerceMemberBS: MemberBS20140605MiKroTik API: Api untuk menghubungkan aplikasi anda dengan router Mikrotik.MiniProfiler + Log4Net: Use MiniProfiler and Log4Net in ASP.NET projectStore Apps Unity App Base for Prism: This simple library provides an Application Base for a Windows Store application that automatically connects Unity to provide injection as the container.SuperCaptcha for MVC: Custom captcha control for MVCTC760240: myappwithfailuresWindows Phone 8 Dilbert Comic Reader: Basic WP8.1 app that displays comics from http://www.dilbert.com.x86 Proved: Prove what you run!

    Read the article

  • Rails in production environment not working,but it's working in development environment

    - by user1834759
    An ActionView::Template::Error occurred in posts#index: couldn't find file 'jquery' (in /opt/ruby_apps/bookdate-website/app/assets/javascripts/cpanel_app.coffee:1) sprockets (2.1.3) lib/sprockets/context.rb:100:in `resolve' An ActionView::Template::Error occurred in topics#show: cannot load such file -- html/tokenizer actionpack (3.2.8) lib/action_controller/vendor/html-scanner/html/sanitizer.rb:18:in `tokenize' sometimes there is an exception thrown like the one mentioned above,but sometime it works why? my ruby environment is ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux] Rails 3.2.8

    Read the article

  • How can I change or remove HttpRequest input arguments in a HttpModule

    - by Eric Gunn
    Is it possible to change or remove http request form inputs in an httpmodule? My goal is to create a security IHttpmodule that will check the request for reasonable values, such as limits on acceptable input and query parameter length, or use the AntiXSS Sanitizer to remove threats, log potential hack attempts, etc. before a request is passed on to a processor. Because this is a cross cutting concern I'd prefer to find a solution that applies to all requests and affects all ways request values could be accessed, Reqest.Form, Action(model), Action(FormCollection), HttpContext.Current.Request.Form, etc. I'm using MVC and have considered creating custom model binders to clean the data before creating the model instance. But that would be application specific, require remembering to register every model binder and only apply to Action(model).

    Read the article

  • Security considerations processing emails

    - by Timmy O' Tool
    I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

    Read the article

  • Make error in installing Math support for MediaWiki

    - by Masi
    How can you solve the following Make error in installing MediaWiki? ... /local/lib/site_perl . /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at t/maint/php-tag.t line 8. BEGIN failed--compilation aborted at t/maint/php-tag.t line 8. # Looks like your test died before it could output anything. t/maint/php-tag..........dubious Test returned status 255 (wstat 65280, 0xff00) t/maint/unix-newlines....ok Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/00-test.t 127 32512 ?? ?? ?? t/inc/Database.t 127 32512 ?? ?? ?? t/inc/Global.t 127 32512 ?? ?? ?? t/inc/IP.t 127 32512 ?? ?? ?? t/inc/ImageFunctions.t 127 32512 ?? ?? ?? t/inc/Language.t 127 32512 ?? ?? ?? t/inc/Licenses.t 127 32512 ?? ?? ?? t/inc/LocalFile.t 127 32512 ?? ?? ?? t/inc/Parser.t 127 32512 ?? ?? ?? t/inc/Revision.t 127 32512 ?? ?? ?? t/inc/Sanitizer.t 127 32512 ?? ?? ?? t/inc/Search.t 127 32512 ?? ?? ?? t/inc/Title.t 127 32512 ?? ?? ?? t/inc/Xml.t 127 32512 ?? ?? ?? t/maint/php-lint.t 254 65024 966 966 1-966 t/maint/php-tag.t 255 65280 ?? ?? ?? Failed 16/19 test scripts. 966/4248 subtests failed. Files=19, Tests=4248, 46 wallclock secs (33.15 cusr + 10.38 csys = 43.53 CPU) Failed 16/19 test programs. 966/4248 subtests failed. make: *** [test] Error 255

    Read the article

  • CodePlex Daily Summary for Saturday, May 29, 2010

    CodePlex Daily Summary for Saturday, May 29, 2010New ProjectsASP.NET MVC Time Planner: ASP.NET MVC based time planner is example solution that introduces ASP.NET MVC, MSSQL AJAX and jQuery development.Blit Scripting Engine: Blit Scripting Engine provides developers using Microsofts XNA Framework the ability to implement a scripting solution to their games and other pro...Expression Evaluator: This is an article on how to build a basic expression evaluator. It can evaluate any numerical expression combined with trigonometric functions for...Log Analyzer: This project has the aim to help developers to see live log/trace from their application applying visual styles to the grabbed text.LParse: LParse is a monadic parser combinator library, similar to Haskell’s Parsec. It allows you create parsers on C# language. All parsers are first-clas...NeatHtml: NeatHtml™ is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. Untrusted conte...NeatUpload: The NeatUpload ™ ASP.NET component allows developers to stream uploaded files to storage (filesystem or database) and allows users to monitor uplo...NSoup: NSoup is a .NET port of the jsoup (http://jsoup.org) HTML parser and sanitizer originally written in Java. jsoup originally written by Jonathan He...Ordering: c# farm softwarephone7: Project for Windows Phone 7RestCall: A very simple library to make a simple REST call and deserialize to an object. It uses WCF REST Starter Kit and the .net serializer in: System.Runt...SCSM CSV Connector: CSV Connector allows you to specify a data file and mapping location and a scheuled interval in minutes. At each scheduled interval Service Manage...Silverlight Adorner Control: An Adorner is a custom FrameworkElement that is bound to a FrameworkElement and displays information about that element 'above' the element without...Simple Stupid Tools: Simple Stupid ToolsSQScriptRunner: Simple Quick Script Runner allows an administrator to run T-SQL Scripts against one or more servers with common characteristics. For example, an m...ssisassembly: ssisassemblySSRS Report RoboCopy: a tools used to pass a report from a server to anotherTeam Foundation Server Explorer: A standalone Team Foundation Server explorer that can be used to view and manage source files.New Releases(SocketCoder) Full Silverlight Web Video/Voice Conferencing: SocketCoderWebConferencingSystem_Compiled: Installing The Server: 1- before you start you should allow the SocketCoderWCService.MainService.exe service to use the TCP ports from 4528 to 4532...ASP.NET MVC Time Planner: MVC Time Planner - v0.0.1.0: First public alpha of MVC Time Planner is now available. I got a lot of letters from my ASP.NET blog readers who are interested in this example sol...AvalonDock: AvalonDock 1.3.3384: Welcome to AvalonDock 1.3 This is the new version of AvalonDock targetting .NET 4 These are the main features that are included: - Target Microso...Blit Scripting Engine: Blit Scripting Engine 1.0: This marks the initial release of the Blit Scripting Engine. It provides the ability to compile scripts to an assembly, load pre-compiled assemblie...Community Forums NNTP bridge: Community Forums NNTP Bridge V12: Release of the Community Forums NNTP Bridge to access the social and anwsers MS forums with a single, open source NNTP bridge. This release has add...Community Forums NNTP bridge: Community Forums NNTP Bridge V13: Release of the Community Forums NNTP Bridge to access the social and anwsers MS forums with a single, open source NNTP bridge. This release has add...CSharp Intellisense: V2.4: bug fix: Pascal Casing, Single Selection and other selection errorsExpression Evaluator: Expression Evaluator - Visual Studio 2010: Visual Studio 2010 VersionFacebook Graph Toolkit: Preview 2: Preview 2 updates the source to be much more like the Facebook PHP-SDK. Additionally, the code has been updated to follow StyleCop framework rules....Facebook Graph Toolkit: Preview 3: Rest API now working although not fully tested. Removed JsonObject and JsonArray custom dynamic objects in favor of standard ExpandoObject and List...Free Silverlight & WPF Chart Control - Visifire: Visifire SL and WPF Charts v3.1.1 beta Released: Hi, Today we are releasing the two most awaited features i.e, Logarithmic axis and auto update of y-axis while Scrolling and Zooming. * Logar...Free Silverlight & WPF Chart Control - Visifire: Visifire SL and WPF Charts v3.5.4 beta Released: Hi, Today we are releasing the two most awaited features i.e, Logarithmic axis and auto update of y-axis while Scrolling and Zooming. Logarithmic...Fulcrum: Fulcrum 1.0: Initial release.Git Source Control Provider: V 0.3: V 0.3 Add automatic status refresh when files in solution folder changedIBCSharp: IBCSharp 1.04: What IBCSharp 1.04.zip unzips to: http://i50.tinypic.com/205qofl.png IBCSharp Change Log 1.04 - 5/28/2010 Updated IBClient.dll to IB API version...MapWindow6: MapWindow 6.0 May 28 2010: This shifts the projection library to System.Spatial.Projections instead of MWProj4. This also fixes a meter/feet conversion error.Microsoft Health Common User Interface: Release 8.2.51.000: This is version 8.2 of the Microsoft® Health Common User Interface Control Toolkit. This release includes code updates to controls as listed below....NeatHtml: NeatHtml-trunk.221: Adds support for Internet Explorer Mobile 6.NeatUpload: NeatUpload-1.3.25: Fixes the following bugs: SWFUpload.swf could not be served by a CDN because it was embedded without setting allowScriptAccess="always". NeatUpl...NSoup: NSoup 0.1: Initial port release. Corresponds to jsoup version 0.3.1.Numina Application/Security Framework: Numina.Framework Core 53265: Visit http://framework.numina.net to help get you started.Nuntio Content: Nuntio Content 4.2.0: This upgrades MagicContent instances to the latest version that is now called NuntioContent. While this release is quite stable it is still marked ...patterns & practices: Composite WPF and Silverlight: ProjectLinker Source for VS2010 - May 2010: The ProjectLinker helps keep the source for two projects in sync by automatically creating a linked file in one project as files are added in anoth...phone7: Prism for WP7: This the first version of prism for wp7SCSM CSV Connector: SCSM CSV Connector Version 0.1: Release Notes This is the first release of the SCSM CSV Connector solution. It is an 'alpha' release and has only been tested by the developers on ...Silverlight Adorner Control: 1.0: Initial releaseSilverlight Web Comic: Comic 1.1.1: Comic Beta with functionality to button newSilverlight Web Comic: Web Comic 1.1: This version has a little implementation no visible about the future versions, options to new, save, and load. The next version has a better review...Simple.NET: Simple.Mocking 1.0.0.6: Initial version of a new mocking framework for .NET Revision 1: Expect.AnyInocationOn<T>(T target) changed to Expect.AnyInocationOn(object target...Sonic.Net: Sonic.Net v1.0.1 For Unity 2.0: This Version is a port to VS2010 of the codebase with support for unity 2.0. note: currently follows the xsd schema of the previous unity Configur...Squiggle - A Free open source Lan Messenger: Squiggle 1.0.2: v1.0 Release.Team Foundation Server Explorer: Beta 1: The first public beta release of the TFS Explorer.thinktecture WSCF.blue: WSCF.blue V1 Update (1.0.8): Bug fix release with the following fix: When an XmlArrayAttribute decorated member has IsNullable=false, and the List<T> or Collection option is s...VCC: Latest build, v2.1.30528.0: Automatic drop of latest buildVisual Studio 2010 AutoScroller Extension: AutoScroller v0.4: A Visual studio 2010 auto-scroller extension. Simply hold down your middle mouse button and drag the mouse in the direction you wish to scroll, fu...WatchersNET CKEditor™ Provider for DotNetNuke: CKEditor Provider 1.10.03: !!Whats New Added CKEditor 3.3 Revision 5542 changes Options: Default Toolbar Set to Full for Administrators Browser Window: Increased Size of ...Most Popular ProjectsRawrWBFS ManagerAJAX Control ToolkitMicrosoft SQL Server Product Samples: DatabaseSilverlight ToolkitWindows Presentation Foundation (WPF)patterns & practices – Enterprise LibraryMicrosoft SQL Server Community & SamplesPHPExcelASP.NETMost Active ProjectsAStar.netpatterns & practices – Enterprise LibraryBlogEngine.NETGMap.NET - Great Maps for Windows Forms & PresentationCommunity Forums NNTP bridgeRawrSqlServerExtensionsCustomer Portal Accelerator for Microsoft Dynamics CRMPAPpatterns & practices: Windows Azure Security Guidance

    Read the article

  • syntax error in sql query?

    - by user1550588
    I want to create some tables in database so for that i wright some queries to create table. but i got an error "there was a syntax error in your sql statement". I check all my queries but i am not able to find what syntax i wright wrong. here i attached my sql queries please told me what is wrong with queries. Thanks in advance. CREATE TABLE "WATER&SEWAGE" { "CUSTOMER_ID" VARCHAR, "POTABLE_WATER" VARCHAR, "HOT_WATER" VARCHAR, "SAFETY" VARCHAR, "T/P_VALVE+EXT" VARCHAR, "HEATER_TYPE" VARCHAR, "GAS_VENT_CONDITION" VARCHAR, "FIRE_BOX_CONDITION" VARCHAR, "PRESSURE" VARCHAR, "BACK_FLOW" VARCHAR, "PLUMBING_CONDITION" VARCHAR, "CABINET_CONDITION" VARCHAR, "3_COMP_SINK" VARCHAR, "WATER_HEATER" VARCHAR, "CLEAN_OUT_CONDITION" VARCHAR, "FLOOR_DRAIN" VARCHAR, "FLOOR_SINK" VARCHAR, "MAINTANANCE" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "TIME_AND_TETMPERATURE_REL" ("CUSTOMER_ID" INTEGER, "THERMOMTE_AVAILABLE" VARCHAR, "THERMO_TYPE" VARCHAR, "COLD_TEMP" VARCHAR, "FOOD_TYPE1" VARCHAR, "PROPER_COOLING" VARCHAR, "FOOD_TYPE2" VARCHAR, "COMPLIANCE" VARCHAR, "FOOD_TYPE3" VARCHAR, "TPHC" VARCHAR, "HACCP" VARCHAR, "HOT_HOLDING_TEMP" VARCHAR, "FOOD_TYPE4" VARCHAR, "HOT_TEMP" VARCHAR, "FOOD_TYPE5" VARCHAR, "IMPROPER_REHEATING" VARCHAR, "FOOD_TYPE6" VARCHAR, "FOOD_OUT_OF_TEMP" VARCHAR, "WRITTEN_PLAN_FILES" VARCHAR, "EMPLOYEE_KNOWLEDGE" VARCHAR, "TIME_KEEPING_METHODS" VARCHAR, "HACCP_METHODS" VARCHAR, "CALIBRATION" VARCHAR, "COOKING_TEMP" VARCHAR, "EQUIP_CONDITION" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "PROTECTION_FROM_CONTAMINATION" ("FOOD_ADULTERATION" VARCHAR, "FOOD_SPOILAGE" VARCHAR, "CONTAMINATION" VARCHAR, "FOOD_STORAGE" VARCHAR, "REFRIGRATORS" VARCHAR, "FREEZER" VARCHAR, "FIFO" VARCHAR, "DRY" VARCHAR, "DISHWASHING_CHEMICALS" VARCHAR, "CLEANING" VARCHAR, "SANITIZER" VARCHAR, "SUPPLY_EQUIPMENT" VARCHAR, "PESTICIDES" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR, "CUSTOMER_ID" INTEGER) CREATE TABLE "PHYSICAL_FACILITIES_2" ("CUSTOMER_ID" VARCHAR, "CEILING" VARCHAR, "WINDOWS" VARCHAR, "SPOILS_STORAGE" VARCHAR, "DOORS" VARCHAR, "PERSONAL_LOCKERS" VARCHAR, "FLOORS" VARCHAR, "CONDITION" VARCHAR, "HANDICAP" VARCHAR, "SELF_CLOSING_ROOM" VARCHAR, "TOILETS" VARCHAR, "TOILET_PAPER" VARCHAR, "TOILET_CONDITION" VARCHAR, "VENTILATION_CONDITION" VARCHAR, "MENS" VARCHAR, "MEN'S_VENTILATION" VARCHAR, "MEN'S_FLOOR_DRAWN" VARCHAR, "MEN'S_TOILET_STALLS" VARCHAR, "MEN'S_HAND_SINK" VARCHAR, "MEN'S_TOWELS" VARCHAR, "WOMEN'S" VARCHAR, "WOMEN'S_VENTILATION" VARCHAR, "WOMEN'S_FLOOR_DRAWN" VARCHAR, "WOMEN'S_TOILET_STALLS" VARCHAR, "WOMEN'S_HAND_SINK" VARCHAR, "WOMEN'S_TOWELS" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "PHYSICAL_FACILITIES_1" ("CUSTOMER_ID" VARCHAR, "LIGHTNING" VARCHAR, "KITCHEN" VARCHAR, "STORAGE" VARCHAR, "REFRIGRATION" VARCHAR, "JANITORIAL" VARCHAR, "INTERIOR" VARCHAR, "FIXTURE" VARCHAR, "FOOTCANDLES_1" VARCHAR, "FOOTCANDLES_2" VARCHAR, "FOOTCANDLES_3" VARCHAR, "FOOTCANDLES_4" VARCHAR, "FOOTCANDLES_5" VARCHAR, "EXTERIOR" VARCHAR, "WINDOWS" VARCHAR, "GLASS" VARCHAR, "SCREEN" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "PEST_CONTROL" ("CUSTOMER_ID" VARCHAR, "WALL/CEILING_PIPES" VARCHAR, "SANITATION" VARCHAR, "DOORS" VARCHAR, "SELF_CLOSING" VARCHAR, "RODENT_PROOF" VARCHAR, "VERMIN_PROOFING" VARCHAR, "FOUNDATION" VARCHAR, "ATTIC_VENTS" VARCHAR, "WINDOWS" VARCHAR, "TYPE_SCREENS" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "GENERAL_FOOD_SAFETY_REQ" ("CUSTOMER_ID" VARCHAR, "APPROVED_METHODS" VARCHAR, "DEFROST" VARCHAR, "FROZEN_FOOD" VARCHAR, "FOOD_WASHING" VARCHAR, "PRODUCE_1" VARCHAR, "FRUITS" VARCHAR, "GRAINS" VARCHAR, "VEGETABLES" VARCHAR, "SEPERATE_FROM_CONT" VARCHAR, "RAW" VARCHAR, "PRODUCE_2" VARCHAR, "STORED_BULK" VARCHAR, "STORAGE" VARCHAR, "FIFO" VARCHAR, "REFRIGRATAION" VARCHAR, "STORAGE_TEMP" VARCHAR, "HUMIDITY" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "FOOD_SAFETY_CERTIFICATION" ("CUSTOMER_ID" INTEGER,"OWNER" VARCHAR,"MANAGER" VARCHAR,"EMPLOYEE" VARCHAR,"NAME1" VARCHAR,"NAT'L_REGISTRY1" VARCHAR,"PROMETRIC1" VARCHAR,"SERVESAFE1" VARCHAR,"EXPIRATION1" VARCHAR,"NAME2" VARCHAR,"NAT'L_REGISTRY2" VARCHAR,"PROMETRIC2" VARCHAR,"SERVESAFE2" VARCHAR,"EXPIRATION2" VARCHAR,"COMMENTS" VARCHAR,"FOOD_TEMP" VARCHAR,"DISHWASHER" VARCHAR,"DANGER_ZONE" VARCHAR,"COOLING_FOODS" VARCHAR,"THAWING" VARCHAR,"REHEATING" VARCHAR,"THERMOMETERS" VARCHAR,"FIFO" VARCHAR,"HANDWASH" VARCHAR,"COOKING_TEMP" VARCHAR,"FOOD_POISONING_TYPES" VARCHAR,"EVEDENCE_PHOTOS" VARCHAR) CREATE TABLE "FOOD_FROM_APPROVED_SOURCES" ("CUSTOMER_ID" VARCHAR, "RECEIPTS" VARCHAR, "DELIVERY_DOOR" VARCHAR, "AIR_CURTAIN" VARCHAR, "VELOCITY" VARCHAR, "OFF_LOAD" VARCHAR, "INSPECTS" VARCHAR, "RODENTS" VARCHAR, "WARNING" VARCHAR, "SHELL_FISH" VARCHAR, "GULF_OYSTER" VARCHAR, "FOOD_OUT_OF_TEMP" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTO" VARCHAR) CREATE TABLE "FOOD_FACILITY_SITE_FACTS" ("CUSTOMER_ID" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE,"DBA" VARCHAR,"DISTRICT" VARCHAR,"CITY" VARCHAR,"ZIPCODE" VARCHAR,"ADDRESS" VARCHAR,"SEAT_NO" VARCHAR,"PHONE_NO" VARCHAR,"OWNER" VARCHAR,"PERSON_IN_CHARGE" VARCHAR,"WEBSITE" VARCHAR,"EMAIL" VARCHAR,"FACILITY_TYPE" VARCHAR,"SQ_FOOTAGE" VARCHAR,"NO_OF_SEATS" VARCHAR,"ALCOHOL_SALES" VARCHAR,"LTD_PREP" VARCHAR,"BUSINESS_LICENCE_NO" VARCHAR,"EXPIRATION" VARCHAR,"COMMENTS" VARCHAR,"EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "FOOD_DISPLAY_SELF_SERVICE" ("CUSTOMER_ID" VARCHAR, "SELF_SERVICE" VARCHAR, "LIDS" VARCHAR, "UTENSILS" VARCHAR, "HOW_OFTEN_CHANGED" VARCHAR, "SCOOP" VARCHAR, "SNEEZ_GUARD" VARCHAR, "DISHES" VARCHAR, "CROSS" VARCHAR, "SENITATION" VARCHAR, "MAINTANANCE" VARCHAR, "MECHANICAL_CONDITION" VARCHAR, "SERVICE_OF_UTENSIL" VARCHAR, "TIME" VARCHAR, "PRPER_FOOD_LABELING" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "EQUIPMENT/UTENSILS/LINES" ("CUSTOMER_ID" VARCHAR, "STORED_DISHES" VARCHAR, "CUPS" VARCHAR, "DAMAGED_DISHES" VARCHAR, "UTENSILS" VARCHAR, "LINES" VARCHAR, "COOLING_EQUIPMENT" VARCHAR, "COOK_WARE_STORAGE" VARCHAR, "CONDITION" VARCHAR, "STORAGE_LOCATION" VARCHAR, "NAPKINS" VARCHAR, "SANITATION" VARCHAR, "ADEQUATE_CAPACITY" VARCHAR, "HAZARDS" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "EMPLOYEE_HEALTH_AND_HYGENE" ("CSTOMER_ID" INTEGER, "COMUNICABLE_DIESEASE" VARCHAR, "WIPING_BAGS" VARCHAR, "DISCHARGE" VARCHAR, "LOCKERS" VARCHAR, "PROPER_HAND_WASH" VARCHAR, "RESTROOM_CONDITION" VARCHAR, "HANDWASH_STATION" VARCHAR, "HAIR_RESTRAINT" VARCHAR, "GLOVES_USED" VARCHAR, "WOUND_CARE" VARCHAR, "FOOD_SAMPLE_TESTING" VARCHAR, "GARMENT_CONDITION" VARCHAR, "HEALTH" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "DISH&WARE_WASHING" ("CUSTOMER_ID" INTEGER, "TYPE_OF_COMPARTMENT_SINK" VARCHAR, "PLUMBING_ISSUE1" VARCHAR, "QUATERNARY_AMMONIA" VARCHAR, "IODINE" VARCHAR, "HOT_WTR_SANIT_TEMP" VARCHAR, "PLUMBING_ISSUE2" VARCHAR, "HOT_WATER" VARCHAR, "TEMP" VARCHAR, "DISHWASHER_TYPE" VARCHAR, "WAQLL_CONDITION" VARCHAR, "SANITIZER_LEVELS" VARCHAR, "CHLORINE" VARCHAR, "SINK_OR_DISHWASHER" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR) CREATE TABLE "CORRECTIVE_ACTIONS" ("CUSTOMER_ID" VARCHAR, "CORRECTIVE_ACTIONS" VARCHAR) CREATE TABLE "CONSUMER_ADVISORY" ("CUSTOMER_ID" VARCHAR, "TRUTH_IN_MENU" VARCHAR, "MAJOR_CHAIN" VARCHAR, "TRANS_FAT" VARCHAR, "SCHOOL" VARCHAR, "PROHIBITED" VARCHAR, "CALORIES" VARCHAR, "COMMENTS" VARCHAR, "EVEDINCE_PHOTOS" VARCHAR) CREATE TABLE "COMPLAINS&ENFORCEMENTS" ("CUSTOMER_ID" VARCHAR, "PLAN_SUBMITTED" VARCHAR, "APPROVEL" VARCHAR, "CERTIFICATE_OF_OCCU" VARCHAR, "PRIOR_INSPEK_REPORT" VARCHAR, "LAST_INSPECTION_DATE" VARCHAR, "PERMIT_STATUS" VARCHAR, "POSTED" VARCHAR, "EXPIRATION" VARCHAR, "PERMIT_DISPLAYED" VARCHAR, "INSPECTION_REPORT_POSTING" VARCHAR, "COMMENTS" VARCHAR, "EVIDENCE_PHOTOS" VARCHAR)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1