Search Results

Search found 5623 results on 225 pages for 'prevent deletion'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 26/225 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • prevent javascript in the WMD editor's preview box

    - by Justin Grant
    There are many SO questions (e.g. here and here) about how to do server-side scrubbing of Markdown produced by the WMD editor to ensure the HTML generated doesn't contain malicious script, like this: <img onload="alert('haha');" src="http://www.google.com/intl/en_ALL/images/srpr/logo1w.png" /> Unfortunately, this still allows script to show up in the WMD client's preview box. I doubt this is a big deal since if you're scrubbing the HTML on the server, an attacker can't save the bad HTML so no one else will be able to see it later and have their cookies stolen or sessions hijacked by the bad script. But it's still kinda odd to allow an attacker to run any script in the context of your site, and it's probably a bad idea to allow the client preview window to allow different HTML than your server will allow. StackOverflow has clearly plugged this hole. How did they do it? [NOTE: I already figured this out but it required some tricky javascript debugging, so I'm answering my own question here to help others who may want to do ths same thing]

    Read the article

  • How to prevent session hijacking with SID (CGI perl)

    - by Gnippots
    I have a web app used by a small number of people (internal only) and am using a randomised sessionID that is stored under the user record and placed in various links. I have had a problem where users are sending links to each other which is allowing them to hijack the sender's session. What are some ways of preventing this from happening while still letting users send links to one another? Edit: The session ID in the link (which also contains $username) is just compared to what is stored in the User table. &incorrectLogin just prints an error followed by die; if ($sid) { $sth = $dbh->prepare("SELECT * FROM tbl_User WHERE UserID = '$username'"); $sth->execute(); $ref = $sth->fetchrow_hashref(); $session_chk = $ref->{'usr_sessionID'}; unless ($sid eq $session_chk) {&incorrectLogin;} } The problem is that if someone uses a link that is created by someone else, the page will load as them. I am not using cookies, and I recall being told in the past that CGI perl cookie handling is quite poor.

    Read the article

  • How to prevent Linux from deleting temporary files on shutdown

    - by Rajorshi
    Hi, I am using Ubutu 10.04. I have some apps that create a few temporary files in /tmp/<file> as part of their shutdown process. I want to inspect those files when the apps are closed in the event of a system shutdown. However, when the system comes up again I find that all temporary files have been deleted. How can I ask the system not to clear the files in /tmp/ on shutdown?

    Read the article

  • Prevent DTD download when parsing XML, redux

    - by harpo
    I have a folder full of XHTML files, and a console program to process them. The problem is, it doesn't work when I'm offline, because The remote name could not be resolved: 'www.w3.org' A number of sites, including this one, say to set the XmlResolver to null. That is not not working. I have tried setting the XmlResolver to null every way that I can think of: in the XmlDocument, in XmlTextReader, and in the XmlReaderSettings. I believe that it's just creating a default instance. I have also tried implementing my own XmlResolver, but I don't know what to return for external items. public class NonXmlResolver : XmlUrlResolver { public override object GetEntity( Uri absoluteUri, string role, Type ofObjectToReturn ) { if ( absoluteUri.Scheme == "http" ) throw new Exception("What you talking 'bout, Willis?"); else return base.GetEntity( absoluteUri, role, ofObjectToReturn ); } } The documents do not use any special entities, only pure XML. This is possible, right?

    Read the article

  • Prevent box shadow from showing on a specific side

    - by kaile
    Is there any way to create a css box-shadow in which regardless of the blur value, the shadow only appears on the desired sides? For example if I want to create a div with shadows on left and right sides and no shadow on the top or bottom. The div is not absolutely positioned and its height is determined by the content. -- Edit -- @ricebowl: I appreciate your answer. Maybe you can help with creating a complete solution to fix the problems stated in my reply to your solution... My page setup is as follows: <div id="container"> <div id="header"></div> <div id="content"></div> <div id="clearfooter"></div> </div> <div id="footer"></div> And CSS like this: #container {width:960px; min-height:100%; margin:0px auto -32px auto; position:relative; padding:0px; background-color:#e6e6e6; -moz-box-shadow: -3px 0px 5px rgba(0,0,0,.8), 3px 0px 5px rgba(0,0,0,.8);} #header {height:106px; position:relative;} #content {position:relative;} #clearFooter {height:32px; clear:both; display:block; padding:0px; margin:0px;} #footer {height:32px; padding:0px; position:relative; width:960px; margin:0px auto 0px auto;}

    Read the article

  • Prevent TEXTAREAs scroll by themselves on IE8

    - by Justin Grant
    IE8 has a known bug (per connect.microsoft.com) where typing or pasting text into a TEXTAREA element will cause the textarea to scroll by itself. This is hugely annoying and shows up in many community sites, including Wikipedia. The repro is this: open the HTML below with IE8 (or use any long page on wikipedia which will exhibit the same problem until they fix it) size the browser full-screen paste a few pages of text into the TEXTAREA move the scrollbar to the middle position now type one character into the textarea Expected: nothing happens Actual: scrossing happens on its own, and the insertion point ends up near the bottom of the textarea! Below is repro HTML (can also see this live on the web here: http://en.wikipedia.org/w/index.php?title=Text_box&action=edit) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <body> <div style="width: 80%"> <textarea rows="20" cols="80" style="width:100%;" ></textarea> </div> </body> </html>

    Read the article

  • How to prevent autoplay and run my own app when inserting an USB-Flash drive

    - by Thomas
    when inserting an USB-Flash drive, Windows normally opens the Autoplay dialog that offers to browse the drive or if there are multimedia files it offers to choose an app to open them. We developed a media player that is connected to the USB-Drive and registers itself as Mass Storage Device. What I need is, that when inserting the Player that this Dialog is not shown, but instead my own application is launched. Ideally the application would be on the Flash Drive itself, but as I understood is that Autorun is disabled for USB-Drives. It would be enough if a preinstalled application is launched. I already tried to catch the WM_DRIVE_CHANGE message, but this only works if my application is the top most window, otherwise the Autoplay Dialog is displayed. Best Tom

    Read the article

  • Prevent sqlite INJECTION ATTACKS on your own iPhone?

    - by Bonnie
    I always take precautions regarding SQL INJECTION ATTACKS when data is saved between someone's iPhone and a remote database on the cloud. But is it also necessary to do the same... when just saving data (using sqlite) from someone's cell phone, to a database that's just on their own phone? What's the worse they can do? Delete their own data (or tables) on their own phone? (If they really try hard enough.) Thanks.

    Read the article

  • How to prevent PHP variables from being arrays?

    - by MJB
    I think that (the title) is the problem I am having. I set up a MySQL connection, I read an XML file, and then I insert those values into a table by looping through the elements. The problem is, instead of inserting only 1 record, sometimes I insert 2 or 3 or 4. It seems to depend on the previous values I have read. I think I am reinitializing the variables, but I guess I am missing something -- hopefully something simple. Here is my code. I originally had about 20 columns, but I shortened the included version to make it easier to read. $ctr = 0; $sql = "insert into csd (id,type,nickname,hostname,username,password) ". "values (?,?,?,?,?,?)"; $cur = $db->prepare($sql); for ($ctr = 0; $ctr < $expected_count; $ctr++) { list ( $lbl, $type, $nickname, $hostname, $username, $password) = ""; $bind_vars = array(); $lbl = "csd_{$ctr}"; $type = $ref->itm->csds->$lbl->type; $nickname = $ref->itm->csds->$lbl->nickname; $hostname = $ref->itm->csds->$lbl->hostname; $username = $ref->itm->csds->$lbl->username; $password = $ref->itm->csds->$lbl->password; $bind_vars = array($id,$type,$nickname,$hostname,$username,$password); $res = $db->execute($cur, $bind_vars); # this is a separate function which works, but which only # does SELECTS and cannot be the problem. I include it because I # want to count the total rows. printf ("%d CSDs on that ITEM now.\n", CountCSDs($id_to_sync)); } P.S. I also tagged this SimpleXML because that is how I am reading the file, though that code is not included above. It looks like this: $Ref = simplexml_load_file($file);

    Read the article

  • Prevent two users from editing the same data

    - by Industrial
    Hi everyone, I have seen a feature in different web applications including Wordpress (not sure?) that warns a user if he/she opens an article/post/page/whatever from the database, while someone else is editing the same data simultaneously. I would like to implement the same feature in my own application and I have given this a bit of thought. Is the following example a good practice on how to do this? It goes a little something like this: 1) User A enters a the editing page for the mysterious article X. The database tableEvents is queried to make sure that no one else is editing the same page for the moment, which no one is by then. A token is then randomly being generated and is inserted into a database table called Events. 1) User B also want's to make updates to the article X. Now since our User A already is editing the article, the Events table is queried and looks like this: | timestamp | owner | Origin | token | ------------------------------------------------------------ | 1273226321 | User A | article-x | uniqueid## | 2) The timestamp is being checked. If it's valid and less than say 100 seconds old, a message appears and the user cannot make any changes to the requested article X: Warning: User A is currently working with this article. In the meantime, editing cannot be done. Please do something else with your life. 3) If User A decides to go on and save his changes, the token is posted along with all other data to update the database, and toggles a query to delete the row with token uniqueid##. If he decides to do something else instead of committing his changes, the article X will still be available for editing in 100 seconds for User B Let me know what you think about this approach! Wish everyone a great weekend!

    Read the article

  • Prevent Casual Piracy for Simple Utility

    - by Chad
    I've written a small utility that I wish to sell for less than $10. My primary concern is "casual piracy". The scenario that plays out in my mind is this: User buys the program, enjoys using it and tells their friends. The friends copy the application to their USB drives and take it home - using the application for free (maybe never realizing they should have purchased it. Since I've got absolutely no protection built in, it would just be a simple copy'n paste to pirate the app. The users who would be using the app are in close proximity to each other (work in the same environment), so casual piracy would likely occur frequently. Any ideas? Keeping in mind the app is cheap (partly to reduce casual piracy), and the level of effort to write the app hasn't been very demanding. Update: the app will run on any system that supports .NET 3.5.

    Read the article

  • Prevent Text Input expanding in IE

    - by Caroline
    Hi, I am having a problem with an input field in IE. The code is for a portlet and widths need to be dynamic as the user can place the portlet on any of the three columns in the page which all have different widths. As always it works fine in FF but not in IE. In order to make the width dyanaic I have set width="100%". Data to populate the text input comes from a DB. When the page is rendered if there is a long URL the text input expands to fill the contents in IE but in FF it just stays the same width (ie 100% of the TD that it lives in). How can I stop IE from changing the width in order to fit the contents. Setting the width to a fixed width of 100px fixes the issue but I need to have the width as a percentage in order to accommodate the layout of the portlet wherever it is put in on the page. I have tried overflow:hidden and word-wrap:break-word but I cant get either to work. Here is my input code and style sheets <td class="right" > <input type="text" class="validate[custom[url]]" value="" id="linkText" name="communicationLink" maxlength="500" maxsize="100" /> </td> .ofCommunicationsAdmin input { font-family: "Trebuchet MS"; font-size: 11px; font-weight:normal; color:#333333; overflow:hidden; } .ofCommunicationsAdmin #linkText { overflow:hidden; width:100%; border:1px #cccccc solid; background:#F4F7ED top repeat-x; } .ofCommunicationsAdmin td.right { vertical-align: top; text-align: left; }

    Read the article

  • Programatically prevent ASP .NET AJAX scripts from rendering

    - by cbp
    Does anyone know of a way that I can stop all the .NET AJAX scripts from rendering, even if a ScriptManager exists on the page? The ScriptManager's Visible property has been overridden and disabled so that you receive a NotImplementedException if you try to set the Visible property. The reason I would like to do this is that I don't want these large chunks of javascript all over my pages when they are not required. The ScriptManager needs to be included on the master page to ensure that only one ScriptManager is added, but it would be stupid to to have to have two versions of the same master page - one ajax enabled and one not. Edit: I am actually using Telerik's RadScriptManager with RadAjax, in case anyone knows a method using these classes instead.

    Read the article

  • How to prevent chrome from injecting content to webpage

    - by Nazariy
    Recently I have discovered that my application is misbehaving in Google Chrome. On a page with a form, after it was submitted, my application reloads page using simple method like this: header('Location: ' . $url); after that, page is rendered incorrectly and this content is injected to DOM <div id="sbi_camera_button" class="sbi_search" style="left: 0px; top: 0px; position: absolute; width: 29px; height: 27px; border: none; margin: 0px; padding: 0px; z-index: 2147483647; display: none; "></div> After manual page refresh everything works as expected. I'm not sure what causing this behavior, as I'm working in closed local environment and application works fine in Firefox. My application using following libraries (hosted locally): jQuery v1.7.1 jQuery UI 1.8.16 Bootstrap.js v 2.1.1 Can someone suggest me what can possibly cause this issue?

    Read the article

  • Will using https prevent client from accessing any confidential data inside JavaScript

    - by saveing saving
    I am working on an asp.net mvc web application, on the view i wrote the following JavaScript which calls an external web service :- <script type="text/javascript"> $(function() { $.getJSON("https://MyERPsystem.com/jw/web/json/hr/getsalary/byid?master_username=superadmin&password_hash=9449B5ABCFA9AFDA36B801351ED3DF66&employeeid=A200121", { //code goes here }, function(data) { $.each(data.items, function(i,item){ //code goes here }); }); }) </script> So if the external web service implements https, then does this means that the master_username and password_hash inside the javaScript cannot be seen by external users? Best Regards

    Read the article

  • How to prevent modal view controllers flashing when changing

    - by KP Overflow
    I have three view controllers, let's call them A, B and C. When a button is pressed on view A, view B is shown using presentModalViewController:animated: When the finish button is pressed on screen B, it dismisses itself. View A is notified whereupon it immediately shows view C, again using presentModalViewController:animated: The problem is that view A's content is momentarily flashed on the screen between view B closing and view C opening. I can get around this by making view A blank and moving it's current content to a new view, D. (For various reasons, I don't want view B to own view C, that's why it's not opening it) Am I over-complicating this? I'm sure there is a smarter way to go? ThanksT

    Read the article

  • Selectively prevent Session from being created

    - by Jean Barmash
    In my app, I have an external monitor that pings the app ever few minutes and measures its uptime / response time Every time the monitor connects, a new server session is created, so when I look at the number of sessions, it's always a minimum of 15, even during times where there are no actual users. I tried to address this with putting the session creation code into a filter, but that doesn't seem to do it - I guess session automatically gets created when the user opens the first page? all() { before = { if (actionName=='signin') { def session = request.session //creates session if not exists } } } I can configure the monitor to pass in a paramter if I need to (i.e. http://servername.com/?nosession, but not sure how to make sure the session isn't created.

    Read the article

  • Prevent Carousel scroll within scrollable Container (Sencha 2)?

    - by TragedyStruck
    I've got a Container with a header, content (Carousel) and a footer. The Container itself is therefor scrollable (vertical) to be able to scroll down to the footer. The Carousel can be swiped horizontally to change active item. I want to lock it to do only two thing: If starting to move vertically, only scroll Container If starting to move horizontally, only scroll Carousel If you now grab the Carousel you are able to scroll both ways at the same time. Example code: Ext.define('MyApp.view.MyContainer', { extend: 'Ext.Container', config: { scrollable: true, items: [ { xtype: 'container', items: [ { xtype: 'label', html: 'abc' } ] }, { xtype: 'carousel', height: 200, scrollable: false, items: [ { xtype: 'label', html: 'x' }, { xtype: 'label', html: 'y<br/>y<br/>y<br/>y<br/>y<br/>y<br/>y<br/>y' } ] }, { xtype: 'container', items: [ { xtype: 'label', html: 'def' } ] } ] } }); Using Sencha Touch 2.

    Read the article

  • Alternative to using c:out to prevent XSS

    - by lynxforest
    I'm working on preventing cross site scripting (XSS) in a Java, Spring based, Web application. I have already implemented a servlet filter similar to this example http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/ which sanitizes all the input into the application. As an extra security measure I would like to also sanitize all output of the application in all JSPs. I have done some research to see how this could be done and found two complementary options. One of them is the use of Spring's defaultHtmlEscape attribute. This was very easy to implement (a few lines in web.xml), and it works great when your output is going through one of spring's tags (ie: message, or form tags). The other option I have found is to not directly use EL expressions such as ${...} and instead use <c:out value="${...}" /> That second approach works perfectly, however due to the size of the application I am working on (200+ JSP files). It is a very cumbersome task to have to replace all inappropriate uses of EL expressions with the c:out tag. Also it would become a cumbersome task in the future to make sure all developers stick to this convention of using the c:out tag (not to mention, how much more unreadable the code would be). Is there alternative way to escape the output of EL expressions that would require fewer code modifications? Thank you in advance.

    Read the article

  • Prevent Console Return

    - by Steven
    Can a VB.NET Windows Forms Application be configured so that when run from the command-line, the command-line waits until the application exits before showing the next prompt?

    Read the article

  • Prevent some DataColumns in a DataTable from being bound to DataGridView

    - by Rajarshi
    Is there any way I can specify that some columns in a DataTable will not be automatically bound to a DataGridView when I set the DataSource property of the DataGridView to the DataTable. For example, if I have a DataTable with columns as "Id, Name" then can I specify that Id column will not be shown in DataGridView? I know I can set some Visible property in DataGridView after it is bound, but can I specify in the DataTable/DataColumn itself?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >