Search Results

Search found 57785 results on 2312 pages for 'rich clayton(at)oracle com'.

Page 10/2312 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Strategies for Accessing a Application with a COM API From PHP

    - by Alan Storm
    Background: Experienced PHP developer with a mostly *nix background. I'm writing a PHP application that needs to interact with a proprietary 3rd party system. The 3rd party system is Windows only. The PHP application will be living on a separate Linux based system The 3rd party application has been described as having a "COM API" that I'll need to talk to from the PHP application. What does this look like architecturally speaking? I'm starting with the COM section of the PHP manual, but I have specific questions. Specific Questions: Can I talk directly to a COM API from a PHP application running on another server? If so, how? (what PHP extensions would I need, or what protocols/PHP functions would I be using to talk to the API) If the answer to number 2 is no, I'd assume I'd need some kind of application on the Windows machine that can talk to COM, and then a service on the windows machine I can hit with PHP. Are there prebuilt frameworks for this kind of thing? Is this all nonsense and/or did I say something exceedingly stupid? (Quite possible, as I'm a little fuzzy on what "COM" does and doesn't cover) I'm obviously not looking for a full solution here, I'm just trying to get a general idea of what is and isn't possible and what kind of things I'll want to Google for. Thanks!

    Read the article

  • WIX: COM unregistration when removing one of two programs

    - by madbadger
    Hello, I am relatively new to WiX. It is a great tool, but I still need some time to learn it better. I have encountered a problem with registration and unregistration of a COM component. I have created installers for two applications, lets call them A and B. Both are using the same COM component. I have used the heat tool, as recommended. When installing A or B, the component is registered without any problems. But when I install A and B, then remove A (with Add/Remove programs) the COM class gets unregistered and B cannot use it anymore. Is there a clean solution to prevent this from happening? I would like to unregister the COM when BOTH A and B are uninstalled. Any help would be appreciated, Best regards, madbadger

    Read the article

  • How to call interface API from within COM server

    - by Alien01
    I have one com server with some interfaces exposing some API's COM class looks like below class ATL_NO_VTABLE CTask : public CComObjectRootEx<CComSingleThreadModel>, public CComCoClass<CTask, &CLSID_Task>, public ITask { public: STDMETHOD (Task)(); STDMETHOD (ABC)(); ... } Now this com server also contains one more class XYZ ABC API needs to call XYZ functionality STDMETHODIMP ABC() { XYZ xyz; xyz.dosomething(); } dosomething function need to call com server Task function, like below class XYZ { public: void dosomething() { // need to call Task function } }; How can this be done? Do I need to CoCreateInstance ITask in dosomething? I tried creating CTask taskl; in dosomething but it gave some errors.

    Read the article

  • Need to call COM component using reflection in .NET

    - by Usman
    I need to determine the COM component(unmanaged code) type and invoke the exposed interface's methods using reflection in C# at runtime. First What member of "Type" tells that type is COM component and we can take CLSID at runtime? Is Type.COMObject? I need to call methods of exposed interfaces as they called in unmanaged code using CoCreateInstance by passing CLSID and REFID ... I am using InvokeMember but it returns null or 0 as out parameter. How to pass out parameter in this case.? Is there any need to pass out parameter? As all my COM unmanaged code suppose to take last parameter as an OUT parameter and after executing it puts the result into that out param. But I've converted all my unmanaged COM code to .NET managed assemblies using tlbimp.exe.

    Read the article

  • COM/DCOM problem when hosting executable is run as a service

    - by Mitch
    I am struggling for days now with the following problem: We have an executable that hosts a COM server, say x.exe. The COM object is instantiated as follows on the calling site: hRes = CoCreateInstance(CLSID_InterceptX, NULL, CLSCTX_SERVER, IID_IInterceptX, (void**)&pInterceptX); It all works fine when x runs as an regular application. We have a tool (I don't know how it works) that encapsulates x.exe so that it runs as a service under Windows (x.exe is a running process). In this case, we never receive a COM call in x.exe (validated by logging). Here is the weird part: From logging the calling site, I can tell that the COM object has been successfully instantiated and also the call to an interface function does not produce an error (SUCEEDED(hres) is true). Any ideas?

    Read the article

  • How to declare and implement a COM interface on C# that inherits from another COM interface?

    - by Carlos Loth
    I'm trying to understand what is the correct why to implement COM interfaces from C# code. It is straightforward when the interface doesn't inherit from other base interface. Like this one: [ComImport, Guid("2047E320-F2A9-11CE-AE65-08002B2E1262"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IShellFolderViewCB { long MessageSFVCB(uint uMsg, int wParam, int lParam); } However things start to become weired when I need to implement an interface that inherits from other COM interfaces. For example, if I implement the IPersistFolder2 interface which inherits from IPersistFolder which inherits from IPersist as I usually on C# code: [ComImport, Guid("0000010c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IPersist { void GetClassID([Out] out Guid classID); } [ComImport, Guid("000214EA-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IPersistFolder : IPersist { void Initialize([In] IntPtr pidl); } [ComImport, Guid("1AC3D9F0-175C-11d1-95BE-00609797EA4F"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IPersistFolder2 : IPersistFolder { void GetCurFolder([Out] out IntPtr ppidl); } The operating system is not able to call the methods on my object implementation. When I'm debugging I can see the constructor of my IPersistFolder2 implementation is called many times, however the interface methods I've implemented aren't called. I'm implementing the IPersistFolder2 as follows: [Guid("A4603CDB-EC86-4E40-80FE-25D5F5FA467D")] public class PersistFolder: IPersistFolder2 { void IPersistFolder2.GetClassID(ref Guid classID) { ... } void IPersistFolder2.Initialize(IntPtr pidl) { ... } void IPersistFolder2.GetCurFolder(out IntPtr ppidl) { ... } } What seems strange is when I declare the COM interface imports as follow, it works: [ComImport, Guid("0000010c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] internal interface IPersist { void GetClassID([Out] out Guid classID); } [ComImport, Guid("000214EA-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] internal interface IPersistFolder : IPersist { new void GetClassID([Out] out Guid classID); void Initialize([In] IntPtr pidl); } [ComImport, Guid("1AC3D9F0-175C-11d1-95BE-00609797EA4F"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] internal interface IPersistFolder2 : IPersistFolder { new void GetClassID([Out] out Guid classID); new void Initialize([In] IntPtr pidl); void GetCurFolder([Out] out IntPtr ppidl); } I don't know why it works when I declare the COM interfaces that way (hidding the base interface methods using new). Maybe it is related to the way IUnknown works. Does anyone know what is the correct way of implementing COM interfaces in C# that inherits from other COM interfaces and why?

    Read the article

  • C# COM Cross Thread problem

    - by user364676
    Hi, we're developing a software to control a scientific measuring device. it provides a COM-Interface defines serveral functions to set measurement parameters and fires an event when it measured data. in order to test our software, i'm implementing a simulation of that device. the com-object runs a loop which periodically fires the event. another loop in the client app should now setup up the com-simulator using the given functions. i created a class for measuring parameters which will be instanciated when setting up a new measurement. // COM-Object public class MeasurementParams { public double Param1; public double Param2; } public class COM_Sim : ICOMDevice { public MeasurementParams newMeasurement; IClient client; public int NewMeasurement() { newMeasurment = new MeasurementParam(); } public int SetParam1(double val) { // why is newMeasurement null when method is called from client loop newMeasurement.Param1 = val; } void loop() { while(true) { // fire event client.HandleEvent; } } } public class Client : IClient { ICOMDevice server; public int HandleEvent() { // handle this event server.NewMeasurement(); server.SetParam1(0.0); } void loop() { while(true) { // do some stuff... server.NewMeasurement(); server.SetParam1(0.0); } } } both of the loops run in independent threads. when server.NewMeasurement() is called, the object on the server is set to a new instance. but in the next function, the object is null again. do the same when handling the server-event, it works perfectly, because the method runs in the servers thread. how to make it work from client-thread as well. as the client is meant to be working with the real device, i cannot modify the interfaces given by the manufactor. also i need to setup measurements independent from the event-handler, which will be fired not regulary. i assume this problem related to multithreaded-COM behavior but i found nothing on this topic.

    Read the article

  • COM Pointers and process termination

    - by Tony
    Can an unreleased COM pointer to an external process (still alive) cause that process to hang on destruction? Even with TerminateProcess called on it? Process A has a COM interface pointer reference to Process B, now Process B issues a TerminateProcess on A, if some COM interface pointer to Process B in Process A is not released properly, could it be that the process hangs on termination?

    Read the article

  • Centralised/shared COM DLL, possible?

    - by vikp
    Hi, We have a system that makes a use of 3rd party COM DLL written in vba We have a centralised web application and 1-50 client machines that must reference that COM DLL in order to use our centralised web application. The COM DLL is going to be updated rapidly in the future, which means that it has to be re-installed on every machine manually. Is it possible to centralise this COM DLL somwhere on the network? Is there any other alternatives? Otherwise the maintenance overhead will be huge... Thank you

    Read the article

  • Generate an ID via COM interop

    - by Erik van Brakel
    At the moment, we've got an unmaintanable ball of code which offers an interface to a third party application. The third party application has a COM assembly which MUST be used to create new entries. This process involves two steps: generate a new object (basically an ID), and update that object with new field values. Because COM interop is so slow, we only use that to generate the ID (and related objects) in the database. The actual update is done using a regular SQL query. What I am trying to figure out if it's possible to use NHibernate to do some of the heavy lifting for us, without bypassing the COM assembly. Here's the code for saving something to the database as I envision it: using(var s = sessionFactory.OpenSession()) using(var t = s.BeginTransaction()) { MyEntity entity = new MyEntity(); s.Save(entity); t.Commit(); } Regular NH code I'd say. Now, this is where it gets tricky. I think I have to supply my own implementation of NHibernate.Id.IIdentifierGenerator which calls the COM assembly in the Generate method. That's not a problem. What IS a problem is that the COM assembly requires initialisation, which does take a bit of time. It also doesn't like multiple instances in the same process, for some reason. What I would like to know is if there's a way to properly access an external service in the generator code. I'm free to use any technique I want, so if it involves something like an IoC container that's no problem. The thing I am looking for is where exactly to hook-up my code so I can access the things I need in my generator, without having to resort to using singletons or other nasty stuff.

    Read the article

  • COM on Windows7 and Visual Studio

    - by vikasde
    I registered a COM dll (under administrator) using regsvr32, which I want to use in Visual Studio 2008 (under administrator) for my project in Windows 7. Now, when I try to use the interfaces and classes from the COM, then I can't see any of the methods. When I use the object browser to view the COM classes, then I can see that they are all empty. However when I use the same COM on windows XP using VS2008, then all methods are suddenly available. Does anybody know why this is happening and how to get this working under Windows 7?

    Read the article

  • Does Scheme work with Microsoft COM?

    - by Martin
    I'm new to Scheme -- the functional programming language and I like it a lot for its first-class/higher-order functions. However, my data comes from a COM source with an object-oriented API. I know Scheme and COM belong to different programming paradigms, but I'm wondering if there is any interface or a way for Scheme to connect to a COM source? Thanks.

    Read the article

  • rich:tabPanel and problems when filed has required="true"

    - by JQueryNeeded
    Hello, Let's consider following, simplified example: we have 2 tabs withing , each tab has and at the moment we want to switch from one tab to another, and the inputText is empty (we dont want to submit value from it anyway, we want to go to another tab) we get "Validation Error: Value is required." the example code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:a4j="http://richfaces.org/a4j" xmlns:rich="http://richfaces.org/rich" > <a4j:form id="mainForm" reRender="mainForm" ajaxSubmit="true" > <rich:tabPanel switchType="ajax"> <rich:tab label="TabA" > <a4j:region> <h:outputText value="Tab A content" /> <h:inputText value="" required="true" /> </a4j:region> </rich:tab> <rich:tab label="TabB"> <a4j:region> <h:outputText value="Tab B content" /> <h:inputText value="" required="true" /> </a4j:region> </rich:tab> </rich:tabPanel> <rich:messages /> </a4j:form> </html>

    Read the article

  • Design Better, Rich Internet Applications

    As you know, Rich Internet Applications are web-based software programs that behave and operate like a desktop application. These may be delivered through a site-specific browser, a browser plug-in, or through other methods; they are especially useful for massively-multiplayer online role-playing games (MMORPGs). RIA training can be especially useful in learning the tools that are used for designing and developing these increasingly-necessary additions to Internet Web Sites.

    Read the article

  • SQL CLR Assembly Error 80131051 when late binding to a registered C# COM .dll

    - by Shanubus
    I must have hit an unusual one, because I can't find any reference to this specific failing anywhere... Scenario: I have a legacy SQL function used to transform(encrypt) data. This function is called from within many stored procedures used by multiple applications. I say this, because the obvious answer of 'just call it from your code' is not really an option (or at least one I'd prefer not explore). The legacy function used sp_OA with an ActiveX dll on SQL2000 to perform its work. The new function is targeted at SQL2008 x64. I am ditching the sp_OA call in favor of CLR assembly; and am getting rid of the ActiveX dll and using a COM+ .dll (3rd party) to perform the same work. This 3rd party COM+ is required to be used based on spec given to me, so can't get rid of this piece either. Problem: After multiple attempts at getting this to work I have eliminated the following approaches 1) Create a Sql Assembly to call the local COM+ directly -- Can't do this as it requires a reference to System.EnterpriseServices. Including this requires that a whole slew of unsupported assemblies be registered which I don't want. The COM+ requires it's methods to be accessed via an Interface, so my attempts at late binding to it directly have not been successful (late binding would allow me to drop the unsupported references). 2) Create a Sql Assembly which references a C# class library that then calls the COM+. -- Same issue as #1; since the referenced dll uses System.EnterpriseServices and will be added as a dependency when referenced in the Sql Assembly, again trying to load all the unsupported libraries 3) Create a Sql Assembly which late binds to an ActiveX COM dll that calls the COM+. -- Worked in my dev environment, but can't go to x64 in production with ActiveX dll's written in VB6 (not to mention I hate backtracking anyway)... again failure... I am now onto an approach that is almost working, with of course one last hangup. I now have -a Sql Assembly that late binds to a C# COM dll, eliminating the need for including System.EnterpriseServices and eliminating the need to reference the C# COM in the SqlAssembly itself. The C# COM does reference System.EnterpriseServices to call the COM+, but since I am late binding to it from the SqlAssembly, I bypass the need for Sql to actually load them as referenced assemblies. Works in debugger.. Works on my dev box when the SqlAssembly dll is referenced in a test console app and called directly Installs to Sql2008 just fine Executing the actual UDF works, but returns no data due to a failure reporting from the late bound dll! So the SqlAssembly is instanciated just fine. It actually fails on it's late binding to the C# COM, which is working from a test console app on the same machine. It appears to be a difference in behavior based on whether called from within the SQL UDF or not. Since it is working on the same box from my console app, I am assuming it's on the SQL side. My steps to install were. --Install the COM+ dll and ensure it can be called successfully (as from with in the console app) --Register the C# COM dll (which calls the COM+) and get it to the GAC (again proofed to be working from console app) --Create my Assymetric Key CREATE ASYMMETRIC KEY SqlCryptoKey FROM EXECUTABLE FILE = 'D:\SqlEx.dll' CREATE LOGIN SqlExLogin FROM ASYMMETRIC KEY SqlExKey GRANT UNSAFE ASSEMBLY TO SqlExLogin GO --Add the assembly CREATE ASSEMBLY SqlEx FROM 'D:\SqlEx.dll' WITH PERMISSION_SET = UNSAFE; GO --Create the function CREATE FUNCTION dbo.f_SqlEx( @clearText [nvarchar](512) ) RETURNS nvarchar(512) WITH EXECUTE AS CALLER AS EXTERNAL NAME SqlEx.[SqlEx.SqlEx].Ex GO With all that done, I can now call my function SELECT dbo.f_SqlEx('test') But get this error in the event log... Retrieving the COM class factory for component with CLSID {F69D6320-5884-323F-936A-7657946604BE} failed due to the following error: 80131051. I can't really provide direct code examples, due to internal security implications; but all the code itself seems to work, I am suspecting perms or something of the like... I just find it odd that I can't find any reference to error 80131051. If someone out there believe some 'indirect' code samples will help, I will be happy to provide. Any assistance is appreciated.

    Read the article

  • PHP: Why Cookies only sent to http://www.xxx.com and NOT http://xxx.com

    - by Axel
    Hi, I have a php login which sets 2 cookies once some one login. the problem is that if you login from : http://www.mydomain.com and you go to http://mydomain.com you will find your self not logged in, I think that's because the browser only send the cookies to the first syntax. It's only one domain, the difference is the www. before the domain name, so how to set cookies to the whole domain whatever there is www. or not ? <?php setcookie('username',$username,time()+3600); ?> Thanks

    Read the article

  • Mysql-how to update the "domain.com" in "[email protected]"

    - by w00t
    Hi there, In my database I have a lot of users who've misspelled their e-mail address. This in turn causes my postfix to bounce a lot of mails when sending the newsletter. Forms include (but are not limited to) "yaho.com", "yahho .com" etc. Very annoying! So i have been trying to update those record to the correct value. After executing select email from users where email like '%@yaho%' and email not like '%yahoo%'; and getting the list, I'm stuck because I do not know how to update only the yaho part. I need the username to be left intact. So I thought I would just dump the database and use vim to replace, but I cannot escape the @ symbol.. BTW, how do I select all email addresses written in CAPS? select upper(email) from users; would just transform everything into CAPS, whereas I just needed to find out the already-written-in-CAPS mails.

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Retrieving Data related to a top-level object from parse.com using PHP

    - by Albeert Tw
    I am retrieve related data using parse.com and PHP I get the top-leve object without problems but I can't access related data. ([myRelation] => stdClass Object ( [__type] => Relation [className] => other)) Please refer to my code below: $className = "myClass"; $url = 'https://api.parse.com/1/classes/' . $className; $appId = 'xxxxxx'; $restKey = 'xxxxxxx'; $relatedParams = urlencode('include=people'); $rest = curl_init(); curl_setopt($rest, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($rest, CURLOPT_URL, $url .'/io1GzkzErH/'.$relatedParams); curl_setopt($rest, CURLOPT_HTTPGET, true); curl_setopt($rest, CURLOPT_RETURNTRANSFER, true); curl_setopt($rest, CURLOPT_HTTPHEADER, array("X-Parse-Application-Id: " . $appId, "X-Parse-REST-API-Key: " . $restKey, "Content-Type: application/json")); $response = curl_exec($rest); echo $response; I want to see related objects into myRelation. Current answer is: I get this answer: stdClass Object ( [Altres] => loremipsum. [Cartell] => stdClass Object ( [__type] => File [name] => f29efff4-5db1-451a-ab42-7569fbb955a7-cartell.jpg [url] => loremipsum.jpg ) [CartellURL] => [Categoria] => Comedia [Durada] => 120min [Estat] => Al teatre [Final] => stdClass Object ( [__type] => Date [iso] => 2014-06-18T22:00:00.000Z ) [Inici] => stdClass Object ( [__type] => Date [iso] => 2014-04-25T22:00:00.000Z ) [Nom] => Losers [Prioritat] => 0 [Sala] => loremipsum [Sinopsis] => loremipsum [TrailerURL] => loremipsum.com [URLEntrada] => loremipsum.com [URLProductora] => http://www.loremipsum.com [Visible] => 1 [createdAt] => 2014-05-20T12:01:06.094Z [objectId] => io1GzkzErH [people] => stdClass Object ( [__type] => Relation [className] => persones ) [updatedAt] => 2014-05-20T12:07:22.758Z ) loremipsum But I need to know what are in [people] = stdClass Object ( [__type] = Relation [className] = persones )

    Read the article

  • Exposing C# COM server events to Delphi client applications

    - by hectorsosajr
    My question is very similar to these two: http://stackoverflow.com/questions/1140984/c-component-events http://stackoverflow.com/questions/1638372/c-writing-a-com-server-events-not-firing-on-client However, what worked for them is not working for me. The type library file, does not have any hints of events definitions, so Delphi doesn't see it. The class works fine for other C# applications, as you would expect. COM Server tools: Visual Studio 2010 .NET 4.0 Delphi applications: Delphi 2010 Delphi 7 Here's a simplified version of the code: /// <summary> /// Call has arrived delegate. /// </summary> [ComVisible(false)] public delegate void CallArrived(object sender, string callData); /// <summary> /// Interface to expose SimpleAgent events to COM /// </summary> [ComVisible(true)] [GuidAttribute("1FFBFF09-3AF0-4F06-998D-7F4B6CB978DD")] [InterfaceType(ComInterfaceType.InterfaceIsIDispatch)] public interface IAgentEvents { ///<summary> /// Handles incoming calls from the predictive manager. ///</summary> ///<param name="sender">The class that initiated this event</param> ///<param name="callData">The data associated with the incoming call.</param> [DispId(1)] void OnCallArrived(object sender, string callData); } /// <summary> /// Represents the agent side of the system. This is usually related to UI interactions. /// </summary> [ComVisible(true)] [GuidAttribute("EF00685F-1C14-4D05-9EFA-538B3137D86C")] [ClassInterface(ClassInterfaceType.None)] [ComSourceInterfaces(typeof(IAgentEvents))] public class SimpleAgent { /// <summary> /// Occurs when a call arrives. /// </summary> public event CallArrived OnCallArrived; public SimpleAgent() {} public string AgentName { get; set; } public string CurrentPhoneNumber { get; set; } public void FireOffCall() { if (OnCallArrived != null) { OnCallArrived(this, "555-123-4567"); } } } The type library file has the definitions for the properties and methods, but no events are visible. I even opened the type library in Delphi's viewer to make sure. The Delphi app can see and use any property, methods, and functions just fine. It just doesn't see the events. I would appreciate any pointers or articles to read. Thanks!

    Read the article

  • VB.Net plugin using Matlab COM Automation Server...Error: 'Could not load Interop.MLApp'

    - by Ben
    My Problem: I am using Matlab COM Automation Server to call and execute matlab .m files from a VB.Net plugin for a CAD program called Rhino 3D. The code works flawlessly when set up as a simple Windows Application in Visual Studio, but when I insert it (and make the requisite reference) into my .Net plugin and test it in the CAD program I get the following error: "Could not load file or assembly 'Interop.MLApp, Version 1.0.0.0, culture=neutral, PublicKeyToken=null' or one of its dependencies. the system cannot find the file specified." What I've Tried: I am baffled as to why this occurs, but I was able to contact the CAD program's technical support staff and they suggested that it has something to do with their DotNet SDK having trouble with references that are located far outside the CAD program directory. They didn't have any solutions so I tried playing around with copylocal and this made no difference. I tried using other COM libraries and the Open Office automation server works fine, although uses url's instead of requiring a reference. I also tested Excel, which does require a reference, and it returned the error: "retrieving the COM class factory for component with CLSID {...} failed due to the following error: 80040154." This may or may not be related to the issue with the Matlab COM reference, but I thought was worthwhile to share. Perhaps is there another way to reference Interop.MLApp? I would appreciate any suggestions or thoughts on how I might make the Matlab Interop.MLApp reference work. Best regards, Ben

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >