Search Results

Search found 17209 results on 689 pages for 'input sanitization'.

Page 13/689 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Automatically change Sound Input Output device

    - by Senthil Kumaran
    I have to plugin my USB Audio adapter ( 4300054 Gigawire USB Audio Adapter) for audio input because has a combo-input-output port for voice. After I do this, I have go open Sound Settings and manually select the USB Audio adapter for Input and Output, if I do not, the system default remains selected. Is there anyway, I can make Ubuntu to automatically select the USB Audio Adapter as the default as soon as I plug-in?

    Read the article

  • Windows Randomly Stop Accepting Input from Bluetooth Keyboard

    - by dragonmantank
    I've got a laptop running Ubuntu 11.10 with the most recent updates and an Apple Wireless Keyboard that syncs via bluetooth. The Ubuntu box is also a Synergy server, using QuickSynergy to run Synergy. I'm using xmodmap to swap the option and command keys, but nothing else. Throughout the day, windows that are long running will just stop accepting input. For example, I leave gnome-terminal up and running almost 24 hours a day. If it sits for a while, it just stops accepting input. It doesn't matter if I'm ssh'd into another machine or sitting on a local tty session, it just stops accepting input. If I open a new tab or window, those work fine. The 'broken' tabs stay broken. I'm also running Turpial (a Twitter client) which will do that same thing. I tend to use the arrow keys to navigate, and it just stops accepting input. Closing it and reopening it causes it to work fine. I don't seem to have the problem in Chrome, but I tend to open up new tabs when I go somewhere instead of using existing tabs. I've updated all the packages, rebooted, and the only thing that seems to cure it is if I type on the built-in keyboard, the window will start to accept text from the bluetooth keyboard (until it stops again). I don't think the keyboard is disassociating from the laptop because it can happen while I'm using the keyboard, it seems more linked with windows that I sit for a long time. As an example, I'm typing in Chrome with the bluetooth keyboard but I have a terminal window that won't accept input.

    Read the article

  • What game systems exist which uses camera input?

    - by Marc Pilgaard
    The group and I is in the middle of a semester project where we are currently researching on which game systems are using camera as input or as an interactive medium? We would like some help listing some of the game systems which uses camera input, as it seems hard to find other examples. Currently we know that webcam browser games uses camera input (Newgrounds webcam games), as well as the xbox kinect. I know this questions seems rather vague, though I still hope some people is capable of helping.

    Read the article

  • Triple buffering causes input lag?

    - by user782220
    Consider some time in between two vsyncs. Suppose the first display buffer is being used to display the current image, and suppose the game was really fast and computed and rendered the next image to the second display buffer and the next one after that to the third display buffer. That is the rendering to the second and third display buffer happens so fast that it occurs before the next vsync. Suppose input from the user comes in now. What you would like is for the results of the input to show up on the next vsync or (probably more typical) the vsync after that. However, with the third display buffer already rendered the input can only effect the image after that. Meaning the input will only take effect at best 3 vsyncs later. I wish i had an image to show the exact timings of what I mean.

    Read the article

  • Validating User Input with ASP.NET 3.5

    In the first part of this three-part series explaining the basics of user input validation in ASP.NET 3.5 you were introduced to the concepts of user input validation and saw a sample configuration of the RequiredFieldValidator web controls. In this part you will learn about several types of input validation web controls and their methods of configuration.... Charter Business Bundle? Get High Speed Internet & Telephone for Only $99/Monthly. Limited-Time Offer!

    Read the article

  • Multiple Input Validation vulnerabilities in kerberos

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-1528 Improper Input Validation vulnerability 7.8 Kerberos Solaris 11.1 11.1 CVE-2011-1529 Improper Input Validation vulnerability 7.8 CVE-2011-4151 Improper Input Validation vulnerability 7.8 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • I want to create a simple function to reset all input values without target input. (Javascript, Jque

    - by question_about_the_problem
    Hi, I want to create a simple function to reset all input values without target input. I don't know how i can do it. Thanks. Here is my sample codes: <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> <script> function reset_other_inputs(room) { $("input[name^='check_in_date_']").each(function () { if ( $("input[name!='check_in_date_'+room]") ) { this.val(""); } }); $("input[name^='check_out_date_']").each(function () { if ( $("input[name!='check_out_date_'+room]") ) { this.val(""); } }); } </script> <input type="text" name="check_in_date_single" value="single" onClick="reset_other_inputs('single');"> <input type="text" name="check_out_date_single" value="single" onClick="reset_other_inputs('single');"> <input type="text" name="check_in_date_double" value="double" onClick="reset_other_inputs('double');"> <input type="text" name="check_out_date_double" value="double" onClick="reset_other_inputs('double');"> <input type="text" name="check_in_date_triple" value="triple" onClick="reset_other_inputs('triple');"> <input type="text" name="check_out_date_triple" value="triple" onClick="reset_other_inputs('triple');"> <input type="text" name="check_in_date_suite" value="suite" onClick="reset_other_inputs('suite');"> <input type="text" name="check_out_date_suite" value="suite" onClick="reset_other_inputs('suite');">

    Read the article

  • What can an effective workflow for changing input methods be on Mac OS X?

    - by Martin Josefsson
    I switch between three languages input methods frequently, sometimes in the same typing session. The default shortcut on a Macintosh seems to be to set keyboard shortcuts for previous/next language (I hit opt-cmd-space to go to previous language) and if you're more than bi-lingual you have to cycle until you find the one for you. The ideal would be something like hitting fn-e for English, fn-j for Japanese and fn-g for German, but anything better than the current state would be a great improvement.

    Read the article

  • Adding value to an Input field on click

    - by Wazdesign
    I have this structure on form, <input type="test" value="" id="username" /> <span class="input-value">John Smith</span> <a href="#" class="fill-input">Fill Input</a> when user click on the Fill Input , the data from span which has class input-value will be added to value, after clicking a tag the code should be look like this, <input type="test" value="john Smith" id="username" /> <span class="input-value">John Smith</span> <a href="#" class="fill-input">Fill Input</a> there are many forms element/input on the single page.

    Read the article

  • Adding valut to Input field on click

    - by Wazdesign
    I have this structure on form, <input type="test" value="" id="username" /> <span class="input-value">John Smith</span> <a href="#" class="fill-input">Fill Input</a> when user click on the Fill Input , the data from span which has class input-value will be added to value, after clicking a tag the code should be look like this, <input type="test" value="john Smith" id="username" /> <span class="input-value">John Smith</span> <a href="#" class="fill-input">Fill Input</a> there are many forms element/input on the single page. thanks!

    Read the article

  • How to capture input parameters from within stored procedure (SQL Server 2005)?

    - by Duncan
    I would like to create a generic logging solution for my stored procedures, allowing me to log the values of input parameters. Currently I am doing this more or less by hand and I am very unhappy with this approach. Ideally, I would like to say something like the following: "given my spid, what are my input parameters and their values?" This is the same information exposed to me when I run SQL Profiler -- the stored procedure's name, all input params and all input VALUES are listed for me. How can I get my hands on these values from within a stored procedure? Thanks; Duncan

    Read the article

  • How to get the form parent of an input?

    - by ropstah
    Hi, i need to get a reference to the FORM parent of an INPUT when I only have a reference to that INPUT. Is this possible with javascript (or else jQuery) ? function doSomething(element) { //element is input object //how to get reference to form? } This doesn't work: var form = $(element).parents('form:first'); alert($(form).attr("name"));

    Read the article

  • What's the difference between the input type "text" and "password" in an html form?

    - by Domingo
    Hi everybody, this question might seem stupid, but here's the situation: I'm trying to create an auto login page for my mail using jquery's post request, but it's not working, it works with all other pages except with webmail. So, trying to figure out what was wrong, I recreated the login form, here's the code: <form id="form1" name="form1" method="post" action="https://login.hostmonster.com/"> <label>User <input type="text" name="login" id="user" /> </label> <label>Pass <input name="password" type="password" id="pass" /> </label> <input name="doLogin" type="submit" id="doLogin" value="Login"> </form> The strange thing is when you change the input type of pass to text, the form doesn't work! I can't figure out why. Anyway, if you can tell me what's the real difference between the input type text and password (and not what it says everywhere on the net that the only difference is that when you type stars appear instead of characters) I would appreciate it. Also, do you think this is affecting my jquery's post? Here's the code for it: $j.post('https://login.hostmonster.com/', { login: '[email protected]', password: 'xxx' }, function(data, text){ if (text=='success') { alert('Success '+data); } else { alert('Failed'); } }); Thanks a lot! Regards, D

    Read the article

  • Asking for input without stopping the script in python.

    - by ImTooStupidForThis
    I am (trying) to make a simple IRC client in python (as kind of a project while I learn the language). I have a loop that I use to receive and parse what the IRC server sends me, but if I use raw_input to input stuff, it stops the loop dead in its tracks until I input something (obviously). How can I input something without the loop stopping? Thanks in advance. (I don´t think I need to post the code, I just want to input something without the while 1 loop stopping.)

    Read the article

  • Show default value for editing on Python input possible?

    - by kircheis
    Is it possible for python to accept input like this: Folder name: Download But instead of the user typing Download it is already there as a initial value. If the user wants to edit it as Downloads all he has to do is add a 's' and press enter. Using normal input command: folder=input('Folder name: ') all I can get is a blank prompt: Folder name: Is there a simple way to do this that I'm missing?

    Read the article

  • How to easily input and display isolated japanese radicals on MacOS X?

    - by ogerard
    (This question was considered as off-topic on Japanese.SE and more suitable for SuperUser). I like to write computer notes about what I learn in Japanese. From time to time, I would like to be able to include in my text a given radical, say kokoro ?, which takes several graphic forms when used as an element in a more complex kanji, for instance . I did not succeed on my system (Mac OS X 10.7) to find the glyphs for these variants conveniently and exactly as I would like them (I would also be interested about how to do this on Windows 7 or Linux). I first tried the name of the kanji from which the radical is derived. Then I tried to use the japanese name for them, such as risshinben (as in ?) and shitagokoro (as in ?), hoping that the hiragana or katakana input would recognize them and propose me their representation, but it did not work. So I looked into the Full Japanese Character Table, under the "by radical" tab, and found at least a version of each of them : ? (CJK 5FC4) and ? (CJK 38FA) with the correct kun readings. I have them now as favorites but do I need to do that for all radicals? Do I need to register all of them in a user dictionary? I would imagine that I am not the only one who wants to do use them. Besides, the versions I have found are not suited for all occasions: they are centered on a standard kanji square. If I want them to appear near to a placeholder, or demonstrate their proportion to the rest of a typical kanji, I have to make complicated adjustments, depending on my use and the kind of radical. More generally are there computer tools for japanese dictionary editors and japanese teachers I could use on Mac OS X? (I could not add relevant tags such as : japanese or ideogram, please feel free to edit)

    Read the article

  • Restricting Input in HTML Textboxes to Numeric Values

    - by Rick Strahl
    Ok, here’s a fairly basic one – how to force a textbox to accept only numeric input. Somebody asked me this today on a support call so I did a few quick lookups online and found the solutions listed rather unsatisfying. The main problem with most of the examples I could dig up was that they only include numeric values, but that provides a rather lame user experience. You need to still allow basic operational keys for a textbox – navigation keys, backspace and delete, tab/shift tab and the Enter key - to work or else the textbox will feel very different than a standard text box. Yes there are plug-ins that allow masked input easily enough but most are fixed width which is difficult to do with plain number input. So I took a few minutes to write a small reusable plug-in that handles this scenario. Imagine you have a couple of textboxes on a form like this: <div class="containercontent"> <div class="label">Enter a number:</div> <input type="text" name="txtNumber1" id="txtNumber1" value="" class="numberinput" /> <div class="label">Enter a number:</div> <input type="text" name="txtNumber2" id="txtNumber2" value="" class="numberinput" /> </div> and you want to restrict input to numbers. Here’s a small .forceNumeric() jQuery plug-in that does what I like to see in this case: [Updated thanks to Elijah Manor for a couple of small tweaks for additional keys to check for] <script type="text/javascript"> $(document).ready(function () { $(".numberinput").forceNumeric(); }); // forceNumeric() plug-in implementation jQuery.fn.forceNumeric = function () { return this.each(function () { $(this).keydown(function (e) { var key = e.which || e.keyCode; if (!e.shiftKey && !e.altKey && !e.ctrlKey && // numbers key >= 48 && key <= 57 || // Numeric keypad key >= 96 && key <= 105 || // comma, period and minus key == 190 || key == 188 || key == 109 || // Backspace and Tab and Enter key == 8 || key == 9 || key == 13 || // Home and End key == 35 || key == 36 || // left and right arrows key == 37 || key == 39 || // Del and Ins key == 46 || key == 45) return true; return false; }); }); } </script> With the plug-in in place in your page or an external .js file you can now simply use a selector to apply it: $(".numberinput").forceNumeric(); The plug-in basically goes through each selected element and hooks up a keydown() event handler. When a key is pressed the handler is fired and the keyCode of the event object is sent. Recall that jQuery normalizes the JavaScript Event object between browsers. The code basically white-lists a few key codes and rejects all others. It returns true to indicate the keypress is to go through or false to eat the keystroke and not process it which effectively removes it. Simple and low tech, and it works without too much change of typical text box behavior.© Rick Strahl, West Wind Technologies, 2005-2011Posted in JavaScript  jQuery  HTML  

    Read the article

  • Observer Pattern Implementation

    - by user17028
    To teach myself basic game programming, I am going to program a clone of Pong. I will use the Observer design pattern, with an interface between the input and the game engine. However, I'm not sure what the interface should do. One idea I had was for the input interface to tell the game engine that (e.g.) the screen was clicked, then to let the game engine decide what to do with that information (shoot a bullet, for example). Another idea I had was for the input interface, having caught the mouse click, to tell the game engine to shoot a bullet. Which method would be better for me to use?

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Html5 Input Validation Presentation

    - by srkirkland
    Last week I gave a presentations to the 2011 UC Davis IT Security Symposium that covered input validation features in HTML5.  I mostly discussed the following three topics: New Html5 Input Types (like <input type=”email” />) Html5 Constraints (like <input type=”text” required maxlength=”8” />) Polyfills The slides only cover part of the story since there are a few “live demos.”  You can find all of the demo code on my github repository https://github.com/srkirkland/ITSecuritySymposium.  You’ll need ASP.NET Mvc 3 installed to run them. The slides are also available in my GitHub repository, but I’ve also added them to slideshare as well because that’s what the cool kids do: http://www.slideshare.net/srkirkland/data-validation-in-web-applications. I believe the presentation was well received and most people learned something, so I just wanted to share.  When loading up the Html5 demo just click on the Html5 tab and go through each example. Enjoy!   [Examples from the Slides and Demos]  

    Read the article

  • Implementing a switch statement based on user input

    - by Dave Voyles
    I'm trying to delay the time it takes for the main menu screen to pop up after a user has won / lost a match. As it stands, the game immediately displays a message stating "you won / lost" and waits for 6 seconds before loading the menu screen. I would also like players to have the ability to press a key to advance to the menu screen immediately but thus far my switch statement doesn't seem to do the trick. I've included the switch statement, along with my (theoretical) inputs. What could I be doing wrong here? if (gamestate == GameStates.End) switch (input.IsMenuDown(ControllingPlayer)) { case true: ScreenManager.AddScreen(new MainMenuScreen(), null); // Draws the MainMenuScreen break; case false: if (screenLoadDelay > 0) { screenLoadDelay -= gameTime.ElapsedGameTime.TotalSeconds; } ScreenManager.AddScreen(new MainMenuScreen(), null); // Draws the MainMenuScreen break; } /// <summary> /// Checks for a "menu down" input action. /// The controllingPlayer parameter specifies which player to read /// input for. If this is null, it will accept input from any player. /// </summary> public bool IsMenuDown(PlayerIndex? controllingPlayer) { PlayerIndex playerIndex; return IsNewKeyPress(Keys.Down, controllingPlayer, out playerIndex) || IsNewButtonPress(Buttons.DPadDown, controllingPlayer, out playerIndex) || IsNewButtonPress(Buttons.LeftThumbstickDown, controllingPlayer, out playerIndex); }

    Read the article

  • Input prediction and server re-simultaion

    - by Lope
    I have read plenty of articles about multiplayer principles and I have basic client-server system set up. There is however one thing I am not clear on. When player enters input, it is sent to the server and steps back in time to check if what should have happened at the time of that input and it resimulates the world again. So far everything's clear. All articles took shooting as an example, because it is easy to explain and it is pretty straightforward, but I believe movement is more complicated. Imagine following situation: 2 players move towards each other. A------<------B Player A stops halfway towards the collision point, but there is lag spike so the command does not arrive on the server for a second or so. Current state of the world on the server (and on the other clients as well) at the time when input arrives is this: [1]: -------AB------- The command arrives and we go back in time and re-simulate the world, the result is this: [2]: ---AB----------- Player A sees situation [2] which is correct, but the player is suddenly teleported from the position in [1] (center) to the position in [2]. Is this how this is supposed to work? Point of the client prediction is to give lagged player feeling that everything is smooth, not to ruin experience for other players. Alternative is to discard timestamp on the player's input and handle it when it arrives on the server without going back in time. This, however, creates even more severe problems for lagged player (even if he is lagging just a bit)

    Read the article

  • javascript: how to make input selected

    - by Syom
    i have to use the following function, to change the input's type <input class="input" id="pas" type="text" name="password" style="color: #797272;" value= "<?php if ($_POST[password] != '') {echo '';} else {echo '????????';}?>" onclick="if (this.value =='????????') { this.value=''; this.style.color='black'; change(); }" /> <script type="text/javascript"> function change() { var input=document.getElementById('pas'); var input2= input.cloneNode(false); input2.type='password'; input.parentNode.replaceChild(input2,input); } </script> it works fine, but i have to reclick on input, because it creates a new input. so what can i do, if i want it to create a new input with cursor in it? thanks

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >