Search Results

Search found 3195 results on 128 pages for 'doc'.

Page 19/128 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • create record in LOV's Popup's

    - by raghu.yadav
    In this post we see ways to present create record options in LOV's popup's.Referring the doc http://download.oracle.com/docs/cd/E12839_01/web.1111/b31973/af_lov.htmwhat doc says about create action: The popup dialog from within an inputListOfValues component or the optional search popup dialog in the inputComboboxListOfValues component also provides the ability to create a new record. For the inputListOfValues component, when the createPopupId attribute is set on the component, a toolbar component with a commandToolbarButton is displayed with a create icon. At runtime, a commandToolbarButton component appears in the LOV popup dialog,

    Read the article

  • Keeping up with New Releases

    - by Jeremy Smyth
    You can keep up with the latest developments in MySQL software in a number of ways, including various blogs and other channels. However, for the most correct (if somewhat dry and factual) information, you can go directly to the source.  Major Releases  For every major release, the MySQL docs team creates and maintains a "nutshell" page containing the significant changes in that release. For the current GA release (whatever that is) you'll find it at this location: https://dev.mysql.com/doc/mysql/en/mysql-nutshell.html  At the moment, this redirects to the summary notes for MySQL 5.6. The notes for MySQL 5.7 are also available at that website, at the URL http://dev.mysql.com/doc/refman/5.7/en/mysql-nutshell.html, and when eventually that version goes GA, it will become the currently linked notes from the URL shown above. Incremental Releases  For more detail on each incremental release, you can have a look at the release notes for each revision. For MySQL 5.6, the release notes are stored at the following location: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/ At the time I write this, the topmost entry is a link for MySQL 5.6.15. Each linked page shows the changes in that particular version, so if you are currently running 5.6.11 and are interested in what bugs were fixed in versions since then, you can look at each subsequent release and see all changes in glorious detail. One really clever thing you can do with that site is do an advanced Google search to find exactly when a feature was released, and find out its release notes. By using the preceding link in a "site:" directive in Google, you can search only within those pages for an entry. For example, the following Google search shows pages within the release notes that reference the --slow-start-timeout option:     site:http://dev.mysql.com/doc/relnotes/mysql/ "--slow-start-timeout" By running that search, you can see that the option was added in MySQL 5.6.5 and also rolled into MySQL 5.5.20.   White Papers Also, with each major release you can usually find a white paper describing what's new in that release. In MySQL 5.6 there was a "What's new" whitepaper at this location: http://www.mysql.com/why-mysql/white-papers/whats-new-mysql-5-6/ You'll find other white papers at: http://www.mysql.com/why-mysql/white-papers/ Search the page for "5.6" to see any papers dealing specificallly with that version.

    Read the article

  • Tips On Using The Service Contracts Import Program

    - by LuciaC
    Prior to release 12.1 there was no supported way to import contracts into the EBS Service Contracts application - there were no public APIs nor contract load programs provided.  From release 12.1 onwards the 'Service Contracts Import Program' is provided to load service contracts into the application. The Service Contracts Import functionality is explained in How to Use the Service Contracts Import Program - Scope and Limitations (Doc ID 1057242.1).  This note includes an attached document which explains the program architecture, shows the Entity Relationship Diagram and details the interface table definitions. The Import program takes data from the interface tables listed below and populates the contracts schema tables:  OKS_USAGE_COUNTERS_INTERFACE OKS_SALES_CREDITS_INTERFACEOKS_NOTES_INTERFACEOKS_LINES_INTERFACEOKS_HEADERS_INTERFACEOKS_COVERED_LEVELS_INTERFACEThese interface tables must be loaded via a custom load program.The Service Contracts Import concurrent request is then submitted to create contracts from this legacy data. The parameters to run the Import program are:  Parameter Description  Mode Validate only, Import  Batch Number Batch_Id (unique id populated into the OKS_HEADERS_INTERFACE table)  Number of Workers Number of workers required (these are spawned as separate sub-requests)  Commit size Represents number of successfully processed contracts commited to database The program spawns sub-requests for the import worker(s) and the 'Service Contracts Import Report'.  The data is validated prior to import and into the Contracts tables and will report errors in the Service Contracts Import Report program output file (Import Execution Report).  Troubleshooting tips are provided in R12.1 - Common Service Contract Import Errors (Doc ID 762545.1); this document lists some, but not all, import errors.  The document will be updated over time.  Additional help is given in Debugging Tip for Service Contracts Import Errors (Doc ID 971426.1).After you successfully import contracts, you can purge the records from the interface tables by running the Service Contracts Import Purge concurrent program. Note that there is no supported way to mass delete data from the Contracts schema tables once they are populated, so data loaded by the Import program must be fully tested and verified before the program is run to load data into a Production system.A Service Contracts Import Test program has been provided which will take an existing contract in the application and load the interface tables using the data from that contract.  This can be used as an example for guidance on how to load the interface tables.  The Test program functionality is explained in How to Use the Service Contracts Test Import Program Provided in Release 12.1 (Doc ID 761209.1).  Note that the Test program has some limitations which do not apply to the full Import program and is not a supported program, it is simply a testing tool.  

    Read the article

  • What does your Technical Documentation look like?

    - by Rachel
    I'm working on a large project and I would like to put together some technical documentation for other members of the team and for new programmers joining the project. What sort of documentation should I have? Just /// code comments or some other file(s) explaining the architechure and class design? I've never really done documentation except the occasional word doc to go with smaller apps, and I think this project is too large to doc in a single word file.

    Read the article

  • OBIEE 11.1.1.7.1 Common Issues

    - by p.anda
    (in via Debbie) Wanting more information on an issue with Oracle Business Intelligence Enterprise Edition (OBIEE) installation or upgrade? Two new Knowledge Articles have been made available providing a compilation of Common Issues encountered with OBIEE Upgrades and/or Installations Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.7 Doc ID 1572697.1 Common Issues Encountered with Upgrades Doc ID 1572680.1 Common Issues Encountered with Installation For the official installation, administration and user guides download via: Oracle Documentation Library - OBIEE Wanting to know more?  Visit the My Oracle Support "Business Intelligence" Communities: OBIEE | Certifications For BI | BI Patch Review

    Read the article

  • Is MongoDB a good choice or not for my application?

    - by shubham
    I have a Reporting application which stores the reports in xml format as recieved from source (XML schema is not defined, it can be any format) and those reports contain some keys and values. Like jobid, setid be keys for 1 type of report and userid, groupId for another type of report etc. The type of keys that can be referred from the document is determined by the namespaces used in the xml doc. These keys are stored on the basis of namespace used in the xml document. For e.g. If a tag in xml fragment uses namespace= "myspace1", then I have keys A and B for myspace1 stored in another table. It will fetch those keys from that table for this namespace, look for their values in xml doc and store it in another table along with the pointer to this xml document (Id of a record storing complete xml document in a cell). Use cases: When the user comes and queries for that key and value, I return the document or a set of documents that are having those key/value pairs. When the user comes and queries for a certain key and provide a name for xslt (pre stored), I fetch the set of documents fulfilling that criteria and convert that xml to html with the specified xslt. When the user comes and asks for a particular fragment of a doc then it can fetch a subset from a particular document also. When the user comes and queries for top x values of a certain key, I return the set of documents that are having top 10 values of that key. I am using DB2 database for its support of xml along with relational capabilities. That makes easier for me to run xpath expressions and fetch values of keys and also aggregate a set of documents fullfilling a criteria, all on the database side. Problems: DB2 stores XML doc of upto 2GB in size. Retrieval is very slow. If some thing involves many documents, then it takes significant time for things to show up in browser, and the user has to wait. Can MongoDb help in this case, as it is document oriented? can I do xml related xpath queries and document transformations on db side? Or is it ok to use both in such a case?

    Read the article

  • Tax Deducted At Source (TDS) for India Localizations

    - by LuciaC
    Do you have questions about TDS (Tax deducted at source) for India Localizations or want to know the latest information about this functionality? See Doc ID 1546099.1 TDS Tax Deduction at Source for India - Master Troubleshooting Guide. The document includes sections with the following information: Documentation and Setup of Tax Deduction at Source – this section contains a presentation with the configuration steps for the TDS feature Resolving errors – this section contains recommended patches and documents with solutions for specific errors Frequently asked questions  – See also our new FAQ Doc ID 1549522.1 for frequently asked questions about TDS.

    Read the article

  • Maintenance Wizard -????

    - by Steve He(???)
    ?????Oracle EBS ??????????????????????????????????????,?????????????Maintenance Wizard ???E-Business Suite??????????????????,????????????????????EBS?????????????????????EBS??????????? ?????????????????????2000?????,???????Maintenance Wizard???????7?????????????????????????????? ?,??,Maintenance Wizard???????,????Oracle???????,??????????????????????????Oracle???! ??????: ?????????????????? ??????????,??????,????????? ?????? ????????,???????????,?????????????????? ??????????? ????????,??????????,?????????? ???????:?? Doc ID 215527.1 ????Maintenance Wizard?????? Doc ID 430732.1 ???????

    Read the article

  • More about E-Business Suite Certifications

    - by Sadia2
    E-Business Suite certifications contained in My Oracle Support are modeled at the suite-level only. All products packaged within the Rapid Install release bundle follow the certification for that E-Business Suite release. Platform-specific certification exceptions are documented in the Installation and Upgrade Notes for each platform, available as links from the following Oracle Applications Documentation Resources notes: Oracle Applications Documentation Resources, Release 12 (Doc ID 394692.1) Oracle Applications Documentation Resources, Release 12.1 (Doc ID 790942.1)

    Read the article

  • ??:Oracle Payment????????????

    - by Steve He(???)
    Oracle????????Payment(IBY)?PPR committing data?Payables?missing corresponding payments????????BUG? ????????BUG?????,???????????????????? ?2???????????????? ????,??R12/12.1 Payments ??????????2???: a) Patch 11699958: R12: Error during PPR Leads to Incomplete Data Commit and Inconsistent Status (Doc ID 1338425.1)b) Patches 15867522: Confirmed PPR Batches Show Payment Initiated - Data Exist Only in IBY Tables (Doc ID 1506611.1)

    Read the article

  • rpm file conflict after alien conversion

    - by Zitrax
    I have a program for which I generate a .deb file. The .deb file works fine on the systems I have tried it on (also tested with lintian). Previously it has worked to use alien to convert this to .rpm and install it on Suse. However it is now about a year since I tried it the last time and now I get an error when trying to install the alien made rpm on Fedora 11, I get this error: file /usr/share/icons/default.kde from install of testpkg-0.2-2.i386 conflicts with file from package kdelibs3-3.5.10-13.fc11.1.i586 Listing the content of the rpm file: $ rpm -qlp testpkg-0.2-2.i386.rpm / /usr /usr/games /usr/games/testpkg /usr/lib /usr/lib/libfmod-3.75.so /usr/share /usr/share/app-install /usr/share/app-install/icons /usr/share/app-install/icons/testpkg.png /usr/share/applications /usr/share/applications/testpkg.desktop /usr/share/doc /usr/share/doc/testpkg /usr/share/doc/testpkg/changelog.gz /usr/share/doc/testpkg/copyright /usr/share/games /usr/share/games/testpkg /usr/share/games/testpkg/images /usr/share/games/testpkg/images/bb.dat /usr/share/games/testpkg/images/bb_bg.dat /usr/share/games/testpkg/images/bubblemad_8x8.png /usr/share/games/testpkg/images/goldfont.png /usr/share/games/testpkg/lvl /usr/share/games/testpkg/lvl/lvl001.txt /usr/share/games/testpkg/lvl/lvl002.txt /usr/share/games/testpkg/lvl/lvl003.txt /usr/share/games/testpkg/lvl/lvl004.txt /usr/share/games/testpkg/lvl/lvl005.txt /usr/share/games/testpkg/lvl/lvl006.txt /usr/share/games/testpkg/lvl/lvl007.txt /usr/share/games/testpkg/music /usr/share/games/testpkg/music/alfa.it /usr/share/games/testpkg/music/beta.it /usr/share/games/testpkg/sounds /usr/share/games/testpkg/sounds/bounce.wav /usr/share/games/testpkg/sounds/click.wav /usr/share/games/testpkg/sounds/warning.wav /usr/share/icons /usr/share/icons/default.kde /usr/share/icons/default.kde/16x16 /usr/share/icons/default.kde/16x16/apps /usr/share/icons/default.kde/16x16/apps/testpkg.png /usr/share/man /usr/share/man/man6 /usr/share/man/man6/testpkg.6.gz Am I wrong in putting the kde icons in /usr/share/icons/default.kde which seem to be a symbolic link ? It's a symbolic link on both Kubuntu 9.10 and Fedora 11 though. Sounds like a common situation that the same directory is needed for different packages, so why is it a conflict ?

    Read the article

  • Getting AWStats to work in Ubuntu 12.04

    - by koogee
    I'm new to apache and i'm trying to set up AWStats on my ubuntu 12.04 server. I've followed the guide at Ubuntu docs https://help.ubuntu.com/community/AWStats I set it up according to the instructions and awstats is able to generate initial stats from apache log successfully. I placed the links to awstats in the default virtual host file. However when I try to run http://server-ip-address:8080/awstats/awstats.pl, I get: Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats. Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory). Here is my /etc/apache2/sites-available/default file: <VirtualHost *:8080> ServerAdmin webmaster@localhost DocumentRoot /home/saad/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/saad/www/> Options Indexes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> Alias /awstatsclasses "/usr/share/awstats/lib/" Alias /awstats-icon "/usr/share/awstats/icon/" Alias /awstatscss "/usr/share/doc/awstats/examples/css" ScriptAlias /awstats/ /usr/lib/cgi-bin/ Options ExecCGI -MultiViews +SymLinksIfOwnerMatch ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> The only three variables I edited in /etc/awstats/awstats.conf are: LogFile="/var/log/apache2/access.log" SiteDomain="server-name.noip.org" HostAliases="localhost 127.0.0.1 server-name.no-ip.org" The apache server works fine and i'm able to access other pages stored on the server. Any guidance would be welcome.

    Read the article

  • Solr dataimporthandler problem import data latin

    - by Alvin
    I'm using Solr 1.4 and Tomcat6. DB mysql 5.1 store data latin. when i run dataimporthandler this data = view data in solr admin error font. <doc> <str name="id">295</str> <str name="subject">Tuấn Tú</str> - ...<arr name="title"> <str>tunt721</str> </arr> </doc> True data view : <doc> <str name="id">295</str> <str name="subject">Tu?n Tú</str> - ...<arr name="title"> <str>tunt721</str> </arr> </doc> help me fix problem. Many thanks

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • How to activate SSL(HTTPS) in Glassfish 3.0 embedded API?

    - by Crazy Doc
    We are implementing an application with a webservice as component and decided to use the Glassfish 3.0 embedded distri to provide the webservice. And it works. We need a SSL(HTTPS) connection to the webservice, but we didn't find any documentation or hint how to activate it programmatically via the embedded API. Thus we tried to configure the embedded Glassfish via domain.xml, what has a listener configured with SSL. And the port is reachable but only without SSL. The embedded Glassfish seem to ignore the configuration to activate SSL for the port. Has anyone experience in configuring embedded Glassfish with SSL?

    Read the article

  • AutoScaleMode problems with changed default font

    - by Doc Brown
    Hi, I have some problems with the Form.AutoScaleMode property together with fixed size controls, when using a non-default font. I boiled it down to a simple test application (WinForms 2.0) with only one form, some fixed size controls and the following properties: class Form1 : Form { // ... private void InitializeComponent() { // ... this.AutoScaleDimensions = new System.Drawing.SizeF(96F, 96F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Dpi; this.Font = new System.Drawing.Font("Tahoma", 9.25F); // ... } } Under 96dpi, Windows XP, the form looks correctly like this 96 dpi example. Under 120 dpi, Windows XP, the the Windows Forms autoscaling feature produces this 120 dpi example. As you can see, groupboxes, buttons, list or tree views are scaled correctly, multiline text boxes get too big in the vertical axis, and a fixed size label does not scale correctly in both vertical and horizontal direction. Seems to be bug in the .NET framework? Using the default font (Microsoft Sans Serif 8.25pt), this problem does not occur. Using AutoScaleMode=Font (with adequate AutoScaleDimensions, of course) either does not scale at all or scales exactly like seen above, depending on when the Font is set (before or after the change of AutoScaleMode). The problem is not specific to the "Tahoma" Font, it occurs also with Microsoft Sans Serif, 9.25pt. And yes, i already read this SO post http://stackoverflow.com/questions/2114857/high-dpi-problems but it does not really help me. Any suggestions how to come around this? EDIT: I changed my image hoster, hope this one works better. EDIT2: Some additional information about my intention: I have about 50 already working fixed size dialogs with several hundreds of properly placed, fixed size controls. They were migrated from an older C++ GUI framework to C#/Winforms, that's why they are all fixed-size. All of them look fine with 96 dpi using a 9.25pt font. Under the old framework, scaling to 120 dpi worked fine - all fixed size controls scaled equal in both dimensions. Last week, we detected this strange scaling behaviour under WinForms when switching to 120 dpi. You can imagine that most of our dialogs now look very bad under 120 dpi. We are looking for a solution that avoids a complete redesign all those dialogs.

    Read the article

  • WinForms: finding the size of a minimized form without going to FormWindowState.Normal

    - by Doc Brown
    Is there an easy way to determine the size of a Form it does have in WindowState=Normal, without actually changing the Form state? Here is what I do now (C# code): public class MyForm: Form { public void MyMethod() { // ... FormWindowState oldState = this.WindowState; this.WindowState = FormWindowState.Normal; Point windowLocation = this.Location; Size windowSize = this.Size; this.WindowState = oldState; // ... } } This is what I would like the code to look like: public class MyForm: Form { public void MyMethod() { // no state change here Point windowLocation = this.NormalStateLocation; Size windowSize = this.NormalStateSize; } } In fact there are no NormalStateLocation or NormalStateSize properties in Windows Forms.

    Read the article

  • Allowing optional variables with Rewrite Cond

    - by James Doc
    I currently have the following code: RewriteCond %{REQUEST_URI} !assets/ RewriteCond %{REQUEST_URI} !uploads/ RewriteRule ^([a-z|0-9_&;=-]+)/([a-z|0-9_&;=-]+) index.php?method=$1&value=$2 [NC,L] This works perfectly to redirect 'page/home' to 'index.php?method=page&value=home. However at some points I need to add an extra variable or two to the query string such as 'admin/useraccounts/mod/2'. When I simply tack on bits to the end of the rewrite rule it works if all the variables are 'page/home/rand/rand' or 'admin/useraccounts/mod/2', but if anything is missing such as 'page/home' I get a 404. What am I doing wrong? Many thanks.

    Read the article

  • htaccess rewrite issue while testing on localhost

    - by James Doc
    I'm running OSX (10.6) with Apache with .htaccess enabled. In the htaccess file I have the code: Options +FollowSymlinks RewriteEngine on RewriteRule ^page/([A-Z0-9._%+-]+) index.php?page=$1 [NC] This runs perfectly on my external server and redirects nicely to index.php?page=whatever However when testing locally from localhost/~james/In%20Progress/Vila%20Maninga/page/whatever I get redirected to localhost/~james/Users/James/Sites/In%20Progress/Vila%20Maninga/index.php?page=whatever. For some reason 'Users/James/Sites/' is being added. Does anyone why this is happening and how to prevent it? Many thanks, James

    Read the article

  • Binary Search Tree node removal

    - by doc
    I've been trying to implement a delete function for a Binary Search Tree but haven't been able to get it to work in all cases. This is my latest attempt: if(t->get_left() == empty) *t = *t->get_left(); else if(t->get_right() == empty) *t = *t->get_right(); else if((t->get_left() != empty) && (t->get_right() != empty)) { Node* node = new Node(t->get_data(), t->get_parent(), t->get_colour(), t->get_left(), t->get_right()); *t = *node; } t is a node and empty is just a node with nothing in it. I'm just trying to swap the values but I'm getting a runtime error. Any ideas? Thanks

    Read the article

  • PHP: How to search a file using wildcards

    - by doc
    I need to read a file in PHP, but I only know the end of the filename, so I need to serch the file in a given directory using wildcards: *filename.wav and then return it to the browser. Is there a function to do that? or I need to get all the files in the directory and then search one by one? Thanks for all the comments and help.

    Read the article

  • WiX, how to prevent files from uninstalling though we forgot to set Permanent="yes"

    - by Doc Brown
    We have a product installer created with Wix, containing a program package ("V1") and some configuration files. Now, we are going to make a major upgrade with a new product code, where the old version of the product is uninstalled and "V2" is installed. What we want is to save one of the configuration files from uninstalling, since it is needed for the V2, too. Unfortunately, we forgot to set the Permanent="yes" option when we delivered V1 (read this question for more information). Here comes the question: is there an easy way of preventing the uninstall of the file anyhow? Of course, we could add a custom action to the script to backup the file before uninstallation, and another custom action to restore it afterwards, but IMHO that seems to be overkill for this task, and might interfere with other parts of the MSI registration process.

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >