Search Results

Search found 27663 results on 1107 pages for 'input mode'.

Page 24/1107 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • Show default value for editing on Python input possible?

    - by kircheis
    Is it possible for python to accept input like this: Folder name: Download But instead of the user typing Download it is already there as a initial value. If the user wants to edit it as Downloads all he has to do is add a 's' and press enter. Using normal input command: folder=input('Folder name: ') all I can get is a blank prompt: Folder name: Is there a simple way to do this that I'm missing?

    Read the article

  • SPTI problem with Mode Select

    - by Bob Murphy
    I'm running into a problem in which an attempt to do a "Mode Select" SCSI command using SPTI is returning an error status of 0x02 ("Check Condition"), and hope someone here might have some tips or suggestions. The code in question is intended to work with at a custom SCSI device. I wrote the original support for it using ASPI under WinXP, and am converting it to work with SPTI under 64-bit Windows 7. Here's the problematic code - and what's happening is, sptwb.spt.ScsiStatus is 2, which is a "Check Condition" error. Unfortunately, the device in question doesn't return useful information when you do a "Request Sense" after this problem occurs, so that's no help. void MSSModeSelect(const ModeSelectRequestPacket& inRequest, StatusResponsePacket& outResponse) { IPC_LOG("MSSModeSelect(): PathID=%d, TargetID=%d, LUN=%d", inRequest.m_Device.m_PathId, inRequest.m_Device.m_TargetId, inRequest.m_Device.m_Lun); int adapterIndex = inRequest.m_Device.m_PathId; HANDLE adapterHandle = prvOpenScsiAdapter(inRequest.m_Device.m_PathId); if (adapterHandle == INVALID_HANDLE_VALUE) { outResponse.m_Status = eScsiAdapterErr; return; } SCSI_PASS_THROUGH_WITH_BUFFERS sptwb; memset(&sptwb, 0, sizeof(sptwb)); #define MODESELECT_BUF_SIZE 32 sptwb.spt.Length = sizeof(SCSI_PASS_THROUGH); sptwb.spt.PathId = inRequest.m_Device.m_PathId; sptwb.spt.TargetId = inRequest.m_Device.m_TargetId; sptwb.spt.Lun = inRequest.m_Device.m_Lun; sptwb.spt.CdbLength = CDB6GENERIC_LENGTH; sptwb.spt.SenseInfoLength = 0; sptwb.spt.DataIn = SCSI_IOCTL_DATA_IN; sptwb.spt.DataTransferLength = MODESELECT_BUF_SIZE; sptwb.spt.TimeOutValue = 2; sptwb.spt.DataBufferOffset = offsetof(SCSI_PASS_THROUGH_WITH_BUFFERS,ucDataBuf); sptwb.spt.Cdb[0] = SCSIOP_MODE_SELECT; sptwb.spt.Cdb[4] = MODESELECT_BUF_SIZE; DWORD length = offsetof(SCSI_PASS_THROUGH_WITH_BUFFERS,ucDataBuf) + sptwb.spt.DataTransferLength; memset(sptwb.ucDataBuf, 0, sizeof(sptwb.ucDataBuf)); sptwb.ucDataBuf[2] = 0x10; sptwb.ucDataBuf[16] = (BYTE)0x01; ULONG bytesReturned = 0; BOOL okay = DeviceIoControl(adapterHandle, IOCTL_SCSI_PASS_THROUGH, &sptwb, sizeof(SCSI_PASS_THROUGH), &sptwb, length, &bytesReturned, FALSE); DWORD gle = GetLastError(); IPC_LOG(" DeviceIoControl() %s", okay ? "worked" : "failed"); if (okay) { outResponse.m_Status = (sptwb.spt.ScsiStatus == 0) ? eOk : ePrinterStatusErr; } else { outResponse.m_Status = eScsiPermissionsErr; } CloseHandle(adapterHandle); } A few more remarks, for what it's worth: This is derived from some old ASPI code that does the "Mode Select" flawlessly. This routine opens \\.\SCSI<whatever> at the beginning, via prvOpenScsiAdapter(), and closes the handle at the end. All the other routines for dealing with the device do the same thing, including the routine to do "Reserve Unit". Is this a good idea under SPTI, or should the call to "Reserve Unit" leave the handle open, so this routine and others in the sequence can use the same handle? This uses the IOCTL_SCSI_PASS_THROUGH. Should "Mode Select" use IOCTL_SCSI_PASS_THROUGH_DIRECT instead? Thanks in advance - any help will be greatly appreciated.

    Read the article

  • Can I minimize VMWare Workstation from exclusive mode?

    - by Blorgbeard
    I am running a VM on two monitors, in fullscreen exclusive mode. I would like to be able to minimize the VM and mess around in the Host, then go back to the VM. I can do this by pressing CTRL+ALT to get out of fullscreen mode, but this puts the VM back onto a single monitor, which moves all my VM's windows back to the main virtual screen. This is annoying, because when I come back to the VM, I have to go back to multiple monitor mode, and move windows back to where they should be. Is there a way to temporarily escape from fullscreen exclusive mode, without disturbing multi-monitor layout? I should note that I'm only using exclusive mode to get rid of the popup toolbar that otherwise appears when your mouse gets too close to the top of the screen. If there's another way to kill that, please let me know. My host and guest are both Windows 7 x64, and I'm running VMWare Workstation 8.

    Read the article

  • How to easily input and display isolated japanese radicals on MacOS X?

    - by ogerard
    (This question was considered as off-topic on Japanese.SE and more suitable for SuperUser). I like to write computer notes about what I learn in Japanese. From time to time, I would like to be able to include in my text a given radical, say kokoro ?, which takes several graphic forms when used as an element in a more complex kanji, for instance . I did not succeed on my system (Mac OS X 10.7) to find the glyphs for these variants conveniently and exactly as I would like them (I would also be interested about how to do this on Windows 7 or Linux). I first tried the name of the kanji from which the radical is derived. Then I tried to use the japanese name for them, such as risshinben (as in ?) and shitagokoro (as in ?), hoping that the hiragana or katakana input would recognize them and propose me their representation, but it did not work. So I looked into the Full Japanese Character Table, under the "by radical" tab, and found at least a version of each of them : ? (CJK 5FC4) and ? (CJK 38FA) with the correct kun readings. I have them now as favorites but do I need to do that for all radicals? Do I need to register all of them in a user dictionary? I would imagine that I am not the only one who wants to do use them. Besides, the versions I have found are not suited for all occasions: they are centered on a standard kanji square. If I want them to appear near to a placeholder, or demonstrate their proportion to the rest of a typical kanji, I have to make complicated adjustments, depending on my use and the kind of radical. More generally are there computer tools for japanese dictionary editors and japanese teachers I could use on Mac OS X? (I could not add relevant tags such as : japanese or ideogram, please feel free to edit)

    Read the article

  • XBMC: Viewing podcasts in 'Library Mode'

    - by greggannicott
    I'm having a great time getting to know XBMC, and so far for the most part I've been really happy with the results. I was chuffed when I followed the advice on this SU post and added TWiT as a video podcast with ease. However, when I go into Library Mode I can no longer access the podcasts I've added. I realise that one simple work-around is to come out of Library Mode to view podcasts, but in order to keep everything as simple (and appealing) to my wife as possible I'd rather remain in Library Mode so that on the rare occasion she wants to watch a DVD, she can do so without my help. Does anyone know a way to display podcasts in library mode? If this isn't possible is there a more elegant solution/work-around to going back and forth between library mode? Many thanks.

    Read the article

  • Cannot boot to HDD or Optical when Motherboard in AHCI mode

    - by Shevek
    I have an Abit AB9 QuadGT motherboard and am trying to swap over to AHCI mode. I have an existing Windows 7 installation which was installed under IDE mode. I have set the msahci registry setting to 0. When I try to boot in AHCI mode I get "DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER". I have tried booting with my Win 7 DVD in the optical drive. There is 1 SSD (System), 1 HDD (Data) and 2 optical drives connected via SATA If I switch back to IDE mode everything boots fine, either from the SSD or from a CD or DVD in the optical drive. Why can't I use AHCI mode?

    Read the article

  • Unable to get to main screen and safe mode doesn't help.

    - by Link
    It is my friends computer so I am not very familiar with it, I am unable to get it to start. I can get to the logon screen but after entering the password there is an error (something to do with Roxio) and only the background loads. No Start menu, Taskbar or icons. If I boot it in safe mode it gets stuck on a black screen and don't even get the command prompt. I am confident that If I could get to the menu to edit startup programs then I could fix the problem... any Ideas?

    Read the article

  • How do I boot Windows 8 into Safe Mode?

    - by Earlz
    I have Windows 8 Enterprise x64. It's installed a virtual machine. After trying to update VMWare's guest extension it black screened. After resetting it, now the virtual machine won't boot. It just says "automatic repair couldn't repair your PC" Everything I do ends with an error or it coming back to this screen. If I go to Troubleshoot Advanced Options Start up settings and then go to Safe Mode, all it will do is say "preparing automatic repair" and then "diagnosing your PC" and then will come straight back to the "automatic repair couldn't repair your PC" screen. It's as if it doesn't even attempt to go into safe made. Is there anything else I can do before I reformat?

    Read the article

  • Emacs org-mode: how to avoid duplicate lines in agenda, when items is scheduled AND has deadline

    - by Martin
    Many of my TODO items in Emacs org-mode have a DEADLINE defined in the future (e. g. Friday) and are at the same time SCHEDULED today so that I already know I have to start working on this task. Then, this task will appear twice in my agenda. That's not nice but not necessarily a problem yet, but if then the task has assigned a time estimate for its duration and I go to column view with C-C C-X C-C to see how much time my tasks today will need, the time estimate for this task is counted twice, so e. g. if the time effort estimate is 2 hours, I'll have 4 hours in my daily agenda, as the item appears as well as scheduled today (or in the past) as also with its deadline in 3 days. How can I avoid counting an item twice?

    Read the article

  • How can I use target mode in Linux with USB?

    - by dash17291
    Kernel 3.5 introduces: This release includes a driver for using an IEEE-1394 connection as a SCSI transport. This enables to expose SCSI devices to other nodes on the Firewire bus, for example hard disk drives. It's a similar functionality to Firewire Target Disk Mode on many Apple computers. This release also adds a usb-gadget driver that does the same with USB. The driver supports two USB protocols are supported that is BBB or BOT (Bulk Only Transport) and UAS (USB Attached SCSI). BOT is advertised on alternative interface 0 (primary) and UAS is on alternative interface 1. Both protocols can work on USB 2.0 and USB 3.0. UAS utilizes the USB 3.0 feature called streams support. http://kernelnewbies.org/Linux_3.5 I have an Arch Linux with kernel 3.5.3-1 and wanna try out this feature.

    Read the article

  • How do I boot into console mode (redux)

    - by Leo Simon
    I'm running Ubuntu 12.04. This question was asked some time ago How do I disable the boot splash screen? but the answers didn't work for me. The standard way to boot into console mode used to be to edit /etc/default/grub and set GRUB_CMDLINE_LINUX_DEFAULT="text" This worked fine until I ran the fix proposed in https://help.ubuntu.com/community/SoundTroubleshootingProcedure in order to get sound to work. Since then, I have disabled the boot-splash-screen, but I can avoid what I presume is the lightdm login prompt screen. All I want to do is disable this gui and be prompted with a console login prompt. (Shouldnt be so hard should it???) I read in three 33416 mentioned above that there was a bug in lightdm (it wasn't recognizing "text" properly as an option for GRUB_CMDLINE_LINUX_DEFAULT.) But this discussion happened more than a year ago, and it's surely been fixed. Yet my lightdm is uptodate (so I'm told when I try to update it with apt-get). As suggested in one of the above, I tried sudo update-rc.d -f lightdm remove which resulted in a hung machine. I managed to recover using recovery mode, but now I still get the gui again. Another suggestion is to edit /etc/init/lightdm.override. I've done this and set it to "manual" as suggested, but lightdm simply ignores this. Could somebody suggest how to proceed please? Thanks very much, Leo

    Read the article

  • WP E Commerce Safe Mode restriction error [on hold]

    - by Mustafa Kamal
    I have my online shop, created with WP Ecommerce getting broken after I moved it to another server. I could be sure that the problem comes from WP Ecommerce because when I disable that plugin. Everything run as expected. This is the exact error message Warning: session_start() [function.session-start]: SAFE MODE Restriction in effect. The script whose uid is 515 is not allowed to access /tmp owned by uid 0 in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17 Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: files (path: ) in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17 I've tried to turn off safe mode on my php configuration. nothing happens. the error's still there. I thought it was some kind of permission issue, so I tried to change /tmp permission to 777. Nothing happens. I googled it some more and suspect it might have something to do with fastCGI configuration and stuff. Which I totally don't understand. My googling result mostly suggest me to consult the web hosting provider or even to move to another host. But in this case, I am the owner of the server (VPS with cPanel/WHM). And I don't have any idea how to solve this kind of problem.

    Read the article

  • How to disable "N" Wireless Mode RTL8192 (Thinkpad Edge 15 Core i5) in natty

    - by Gustavo Rubio
    I've seen many owners of thinkpad edges which are supossed to be linux-friendly having problems with wireless adapter. I've found several links inside askubuntu and in ubuntuforums which have a lot of work-arounds for those problems, mine seems to be wierd though. I use my laptop on both my office and at home. At home I have a router which is A/B/G and here at home the wireless connection works just fine, using a WEP key. But in work I have a B/G/N wireless router and it doesn't work, my guess is that this adapter works with N modes but somehow this is buggy in the bundled driver in natty. I've tried to disable the "N" mode in the router but that didn't work. Later I went to realtek website, downloaded their driver and compiled myself, kinda seems to work most of the time but sometimes some websites keep trying to load or load just parts of it and images start to look like their links are broken and so on, much like what you get when you were loading a page and suddenly the connection is lost. This problem, as I said, is only using the realtek driver from their website. Dmesg gives me this a lot of these: [ 5869.049454] rtl8192se_update_ratr_table: ratr_index=0 ratr_table=0x00000ff5 [ 5879.240563] DHCP pkt src port:68, dest port:67!! So I thougth I might as well switch back to the original driver which seems to work just fine on A/B/G wireless networks but not on N networks so if anybody knows how to disable that mode from within the driver please let us know :) Thanks in advance! PS: I do found a link to a similar question and it was answered but let me remind you I'm NOT using the intel version of wireless for my thinkpad but the realtek (RTL8192SvB)

    Read the article

  • Design mode in Visual studio 2010 sp1 beta

    - by anirudha
    in MVC3 razor we found that their is no way to watch the design in Visual studio as well we can see aspx file by going to design mode. their is a little trick to solve this issue first is that if you have Expression web or Vs 2008 then open the file on them how see here in expression web 4 you need to add the extension .cshtml and open them as html as we open other. in Visual studio 2008 you need to add the extension .cshtml and set them open as html. well their is no big trouble if design not worked. but in some case when you need to get this issue solved this need to be work for configuration do this: Expression Web 4 > tools > application options > configure editor > click on new extension icon show in exact left put the cshtml in the window they show you and choose expression web [open as html] after that you can see the design in expression web. by default Expression web not have cshtml as known extension so you need to do that to add them because without it they never handle cshtml file and refer them to Visual studio. after setting this you  EW4 open the cshtml file as html and show you design in design mode. in Visual studio 2008 you can use same trick to solve this issue just follow this step > options > text editors > file extension put cshtml in textbox and set the option html editor from dropdown and click on add and ok this will open your cshtml file as html.

    Read the article

  • Using MVC with a retained mode renderer

    - by David Gouveia
    I am using a retained mode renderer similar to the display lists in Flash. In other words, I have a scene graph data structure called the Stage to which I add the graphical primitives I would like to see rendered, such as images, animations, text. For simplicity I'll refer to them as Sprites. Now I'm implementing an architecture which is becoming very similar to MVC, but I feel that that instead of having to create View classes, that the sprites already behave pretty much like Views (except for not being explicitly connected to the Model). And since the Model is only changed through the Controller, I could simply update the view together with the Model in the controller, as in the example below: Example 1 class Controller { Model model; Sprite view; void TeleportTo(Vector2 position) { model.Position = view.Position = position; } } The alternative, I think, would be to create View classes that wrap the sprites, make the model observable, and make the view react to changes on the model. This seems like a lot of extra work and boilerplate code, and I'm not seeing the benefits if I'm just going to have one view per controller. Example 2 class Controller { Model model; View view; void TeleportTo(Vector2 position) { model.Position = position; } } class View { Model model; Sprite sprite; View() { model.PropertyChanged += UpdateView; } void UpdateView() { sprite.Position = model.Position; } } So, how is MVC or more specifically, the View, usually implemented when using a retained-mode renderer? And is there any reason why I shouldn't stick with example 1?

    Read the article

  • hd0 out of disk error results to low graphics mode

    - by msPeachy
    Yesterday, I have reinstalled Ubuntu due to a error: hd0 out of disk on boot. Everything went fine, I've installed apps, perform updates and upgraded the kernel. I've even restarted it a few times just to check if I would encounter boot issues and was glad that everything was working perfectly, then powered it down. The next morning when I boot, I got this error: hd0 out of disk error. Press any key to continue... again! After pressing a key, it took 10 minutes for the Ubuntu logo to appear with it's 5 dots. After another 5 minutes, Ubuntu started checking the disk and displayed a message that / has errors, I pressed F to fix the errors. After which Ubuntu tells me that /tmp is not yet ready for mounting so I pressed S to skip mounting it, then Ubuntu restarted. On boot I saw the error: hd0 out of disk error. Press any key to continue... again. This time it took only a minute for the Ubuntu logo to appear and after another minute a dialog box appeared with the following message: The system is running in low-graphics mode. Your screen, graphics card, and input settings could not be detected correctly. You will have to configure these yourself. What would you like to do? Run in low-graphics mode for just one session Reconfigure graphics Troubleshoot the error Exit to console login Whichever option I choose I ended up with a console prompt: grub-editenv: error: cannot read the file /boot/grub/grubenv. _ I can't do anything on this console, whatever I type nothing happens. I've rebooted several times and I get same error every time. I don't quite understand what is wrong with Ubuntu or with my installation. I've encountered this hd0 out of disk error several times already and always ended up reinstalling. I'd really really appreciate it if you guys can help me fix this. Thank you and good day.

    Read the article

  • Ubuntu 13.04 can only work in recovery mode

    - by zhangyangyu
    I have just updated my 12.10 to 13.04. Everything is updated. But I can only boot to a black screen. I mean after the GRUB interface and purple screen. And I can hear the voice of the password interface. But it is only the black screen. It all works OK in 12.10. But it can work in the recovery mode. I mean go into the recovery mode and choose resume. And then everything is OK. But when loading kernel, the screen is dirty. I don't know why and I have Googled a lot. But no resolutions works. My graphics card is Intel GMA HD 4000, tested as VESA: Intel® Sandybridge/Ivybridge Graphics. I have been trapped in this for a whole day. I do need help. Hope someone can help me. By the way, the kernel is 3.8.0-19 if it helps.

    Read the article

  • Monitor dectecs wrong display mode

    - by user292449
    I am running into an issue with 14.04. I have two monitors. the fist one is a 19 inch LG that runs off DVI at 1440x900. It seems to function just fine. The second is a 23 inch LG that should run at 1920x1200. It has been plugged in with both a HDMI to HDMI cable and a DVI to HDMI cable. It seems to be stuck in "I am displaying for a DVD player in 1080p mode" or some such. I had this issue with windows a long long time ago and eventually it just went away. I can set the screen display to 1920x1200 with the generic X drivers but I am a gamer and would like to use the Nvidia drivers since they deliver better performance. When I switch to the Nvidia driver I can set the resolution to 1920x1200 but the screen seems to be up and to the left with a black border down and to the right. If I switch back to the default X driver after this the screen remains stuck in the up and to the left mode. Any help would be wonderful.

    Read the article

  • Restricting Input in HTML Textboxes to Numeric Values

    - by Rick Strahl
    Ok, here’s a fairly basic one – how to force a textbox to accept only numeric input. Somebody asked me this today on a support call so I did a few quick lookups online and found the solutions listed rather unsatisfying. The main problem with most of the examples I could dig up was that they only include numeric values, but that provides a rather lame user experience. You need to still allow basic operational keys for a textbox – navigation keys, backspace and delete, tab/shift tab and the Enter key - to work or else the textbox will feel very different than a standard text box. Yes there are plug-ins that allow masked input easily enough but most are fixed width which is difficult to do with plain number input. So I took a few minutes to write a small reusable plug-in that handles this scenario. Imagine you have a couple of textboxes on a form like this: <div class="containercontent"> <div class="label">Enter a number:</div> <input type="text" name="txtNumber1" id="txtNumber1" value="" class="numberinput" /> <div class="label">Enter a number:</div> <input type="text" name="txtNumber2" id="txtNumber2" value="" class="numberinput" /> </div> and you want to restrict input to numbers. Here’s a small .forceNumeric() jQuery plug-in that does what I like to see in this case: [Updated thanks to Elijah Manor for a couple of small tweaks for additional keys to check for] <script type="text/javascript"> $(document).ready(function () { $(".numberinput").forceNumeric(); }); // forceNumeric() plug-in implementation jQuery.fn.forceNumeric = function () { return this.each(function () { $(this).keydown(function (e) { var key = e.which || e.keyCode; if (!e.shiftKey && !e.altKey && !e.ctrlKey && // numbers key >= 48 && key <= 57 || // Numeric keypad key >= 96 && key <= 105 || // comma, period and minus key == 190 || key == 188 || key == 109 || // Backspace and Tab and Enter key == 8 || key == 9 || key == 13 || // Home and End key == 35 || key == 36 || // left and right arrows key == 37 || key == 39 || // Del and Ins key == 46 || key == 45) return true; return false; }); }); } </script> With the plug-in in place in your page or an external .js file you can now simply use a selector to apply it: $(".numberinput").forceNumeric(); The plug-in basically goes through each selected element and hooks up a keydown() event handler. When a key is pressed the handler is fired and the keyCode of the event object is sent. Recall that jQuery normalizes the JavaScript Event object between browsers. The code basically white-lists a few key codes and rejects all others. It returns true to indicate the keypress is to go through or false to eat the keystroke and not process it which effectively removes it. Simple and low tech, and it works without too much change of typical text box behavior.© Rick Strahl, West Wind Technologies, 2005-2011Posted in JavaScript  jQuery  HTML  

    Read the article

  • Observer Pattern Implementation

    - by user17028
    To teach myself basic game programming, I am going to program a clone of Pong. I will use the Observer design pattern, with an interface between the input and the game engine. However, I'm not sure what the interface should do. One idea I had was for the input interface to tell the game engine that (e.g.) the screen was clicked, then to let the game engine decide what to do with that information (shoot a bullet, for example). Another idea I had was for the input interface, having caught the mouse click, to tell the game engine to shoot a bullet. Which method would be better for me to use?

    Read the article

  • Mixed Mode C++ DLL function call failure when app launched from network share. Called from unmanage

    - by Steve
    Mixed-mode DLL called from native C application fails to load: An unhandled exception of type 'System.IO.FileLoadException' occurred in Unknown Module. Additional information: Could not load file or assembly 'XXSharePoint, Version=0.0.0.0, Culture=neutral, PublicKeyToken=e0fbc95fd73fff47' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417) My environment is: Native C application calling a mixed mode C++ DLL, which then loads a C# DLL.. This works correctly when loaded from a local drive, but when launched from a network drive, it fails with the above messages. The call to LoadLibrary succeeds, as does the GetProcAddress. The load error happens when I call the function. I have digitally signed the C application, and I've performed "strong name" signing on the 2 DLLs. The PublickKeyToken in the message above does match the named DLL. I have also issued the CASPOLcommands on my client to grant FullTrust to that strong name keytoken. When that failed to work, I tried the CASPOL command to grant FullTrust to the URL of the network drive (including path to my application's directory); no change in results. I tried removing all dependencies, so that there was just the initial mixed-mode DLL... I replaced the bodies of all the functions with just a return of a "success" integer value. Results unchanged. Only when I changed it from Mixed Mode to Win32, and changed the Configuration Properties General Common Language Runtime Support from "Common Language Runtime Support" to "No Common Language Runtime Support" did calling the DLL produce the expected result (just returned the "success" integer return value).

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • SQL SERVER – Change Database Access to Single User Mode Using SSMS

    - by pinaldave
    I have previously written about how using T-SQL Script we can convert the database access to single user mode before backup. I was recently asked if the same can be done using SQL Server Management Studio. Yes! You can do it from database property (Write click on database and select database property) and follow image. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, SQL, SQL Authority, SQL Query, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Html5 Input Validation Presentation

    - by srkirkland
    Last week I gave a presentations to the 2011 UC Davis IT Security Symposium that covered input validation features in HTML5.  I mostly discussed the following three topics: New Html5 Input Types (like <input type=”email” />) Html5 Constraints (like <input type=”text” required maxlength=”8” />) Polyfills The slides only cover part of the story since there are a few “live demos.”  You can find all of the demo code on my github repository https://github.com/srkirkland/ITSecuritySymposium.  You’ll need ASP.NET Mvc 3 installed to run them. The slides are also available in my GitHub repository, but I’ve also added them to slideshare as well because that’s what the cool kids do: http://www.slideshare.net/srkirkland/data-validation-in-web-applications. I believe the presentation was well received and most people learned something, so I just wanted to share.  When loading up the Html5 demo just click on the Html5 tab and go through each example. Enjoy!   [Examples from the Slides and Demos]  

    Read the article

  • dash width after screen rotation (tablet mode)

    - by St.W.
    I use a convertible thinkpad (x201t) and magick-rotation to rotate the screen by 90 degrees in tablet mode. Therefore after rotation the screen's width is only 800 points (the ordinary resolution is 1200x800). The Dash does not adapt to this new state and therefore if I click on it, it is oversized and I cannot reach the applications/files/buttons on its side. Is there a way to tell the Dash that it should only ever use a width of 800 pixels, or any other solution to automatically adapt its size when rotating?

    Read the article

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >