Search Results

Search found 58 results on 3 pages for 'htmldocument'.

Page 3/3 | < Previous Page | 1 2 3 

  • Disposing underlying object from finalizer in an immutable object

    - by Juan Luis Soldi
    I'm trying to wrap around Awesomium and make it look to the rest of my code as close as possible to NET's WebBrowser since this is for an existing application that already uses the WebBrowser. In this library, there is a class called JSObject which represents a javascript object. You can get one of this, for instance, by calling the ExecuteJavascriptWithResult method of the WebView class. If you'd call it like myWebView.ExecuteJavascriptWithResult("document", string.Empty).ToObject(), then you'd get a JSObject that represents the document. I'm writing an immutable class (it's only field is a readonly JSObject object) called JSObjectWrap that wraps around JSObject which I want to use as base class for other classes that would emulate .NET classes such as HtmlElement and HtmlDocument. Now, these classes don't implement Dispose, but JSObject does. What I first thought was to call the underlying JSObject's Dispose method in my JSObjectWrap's finalizer (instead of having JSObjectWrap implement Dispose) so that the rest of my code can stay the way it is (instead of having to add using's everywhere and make sure every JSObjectWrap is being properly disposed). But I just realized if more than two JSObjectWrap's have the same underlying JSObject and one of them gets finalized this will mess up the other JSObjectWrap. So now I'm thinking maybe I should keep a static Dictionary of JSObjects and keep count of how many of each of them are being referenced by a JSObjectWrap but this sounds messy and I think could cause major performance issues. Since this sounds to me like a common pattern I wonder if anyone else has a better idea.

    Read the article

  • Excel 2010 VBA code is stuck when UserForm is shown

    - by Denis
    I've created a UserForm as a progress indicator while a web query (using InternetExplorer object) runs in the background. The code gets triggered as shown below. The progress indicator form is called 'Progerss'. Private Sub Worksheet_Change(ByVal Target As Range) If Target.Row = Range("B2").Row And Target.Column = Range("B2").Column Then Progress.Show vbModeless Range("A4:A65535").ClearContents GetWebData (Range("B2").Value) Progress.Hide End If End Sub What I see with this code is that the progress indicator form pops up when cell B2 changes. I also see that the range of cells in column A gets cleared which tells me that the vbModeless is doing what I want. But then, somewhere within the GetWebData() procedure, things get hung up. As soon as I manually destroy the progress indicator form, the GetWebData() routine finishes and I see the correct results. But if I leave the progress indicator visible, things just get stuck indefinitely. The code below shows what GetWebData() is doing. Private Sub GetWebData(ByVal Symbol As String) Dim IE As New InternetExplorer 'IE.Visible = True IE.navigate MyURL Do DoEvents Loop Until IE.readyState = READYSTATE_COMPLETE Dim Doc As HTMLDocument Set Doc = IE.document Dim Rows As IHTMLElementCollection Set Rows = Doc.getElementsByClassName("financialTable").Item(0).all.tags("tr") Dim r As Long r = 0 For Each Row In Rows Sheet1.Range("A4").Offset(r, 0).Value = Row.Children.Item(0).innerText r = r + 1 Next End Sub Any thoughts?

    Read the article

  • Cannot reach reach jQuery (in parent document ) from IFRAME

    - by Michael Joyner
    I have written a backup program for SugarCRM. My program sets a iframe to src=BACKUP.PHP My backup program sends updates to parent window with: echo "<script type='text/javascript'>parent.document.getElementById('file_size').value='".fileSize2human(filesize($_SESSION['archive_file_name']))."';parent.document.getElementById('file_count').value=".$_SESSION['archive_file_count'].";parent.document.getElementById('description').innerHTML += '".$log_entry."\\r\\n';parent.document.getElementById('description').scrollTop = parent.document.getElementById('description').scrollHeight;</script>"; echo str_repeat( ' ', 4096); flush(); ob_flush(); I have added a JQUERY UI PROGRESS BAR and I need to know how I update the progress bar on the parent window. I tried this: $percent_complete = $_SESSION['archive_file_count'] / $_SESSION['archive_total_files']; echo "<script type='text/javascript'>parent.document.jquery('#progressbar').animate_progressbar($percent_complete); </script>"; ......... and get this error in browser. Uncaught TypeError: Object [object HTMLDocument] has no method 'jquery' HOW CAN I UPDATE THE PROGRESS BAR IN PARENT DOCUMENT FROM THE IFRAME?

    Read the article

  • Windowsless property is not working in Firefox ONLY

    - by lmenaria
    Hello, I have created a simple silverlight application to display some text at realtime from xml. The text display using HTML DIV tag. I have added plugin property windowless=true, enablehtmlaccess=true,background=transparent. On Silverlight I have added a Button "Continue" at Top & Bottom, which shows some message on that click. Silverlight Plugin resize based in XML contents. My code : MainPage.xaml: MainPage.xaml.cs: Creating HTML DIV on Application Start using : HtmlDocument _document = HtmlPage.Document; HtmlElement iDIV = _document.CreateElement("DIV"); iDIV.SetAttribute("id", "divHTMLViewer"); iDIV.SetStyleAttribute("position", "absolute"); iDIV.SetStyleAttribute("z-index", "1"); iDIV.SetStyleAttribute("display", "INLINE"); iDIV.SetStyleAttribute("top", "100px"); iDIV.SetStyleAttribute("height", "0px"); iDIV.SetStyleAttribute("width", "96%"); iDIV.SetStyleAttribute("left", "15px"); iDIV.SetStyleAttribute("text-align", "justify"); HtmlElement body = _document.GetElementsByTagName("BODY")[0] as HtmlElement; body.RemoveChild(iDIV); body.AppendChild(iDIV); Set the XML text : HtmlElement divHTMLViewer = HtmlPage.Document.GetElementById("divHTMLViewer"); sText = sText.Replace("<", "<").Replace(">", ""); divHTMLViewer.SetStyleAttribute("display", "none"); divHTMLViewer.SetStyleAttribute("width", "96%"); divHTMLViewer.SetStyleAttribute("top", "100px"); divHTMLViewer.SetStyleAttribute("left", "15px"); divHTMLViewer.RemoveStyleAttribute("color"); divHTMLViewer.RemoveStyleAttribute("fontSize"); divHTMLViewer.SetProperty("innerHTML", sText); divHTMLViewer.SetStyleAttribute("display", "INLINE"); setSilverlightControlHeight(UILAYOUT.INSTRUCTIONS); Silverlight Plugin size increase code : isilverlightControlHost.SetStyleAttribute("height", HtmlPage.Window.Eval("document.documentElement.scrollHeight").ToString() + "px"); isilverlightControlHost.SetStyleAttribute("position", "absolute"); All these code is working fine in Internet Explorer, Crome & Safari but "Continue" not visible in FIREFOX ONLY. So is there any issue with this code ? Code Sample :http://lm-bucket-for-forum-post.s3.amazonaws.com/HtMLViewerSilverLight.zip working sample : Just replace ".zip" with "TestPage.html" in above URL. Please let me know how can I solve it ? Thanks in advance, Laxmilal Menaria

    Read the article

  • VBA WinHTTPRequest and submitting forms

    - by Hazerider
    Hi. I spent all day yesterday trying to figure out how to submit a form using WinHTTPRequest. I can do it pretty easily with an InternetExplorer object, but the problem is that I need to save a PDF file that gets returned, and I am not sure how to do this with the IE object. Here is the relevant HTML code snippet: <div class="loginHome-left"> <fieldset> <h3>Log in Using</h3> <form> <label for="standardLogin" accesskey="s"> <input name="useLogin" id="standardLogin" value="standard" type="radio" checked="true">Standard Login</label> &nbsp; <label for="rsaSecurID" accesskey="r"> <input name="useLogin" value="rsaSecur" type="radio" id="rsaSecurID" onclick="redirectLogin('ct_logon_securid');return false;">RSA SecurID</label> &nbsp; <label for="employeeNTXP" accesskey="e"> <input name="useLogin" id="employeeNTXP" value="employee" type="radio" onclick="redirectLogin('ct_logon_external_nt');return false; "> Employee Windows Login<br></label> </form> <br> <div class="error">Error: ...</div><br> <form onSubmit="if(validate(this)) {formSubmit();} return false;" name="passwdForm" method="post" action="/UAB/ct_logon"> <input value="custom" name="pageId" type="hidden"> <input value="custom" name="auth_mode" type="hidden"> <input value="/UAB/ct_logon" name="ct_orig_uri" type="hidden"> <INPUT VALUE="" NAME="orig_url" TYPE="hidden"> <input value="" name="lpSp" type="hidden"> <label for="user"> <strong>Username</strong> </label> <input autocomplete="off" name="user" type="text" value="" class="txtFld" onkeypress="return handleEnter(this, event);"> <br> <label for="EnterPassword"> <strong>Password</strong>&nbsp;&nbsp;(<a tabindex="-1" href="/UAB/BCResetWithSecrets">Forgot Your Password?</a>) </label> <input autocomplete="off" name="password" type="password" class="txtFld" onkeypress="return handleEnter(this, event);"> <INPUT id="rememberLogin" name="lpCookie" type="checkbox"> <label for="rememberLogin">Remember My Login Information</label><br> </form> <div class="right"> <br> <input type="image" src="/BC_S/images/bclogin/btn_login.gif" name="" value="Submit" onClick="if(validate(document.forms['passwdForm'])){formSubmit();}return false;"> </div> <div class="clearfix"></div> </fieldset> </div> In order to log in through InternetExplorer, I do the following: Sub TestLogin() Dim ie As InternetExplorer, doc As HTMLDocument, form As HTMLFormElement, inp As Variant Set ie = New InternetExplorer ie.Visible = True ie.navigate "https://URL of the login page" Do Until ie.readyState = READYSTATE_COMPLETE Loop Set doc = ie.document For Each form In doc.forms If InStr(form.innerText, "Password") <> 0 Then form.elements("user").Value = "my_name" form.elements("password").Value = "my_password" Exit For Else End If Next 'This is the unnamed input with an image that is used to submit the form' doc.all(78).Click ie.navigate "https://url of the PDF" Do Until ie.readyState = READYSTATE_COMPLETE Loop Dim filename As String, filenum As Integer filename = "somefile.pdf" filenum = FreeFile Open filename For Binary Access Write As #filenum Write #filenum, doc.DocumentElement.innerText Close #filenum ie.Quit Debug.Print Set ie = Nothing End Sub What I really would like to do is something along the lines of the following: Sub TestLogin3() Dim whr As New WinHttpRequest, postData As String whr.Open "POST", "https://live.barcap.com/UAB/ct_logon", False whr.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" whr.setRequestHeader "Connection", "Keep-Alive" whr.Send whr.WaitForResponse postData = "user=paschom1&password=change01" 'Or the following?' postData = "user=paschom1&password=change01&orig_url=&pageId=custom&auth_mode=custom&ct_orig_uri=/BC/dispatcher&lpSp=&lpCookie=off" whr.Send postData whr.WaitForResponse Debug.Print whr.responseText End Sub It just refuses to work though. Not sure if I need to use more setRequestHeader with Content-Form or something similar, and if I do, not sure what exactly I am supposed to pass it. If anyone has any advice regarding this, it would be hugely appreciated. I could probably use a perl module to do it, but I would rather keep it all in VBA if possible. Thanks, Marc.

    Read the article

  • Need some suggestions on my softwares architecture. [Code review]

    - by Sergio Tapia
    I'm making an open source C# library for other developers to use. My key concern is ease of use. This means using intuitive names, intuitive method usage and such. This is the first time I've done something with other people in mind, so I'm really concerned about the quality of the architecture. Plus, I wouldn't mind learning a thing or two. :) I have three classes: Downloader, Parser and Movie I was thinking that it would be best to only expose the Movie class of my library and have Downloader and Parser remain hidden from invocation. Ultimately, I see my library being used like this. using FreeIMDB; public void Test() { var MyMovie = Movie.FindMovie("The Matrix"); //Now MyMovie would have all it's fields set and ready for the big show. } Can you review how I'm planning this, and point out any wrong judgement calls I've made and where I could improve. Remember, my main concern is ease of use. Movie.cs using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Drawing; namespace FreeIMDB { public class Movie { public Image Poster { get; set; } public string Title { get; set; } public DateTime ReleaseDate { get; set; } public string Rating { get; set; } public string Director { get; set; } public List<string> Writers { get; set; } public List<string> Genres { get; set; } public string Tagline { get; set; } public string Plot { get; set; } public List<string> Cast { get; set; } public string Runtime { get; set; } public string Country { get; set; } public string Language { get; set; } public Movie FindMovie(string Title) { Movie film = new Movie(); Parser parser = Parser.FromMovieTitle(Title); film.Poster = parser.Poster(); film.Title = parser.Title(); film.ReleaseDate = parser.ReleaseDate(); //And so an so forth. } public Movie FindKnownMovie(string ID) { Movie film = new Movie(); Parser parser = Parser.FromMovieID(ID); film.Poster = parser.Poster(); film.Title = parser.Title(); film.ReleaseDate = parser.ReleaseDate(); //And so an so forth. } } } Parser.cs using System; using System.Collections.Generic; using System.Linq; using System.Text; using HtmlAgilityPack; namespace FreeIMDB { /// <summary> /// Provides a simple, and intuitive way for searching for movies and actors on IMDB. /// </summary> class Parser { private Downloader downloader = new Downloader(); private HtmlDocument Page; #region "Page Loader Events" private Parser() { } public static Parser FromMovieTitle(string MovieTitle) { var newParser = new Parser(); newParser.Page = newParser.downloader.FindMovie(MovieTitle); return newParser; } public static Parser FromActorName(string ActorName) { var newParser = new Parser(); newParser.Page = newParser.downloader.FindActor(ActorName); return newParser; } public static Parser FromMovieID(string MovieID) { var newParser = new Parser(); newParser.Page = newParser.downloader.FindKnownMovie(MovieID); return newParser; } public static Parser FromActorID(string ActorID) { var newParser = new Parser(); newParser.Page = newParser.downloader.FindKnownActor(ActorID); return newParser; } #endregion #region "Page Parsing Methods" public string Poster() { //Logic to scrape the Poster URL from the Page element of this. return null; } public string Title() { return null; } public DateTime ReleaseDate() { return null; } #endregion } } ----------------------------------------------- Do you guys think I'm heading towards a good path, or am I setting myself up for a world of hurt later on? My original thought was to separate the downloading, the parsing and the actual populating to easily have an extensible library. Imagine if one day the website changed its HTML, I would then only have to modifiy the parsing class without touching the Downloader.cs or Movie.cs class. Thanks for reading and for helping!

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Parsing HTML using HTTP Agility Pack

    - by Pajci
    Here is one table out of 5: <h3>marec - maj 2009</h3> <div class="graf_table"> <table summary="layout table"> <tr> <th>DATUM</th> <td class="datum">10.03.2009</td> <td class="datum">24.03.2009</td> <td class="datum">07.04.2009</td> <td class="datum">21.04.2009</td> <td class="datum">05.05.2009</td> <td class="datum">06.05.2009</td> </tr> <tr> <th>Maloprodajna cena [EUR/L]</th> <td>0,96000</td> <td>0,97000</td> <td>0,99600</td> <td>1,00800</td> <td>1,00800</td> <td>1,01000</td> </tr> <tr> <th>Maloprodajna cena [SIT/L]</th> <td>230,054</td> <td>232,451</td> <td>238,681</td> <td>241,557</td> <td>241,557</td> <td>242,036</td> </tr> <tr> <th>Prodajna cena brez dajatev</th> <td>0,33795</td> <td>0,34628</td> <td>0,36795</td> <td>0,37795</td> <td>0,37795</td> <td>0,37962</td> </tr> <tr> <th>Trošarina</th> <td>0,46205</td> <td>0,46205</td> <td>0,46205</td> <td>0,46205</td> <td>0,46205</td> <td>0,46205</td> </tr> <tr> <th>DDV</th> <td>0,16000</td> <td>0,16167</td> <td>0,16600</td> <td>0,16800</td> <td>0,16800</td> <td>0,16833</td> </tr> </table> </div> I have to extract out values, where table header is DATUM and Maloprodajna cena [EUR/L]. I am using Agility HTML pack. this.htmlDoc = new HtmlAgilityPack.HtmlDocument(); this.htmlDoc.OptionCheckSyntax = true; this.htmlDoc.OptionFixNestedTags = true; this.htmlDoc.OptionAutoCloseOnEnd = true; this.htmlDoc.OptionOutputAsXml = true; // is this necessary ?? this.htmlDoc.OptionDefaultStreamEncoding = System.Text.Encoding.Default; I had a lot of trouble with getting those values out. I started with: var query = from html in doc.DocumentNode.SelectNodes("//div[@class='graf_table']").Cast<HtmlNode>() from table in html.SelectNodes("//table").Cast<HtmlNode>() from row in table.SelectNodes("tr").Cast<HtmlNode>() from cell in row.SelectNodes("th|td").Cast<HtmlNode>() select new { Table = table.Id, CellText = cell.InnerHtml }; but could not figure out a way to select only values where table header is DATUM and Maloprodajna cena[EUR/L]. Is it possible to do that with where clause? Then I ended with those two queries: var date = (from d in htmlDoc.DocumentNode.SelectNodes("//div[@class='graf_table']//table//tr[1]/td") select DateTime.Parse(d.InnerText)).ToArray(); var price = (from p in htmlDoc.DocumentNode.SelectNodes("//div[@class='graf_table']//table//tr[2]/td") select double.Parse(p.InnerText)).ToArray(); Is it possible to combine those two queries? And how would I convert that to lambda expression? I just started to learn those things and I would like to know how it is done so that in the future I would not have those question. O, one more question ... does anybody know any graph control, cause I have to show those values in graph. I started with Microsoft Chart Controls, but I am having trouble with setting it. So if anyone has any experience with it I would like to know how to set it, so that x axle will show all values not every second ... example: if I have: 10.03.2009, 24.03.2009, 07.04.2009, 21.04.2009, 05.05.2009, 06.05.2009 it show only: 10.03.2009, 07.04.2009, 05.05.2009, ect. I bind data to graph like that: chart1.Series["Series1"].Points.DataBindXY(date, price); I lot of questions for my fist post ... hehe, hope that I was not indistinct or something. Thank's for any reply!

    Read the article

< Previous Page | 1 2 3