Search Results

Search found 128 results on 6 pages for 'onfocus'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

  • Javascript Dropdownbox

    - by edgar
    I have a dropdownbox (percent), a input box(price) and a input box (total) When you select a percent from the dropdown, it multiplies the value of the selected dropdown times the price value and input the result in the total input box. This works well with one input box, but what I am trying to do is to use asp and when you select a percent from the drop down box, it will calcualate the rest of the total fields. Here is the code that I have so far <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"% <% Dim Recordset1 Dim Recordset1_numRows Set Recordset1 = Server.CreateObject("ADODB.Recordset") Recordset1.ActiveConnection = MM_pricdsn_STRING Recordset1.Source = "SELECT * FROM AMFLIB.MBCWCPP where cwfvnb = 1090101 and cwaitx between '0025' and '0025AT'" Recordset1.CursorType = 0 Recordset1.CursorLocation = 2 Recordset1.LockType = 1 Recordset1.Open() Recordset1_numRows = 0 %> <% Dim Repeat1__numRows Dim Repeat1__index Repeat1__numRows = -1 Repeat1__index = 0 Recordset1_numRows = Recordset1_numRows + Repeat1__numRows %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> Javascript Untitled Document <script type="text/javascript"> function startCalc4(){ interval = setInterval("calc4()",1); } function calc4(){ one = document.form1.prcbook.value; two = document.form1.percent.value; document.form1.total.value = (one * 1) * (two * 1); } function stopCalc4(){ clearInterval(interval); } </script> <style type="text/css"> <!-- #Layer1 { position:absolute; left:26px; top:49px; width:150px; height:24px; z-index:1; } #Layer2 { position:absolute; left:36px; top:22px; width:166px; height:22px; z-index:2; } #Layer3 { position:absolute; left:19px; top:24px; width:174px; height:21px; z-index:3; } --> </style> <script type="text/javascript"> function showhideText(box,id) { var elm = document.getElementById(id) elm.style.display = box.checked? "inline":"none" } </script> </head> <body> <form id="form1" name="form1" method="post" action=""> <p> </p> <p>&nbsp;</p> <p> <input type="text" name="itm" value="<%=(Recordset1.Fields.Item("CWAITX").Value)%>"/> <select name="percent" onFocus="startCalc4();"onBlur="stopCalc4();"> <option value="0">select</option> <option value="1.10">10%</option> <option value="1.25">25%</option> </select> </p> <p> <% If Not REcordset1.EOF Then Do while not REcordset1.EOF %> <input type="text" name="qty" value="<%=(Recordset1.Fields.Item("CWAJQT").Value)%>"onfocus="startCalc4();" onblur="stopCalc4();"/> <input name="prcbook" type="text" value="<%=(Recordset1.Fields.Item("CWKDVA").Value)%>"onfocus="startCalc4();" onblur="stopCalc4();"/> <input type="text" name="total" value=""/> </p> </form> </body> </html> <% REcordset1.MoveNext Loop End If %>

    Read the article

  • .type error in IE

    - by MrEnder
    The line <input type="text" name="passwordLogin" value="Password" onfocus="if(this.value=='Password'){this.value=''; this.type='password'};" onblur="if(this.value==''){this.value='Password'; this.type='text'};" size="25" /> works in all web browsers except IE... how can I fix it for IE?

    Read the article

  • Help creating a JavaScript mixin in Tapestry5?

    - by shane87
    I am creating a mixin which renders a javascript file when a textfield gains focus. I am new to the idea of mixins in Tapestry, and I am unsure of where to place my original javascript file which i wish to run when the textfield gains focus. The following is an example of my code: The Java mixin class: package asc.mixins; import org.apache.tapestry5.RenderSupport; import org.apache.tapestry5.annotations.AfterRender; import org.apache.tapestry5.annotations.Environmental; import org.apache.tapestry5.annotations.IncludeJavaScriptLibrary; import org.apache.tapestry5.annotations.InjectContainer; import org.apache.tapestry5.corelib.base.AbstractTextField; @IncludeJavaScriptLibrary("js_dasher_mixin.js") public class DasherMixin { @Environmental private RenderSupport renderSupport; @InjectContainer private AbstractTextField field; @AfterRender void addScript() { this.renderSupport.addScript("new JSDasher('%s');", this.field.getClientId()); } } The Javascript mixin file: JSDasher = Class.create({ initialize: function(textField) { this.textField = $(textField); this.textField.observe('focus', this.onFocus.bindAsEventListener(this)); }, onFocus: function(event) { //call my javascript init() function } } part of my javascript file I wish to run when the textfield gains focus: var posX, posY; // Sets up our global variables and dispatches an init request to the server. function init() { posX=0; posY=0; canvas = document.getElementById("canvas"); canvasWidth = canvas.offsetWidth; canvasHeight = canvas.offsetHeight; if (canvas.getContext) { ctx = canvas.getContext("2d"); } canvas.onclick = canvasClicked; canvas.onmousemove = mouseMoved; canvasOffsetX = findPosX(canvas); canvasOffsetY = findPosY(canvas); sessID = -1; sendInitRQ(canvasWidth, canvasHeight); } My javascript file is much larger than above, my question is where should I put my javascript code above? Should it all be contained in the mixin.js file? if so where exactly should it go? Thanks in advance for any help.

    Read the article

  • loading an asp after starting a session

    - by Noam Smadja
    the jQuery $("#loginform").submit(function(){ $.ajax({ type: "POST", url: "loginrespajax.asp", data: $("#loginform").serialize(), success: function(){ $("#loginform").hide("slow"); $("#loginform").load("userheader.asp"); $("#loginform").show("slow"); } }); }); thats userheader.asp <div class="userlinks"> <%if (session("userlevel")) then%> <% select case session("userlevel") case 1 %> <a href="managenews.asp"><%langstring("header_news")%></a> | <a href="managebooks.asp"><%langstring("header_books")%></a> | <a href="manageusers.asp"><%langstring("manage_users")%></a> | <a href="manageorders.asp"><%langstring("manage_orders")%></a> | <a href="managelanguage.asp"><%langstring("manage_language")%></a> | <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% case 2 %> <a href="managenews.asp"><%langstring("header_news")%></a> | <a href="managebooks.asp"><%langstring("header_books")%></a> | <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% case 3 %> <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% End select %> <a href="editprofile.asp"><%langstring("editprofile_header")%></a> | <a href="changepassword.asp"><%langstring("changepassword_header")%></a> | <a href="logout.asp"><%langstring("logout_header")%></a> <%else%> <form action="loginrespajax.asp" method="POST" name="loginform" id="loginform" class="loginform" onSubmit="return false;"> <input type="text" name="username" value="username" class="input inline" onFocus="clearText(this);"> <input type="password" name="password" value="password" class="input inline" onFocus="clearText(this);"> <input type="submit" value="Log In" class="submit inline"> </form> <%End if%> </div> i am submiting the login form using AJAX and the jQuery partially works. it does hide and show again. but it prints the ELSE part of in userheader.asp. the session does start, for sure :)

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • Does the <script> tag position in HTML affects performance of the webpage?

    - by Rahul Joshi
    If the script tag is above or below the body in a HTML page, does it matter for the performance of a website? And what if used in between like this: <body> ..blah..blah.. <script language="JavaScript" src="JS_File_100_KiloBytes"> function f1() { .. some logic reqd. for manipulating contents in a webpage } </script> ... some text here too ... </body> Or is this better?: <script language="JavaScript" src="JS_File_100_KiloBytes"> function f1() { .. some logic reqd. for manipulating contents in a webpage } </script> <body> ..blah..blah.. ..call above functions on some events like onclick,onfocus,etc.. </body> Or this one?: <body> ..blah..blah.. ..call above functions on some events like onclick,onfocus,etc.. <script language="JavaScript" src="JS_File_100_KiloBytes"> function f1() { .. some logic reqd. for manipulating contents in a webpage } </script> </body> Need not tell everything is again in the <html> tag!! How does it affect performance of webpage while loading? Does it really? Which one is the best, either out of these 3 or some other which you know? And one more thing, I googled a bit on this, from which I went here: Best Practices for Speeding Up Your Web Site and it suggests put scripts at the bottom, but traditionally many people put it in <head> tag which is above the <body> tag. I know it's NOT a rule but many prefer it that way. If you don't believe it, just view source of this page! And tell me what's the better style for best performance.

    Read the article

  • Can this be improved? Scrubing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • How to set cursor at the end in a TEXTAREA? (by not using jQuery)

    - by Brian Hawk
    Is there a way to set the cursor at the end in a TEXTAREA tag? I'm using Firefox 3.6 and I don't need it to work in IE or Chrome. JavaScript is ok but it seems all the related answers in here use onfocus() event, which seems to be useless because when user clicks on anywhere within textarea, Firefox sets cursor position to there. I have a long text to display in a textarea so that it displays the last portion (making it easier to add something at the end).

    Read the article

  • onblur deletes data when submit, why?

    - by Syom
    i have the following script <input style="color: #ccc" type="text" value="something" name="country" onFocus="if (this.value == 'something') { this.value='';this.style.color='black';}" onblur="if (this.value != 'something') { this.value='something'}" /> <input type="submit" value="save" /> it works fine, but when i click on submit button, it also deletes the value "something" so, what can i do, if i want, that when i click on submit button, value doesn't delete? thanks

    Read the article

  • Connecting form to database errors

    - by Russell Ehrnsberger
    Hello I am trying to connect a page to a MySQL database for newsletter signup. I have the database with 3 fields, id, name, email. The database is named newsletter and the table is named newsletter. Everything seems to be fine but I am getting this error Notice: Undefined index: Name in C:\wamp\www\insert.php on line 12 Notice: Undefined index: Name in C:\wamp\www\insert.php on line 13 Here is my form code. <form action="insert.php" method="post"> <input type="text" value="Name" name="Name" id="Name" class="txtfield" onblur="javascript:if(this.value==''){this.value=this.defaultValue;}" onfocus="javascript:if(this.value==this.defaultValue){this.value='';}" /> <input type="text" value="Enter Email Address" name="Email" id="Email" class="txtfield" onblur="javascript:if(this.value==''){this.value=this.defaultValue;}" onfocus="javascript:if(this.value==this.defaultValue){this.value='';}" /> <input type="submit" value="" class="button" /> </form> Here is my insert.php file. <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="newsletter"; // Database name $tbl_name="newsletter"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $name=$_POST['Name']; $email=$_POST['Email']; // Insert data into mysql $sql="INSERT INTO $tbl_name(name, email)VALUES('$name', '$email')"; $result=mysql_query($sql); // if successfully insert data into database, displays message "Successful". if($result){ echo "Successful"; echo "<BR>"; echo "<a href='index.html'>Back to main page</a>"; } else { echo "ERROR"; } ?> <?php // close connection mysql_close(); ?>

    Read the article

  • Javascript: Properly Setting A Text Area

    - by Jeremy Person
    I have a text area and the problem is people are typing a large amount of text and I have it clearing out the value and forcing an N/A so I can force something to be entered. How can I make the script below validate someone has already typed something (and not clear it out) but still clear out the N/A by default? textarea name="req_WhatMadeItDifficultToUse" cols="35" onfocus="this.value = '';" onblur="if(this.value == '') this.value = 'N/A';" id="WhatMadeItDifficultToUse"N/A

    Read the article

  • Select all text in an <input /> when it gains focus

    - by Chris Barr
    I've got a textbox (set to readonly) and I need its' contents to be selected for easy copy/paste when it gains focus. Using the code below it only seems to quickly select the text and then unselect it for some reason. HTML <input id='thing' type='text' value='some text' readonly='readonly' />? JavaScript document.getElementById('thing').onfocus = function(){ this.select(); };? Fiddle: http://jsfiddle.net/cfqje/

    Read the article

  • unobtrusive "default" text in input WITHOUT jQuery

    - by Adam Kiss
    Hello, i'm trying to write unobtrusive default/placeholder text in input (actually, relatively placed label over input, which hides on onFocus, and stays hidden if input isn't empty on onBlur), but I don't want to use jQuery, because this is the only javascript used on page - therefore using jQuery seems a bit over the top. Please, how can I do this without jQuery? Thank you.

    Read the article

  • Wishful Thinking: Why can't HTML fix Script Attacks at the Source?

    - by Rick Strahl
    The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as input for listings. The first line of defense of course is: Just say no to HTML input from users. If you don't allow HTML input directly and use HTML Encoding (HttyUtility.HtmlEncode() in .NET or using standard ASP.NET MVC output @Model.Content) you're fairly safe at least from the HTML input provided. Both WebForms and Razor support HtmlEncoded content, although Razor makes it the default. In Razor the default @ expression syntax:@Model.UserContent automatically produces HTML encoded content - you actually have to go out of your way to create raw HTML content (safe by default) using @Html.Raw() or the HtmlString class. In Web Forms (V4) you can use:<%: Model.UserContent %> or if you're using a version prior to 4.0:<%= HttpUtility.HtmlEncode(Model.UserContent) %> This works great as a hedge against embedded <script> tags and HTML markup as any HTML is turned into text that displays as HTML but doesn't render the HTML. But it turns any embedded HTML markup tags into plain text. If you need to display HTML in raw form with the markup tags rendering based on user input this approach is worthless. If you do accept HTML input and need to echo the rendered HTML input back, the task of cleaning up that HTML is a complex task. In the projects I work on, customers are frequently asking for the ability to post raw HTML quite frequently.  Almost every app that I've built where there's document content from users we start out with text only input - possibly using something like MarkDown - but inevitably users want to just post plain old HTML they created in some other rich editing application. See this a lot with realtors especially who often want to reuse their postings easily in multiple places. In my work this is a common problem I need to deal with and I've tried dozens of different methods from sanitizing, simple rejection of input to custom markup schemes none of which have ever felt comfortable to me. They work in a half assed, hacked together sort of way but I always live in fear of missing something vital which is *really easy to do*. My Wishlist Item: A <restricted> tag in HTML Let me dream here for a second on how to address this problem. It seems to me the easiest place where this can be fixed is: In the browser. Browsers are actually executing script code so they have a lot of control over the script code that resides in a page. What if there was a way to specify that you want to turn off script code for a block of HTML? The main issue when dealing with HTML raw input isn't that we as developers are unaware of the implications of user input, but the fact that we sometimes have to display raw HTML input the user provides. So the problem markup is usually isolated in only a very specific part of the document. So, what if we had a way to specify that in any given HTML block, no script code could execute by wrapping it into a tag that disables all script functionality in the browser? This would include <script> tags and any document script attributes like onclick, onfocus etc. and potentially also disallow things like iFrames that can potentially be scripted from the within the iFrame's target. I'd like to see something along these lines:<article> <restricted allowscripts="no" allowiframes="no"> <div>Some content</div> <script>alert('go ahead make my day, punk!");</script> <div onfocus="$.getJson('http://evilsite.com/')">more content</div> </restricted> </article> A tag like this would basically disallow all script code from firing from any HTML that's rendered within it. You'd use this only on code that you actually render from your data only and only if you are dealing with custom data. So something like this:<article> <restricted> @Html.Raw(Model.UserContent) </restricted> </article> For browsers this would actually be easy to intercept. They render the DOM and control loading and execution of scripts that are loaded through it. All the browser would have to do is suspend execution of <script> tags and not hookup any event handlers defined via markup in this block. Given all the crazy XSS attacks that exist and the prevalence of this problem this would go a long way towards preventing at least coded script attacks in the DOM. And it seems like a totally doable solution that wouldn't be very difficult to implement by vendors. There would also need to be some logic in the parser to not allow an </restricted> or <restricted> tag into the content as to short-circuit the rstricted section (per James Hart's comment). I'm sure there are other issues to consider as well that I didn't think of in my off-the-back-of-a-napkin concept here but the idea overall seems worth consideration I think. Without code running in a user supplied HTML block it'd be pretty hard to compromise a local HTML document and pass information like Cookies to a server. Or even send data to a server period. Short of an iFrame that can access the parent frame (which is another restriction that should be available on this <restricted> tag) that could potentially communicate back, there's not a lot a malicious site could do. The HTML could still 'phone home' via image links and href links potentially and basically say this site was accessed, but without the ability to run script code it would be pretty tough to pass along critical information to the server beyond that. Ahhhh… one can dream… Not holding my breath of course. The design by committee that is the W3C can't agree on anything in timeframes measured less than decades, but maybe this is one place where browser vendors can actually step up the pressure. This is something in their best interest to reduce the attack surface for vulnerabilities on their browser platforms significantly. Several people commented on Twitter today that there isn't enough discussion on issues like this that address serious needs in the web browser space. Realistically security has to be a number one concern with Web applications in general - there isn't a Web app out there that is not vulnerable. And yet nothing has been done to address these security issues even though there might be relatively easy solutions to make this happen. It'll take time, and it's probably not going to happen in our lifetime, but maybe this rambling thought sparks some ideas on how this sort of restriction can get into browsers in some way in the future.© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET  HTML5  HTML  Security   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Can this be improved? Scrubbing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); } Edit 2 people have suggested whitelisting. I actually like the idea of whitelisting but never actually did it because no one can actually tell me how to do it in C# and I can't even really find tutorials for how to do it in c#(the last time I looked. I will check it out again). How do you make a white list? Is it just a list collection? How do you actual parse out all html tags, script tags and every other tag? Once you have the tags how do you determine which ones are allowed? Compare them to you list collection? But what happens if the content is coming in and has like 100 tags and you have 50 allowed. You got to compare each of those 100 tag by 50 allowed tags. Thats quite a bit to go through and could be slow. Once you found a invalid tag how do you remove it? I don't really want to reject a whole set of text if one tag was found to be invalid. I rather remove and insert the rest. Should I be using html agility pack?

    Read the article

  • how to make a javascript number keypad popup

    - by user2434653
    i have a website with 3 pages. each page has a form with two input fields. i am trying to make a popup number-keypad that will populate what ever input field called it. below is that base code i keep coming back to. <html> <head><title>test</title></head> <body> <script> function num(id) { return document.getElementById(id); } </script> <form action="/unitPage" method="POST" style=" text-align:center;"> Prefix: <input id="num" name"prefix" type="text" onfocus="num('keypad').style.display='inline-block';"/> Number: <input id="num" name"number" type="text" pattern="[0-9]{6}" onfocus="num('keypad').style.display='inline-block';"/> </form> <div id="keypad" style="display:none; background:#AAA; vertical-align:top;"> <input type="button" value="7" onclick="num('num').value+=7;"/> <input type="button" value="8" onclick="num('num').value+=8;"/> <input type="button" value="9" onclick="num('num').value+=9;"/><br/> <input type="button" value="4" onclick="num('num').value+=4;"/> <input type="button" value="5" onclick="num('num').value+=5;"/> <input type="button" value="6" onclick="num('num').value+=6;"/><br/> <input type="button" value="1" onclick="num('num').value+=1;"/> <input type="button" value="2" onclick="num('num').value+=2;"/> <input type="button" value="3" onclick="num('num').value+=3;"/><br/> <input type="button" value="X" onclick="num('keypad').style.display='none'"/> <input type="button" value="0" onclick="num('num').value+=0;"/> <input type="button" value="&larr;" onclick="num('num').value=num('num').value.substr(0,num('num').value.length-1);"/> </div> </body> </html> is there a way of making one number key pad that i call from any page or do i need to make the above for each input? thanks

    Read the article

  • How to edit a link within a contentEditable div

    - by Travis
    Does anyone have any suggestions on how to edit an link in a contentEditable div? It would be ideal once the link is either clicked with mouse, or the cursor hits the link, that the a small prompt would pop up and allow the user to change the href property of the link. The prompt isn't the issue, but how is it possible to detect the link has been either clicked or that the cursor has arrived at the link? onfocus doesn't seem to work in a contentEditable div on Firefox & Safari. Any ideas?

    Read the article

  • jquery link handler with google ads link

    - by kani
    my jquery jQuery(function(){ jQuery('div.class a').click(function() { alert("hello"); }); }); google ads link <a id="aw0" class="adt" target="_top" onmouseover="return ss('','aw0')" onmousedown="st('aw0')" onfocus="ss('','aw0')" onclick="ha('aw0')" href="/aclk?sa=l&ai=BH3xd2ZmTSvrMC5iKqAO2v7XDBv6jtl-mgLjKDMCNtwGA8QQQARgBILCNuQooBTgAUO3uw-4EYPEDoAHdtsH_A7IBCWxvY2FdsG9zdLoBCjE2MHg2MDBfYXPIAQHaARdodHRwOi8vbG9jYWxob3N0L21lZHV1L8gCrOj9A6gDAcgDB-gDigPoA9gC6AMf6AMg9QMAAAAE&num=1&sig=AGiWqtyWbhq4GCyGudApdZUjBApw4vI74w&client=ca-pub-0099118250769400&adurl=http://www.nixusoftware.com/products_nss.html"> <span>Nixu Software's Warning</span> </a> My problem is jquery not properly work with google ads link // other links no problem (<a>link</a>) is jquery functions conflict with google ads functions Please help me

    Read the article

  • JavaScript: 'textarea.value' not working in IE?

    - by pete
    Hi! A few hours ago, I was instructed how to style a specific textarea with JS. The following piece of code (thanks again, Mario Menger) works like a charm in Firefox but unfortunately nothing happens in Internet Explorer (7 tested only so far). var foo = document.getElementById('HCB_textarea'); var defaultText = 'Your message here'; foo.value = defaultText; foo.style.color = '#888'; foo.onfocus = function(){ foo.style.color = '#000'; if ( foo.value == defaultText ) { foo.value = ''; } }; foo.onblur = function(){ foo.style.color = '#888'; if ( foo.value == '' ) { foo.value = defaultText; } }; I've already tried to replace 'value' by 'innerHTML' (for IE only) but to no effect. Any suggestions? TIA

    Read the article

  • JavaScript: 'foo.value' not working in IE?

    - by pete
    Hi! A few hours ago, I was instructed how to style a specific textarea with JS. The following piece of code (thanks again, Mario Menger) works like a charm in Firefox but unfortunately nothing happens in Internet Explorer (7 tested only so far). var foo = document.getElementById('HCB_textarea'); var defaultText = 'Your message here'; foo.value = defaultText; foo.style.color = '#888'; foo.onfocus = function(){ foo.style.color = '#000'; if ( foo.value == defaultText ) { foo.value = ''; } }; foo.onblur = function(){ foo.style.color = '#888'; if ( foo.value == '' ) { foo.value = defaultText; } }; I've already tried to replace 'value' by 'innerHTML' (for IE only) but to no effect. Any suggestions? TIA

    Read the article

  • iPhone UIWebView becomeFirstResponder

    - by user505618
    I have an UIWebView with an <input type="text"/> html element in it. I want to focus the input element in the html and show the keyboard on the iPhone programmatically, without tapping the screen. I've tried the following: set the focus from JavaScript (in this case the onFocus JS event will fire but the keyboard won't show up) [webView becomeFirstresponder] (returns NO) set the first subview of the webView to be the firstResponder (returns NO) subclass UIWebView to return YES to canBecomeFirstResponder: (nothing happens) I'm trying to find the solution since yesterday but I couldn't find it. Please help.

    Read the article

  • Email php isn't working, please help?

    - by laurence-benson
    Hey Guys, My email code isn't working, can anyone help? Thanks. <?php if(isset($_POST['send'])){ $to = "[email protected]" ; // change all the following to $_POST $from = $_REQUEST['Email'] ; $name = $_REQUEST['Name'] ; $headers = "From: $from"; $subject = "Web Contact Data"; $fields = array(); $fields{"Name"} = "Name"; $fields{"Email"} = "Email"; $body = "We have received the following information:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); } $subject2 = "Thank you for contacting us."; $autoreply = "<html><body><p>Dear " . $name . ",</p><p>Thank you for registering with ERB Images.</p> <p>To make sure that you continue to receive our email communications, we suggest that you add [email protected] to your address book or Safe Senders list. </p> <p>In Microsoft Outlook, for example, you can add us to your address book by right clicking our address in the 'From' area above and selecting 'Add to Outlook Contacts' in the list that appears.</p> <p>We look forward to you visiting the site, and can assure you that your privacy will continue to be respected at all times.</p><p>Yours sincerely.</p><p>Edward R Benson</p><p>Edward Benson Esq.<br />Founder<br />ERB Images</p><p>www.erbimages.com</p></body></html>"; $headers2 = 'MIME-Version: 1.0' . "\r\n"; $headers2 .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers2 .= 'From: [email protected]' . "\r\n"; mail($from, $subject2, $autoreply, $headers2); $send=false; if($name == '') {$error= "You did not enter your name, please try again.";} else { if(!preg_match("/^[[:alnum:]][a-z0-9_.'+-]*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$/",$from)) {$error= "You did not enter a valid email address, please try again.";} else { $send = mail($to, $subject, $body, $headers); $send2 = mail($from, $subject2, $autoreply, $headers2); } if(!isset($error) && !$send) $error= "We have encountered an error sending your mail, please notify [email protected]"; } }// end of if(isset($_POST['send'])) ?> <?php include("http://erbimages.com/php/doctype/index.php"); ?> <?php include("http://erbimages.com/php/head/index.php"); ?> <div class="newsletter"> <ul> <form method="post" action="http://lilyandbenson.com/newletter/index.php"> <li> <input size="20" maxlength="50" name="Name" value="Name" onfocus="if(this.value==this.defaultValue) this.value='';" onblur="if(this.value=='') this.value=this.defaultValue;"> </li> <li> <input size="20" maxlength="50" name="Email" value="Email" onfocus="if(this.value==this.defaultValue) this.value='';" onblur="if(this.value=='') this.value=this.defaultValue;"> </li> <li> <input type="submit" name="send" value="Send" id="register_send"> </li> </form> <?php ?> </ul> <div class="clear"></div> </div> <div class="section_error"> <?php if(isset($error)) echo '<span id="section_error">'.$error.'</span>'; if(isset($send) && $send== true){ echo 'Thank you, your message has been sent.'; } if(!isset($_POST['send']) || isset($error)) ?> <div class="clear"></div> </div> </body> </html>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6  | Next Page >