Search Results

Search found 4925 results on 197 pages for 'proximity alert'.

Page 34/197 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • button click using jquery

    - by DotnetSparrow
    Hi All: I have an asp.net button on a page without masterpage like this: <asp:Button ID="target" runat="server" Text="Animate Me" > </asp:Button> and I am calling this: var panel = $('#<%= target.ClientID %>'); panel.click(function(){ alert($(this).attr("value")); }); but no alert is shown. I even tried this: $('#target').click(function(){ alert($(this).attr("value")); }); but It didnt work. Please suggest me how to click the button and what is issue in above code. Thanks.

    Read the article

  • jQuery .toggle() not working as expected with second function?!

    - by Christopher
    I'm trying to create a button to show / hide a div below it, all is working fine, I'm just struggling with the last bit! I need to distinguish wether it's a show or hide action so I can pass the variable elsewhere, here's what I have.. $(this).find('.hide-close').click( function() { $(this).siblings('.dragbox-content').toggle(function() { alert($(this).parent().attr("id") + ' Show'); },function() { alert($(this).parent().attr("id") + ' Hide'); } ); }) .end() }); If use the following code, taking out the second function within toggle(), it works?! But then I don't have a show / hide variable. $(this).find('.hide-close').click( function() { $(this).siblings('.dragbox-content').toggle(function() { alert($(this).parent().attr("id") + ' Show'); } ); }) .end() }); Thanks in advance for any help, hopefully it's something really simple I just can't see! :)

    Read the article

  • Javascript Regex Replace string, special character need help

    - by Mohummad Abdullah
    I am trying to replace string on page in runtime example: find string "(800).123.4567" to "<span>(800)123.4567</span>" means i want to add span tag before and after of string. here is i m doing this is my code: var avidno = '(800)123 1234'; function validate () { var regex = /^\(?([0-9]{3})\)?[-. ]?([0-9]{3})[-. ]?([0-9]{4})$/; if (regex.test(avidno)) { alert('bingo'); var altrstr = '<span>'+avidno+'</span>'; alert(altrstr); // Valid international phone number } else { alert('uupss'); // Invalid international phone number } } validate();

    Read the article

  • the correct actionscript to find if object already exists

    - by touB
    I have a Rect object that I'd like to create and set its properties only once. After that, I want to just modify its properties since it already exists. This is my general idea if(theRect == undefined){ Alert.show("creating"); var theRect:Rect = new Rect(); //then set properties addElement(theRect); //then add it using addElement because addChild() does not work } else { Alert.show("updating"); //no need to create it since it's already been created //just access and change the properties } I tried several ways and combinations for the if conditional check: if(theRect == undefined){ if(theRect == null){ declaring and not declaring `var theRect:Rect;` before the if check declaring and instantiating to null before the if check `var theRect:Rect = null;` but can't get the desired effect. Everytime this code block runs, and depending on which version I've used, it either gives me a "can't access null object" error or the if statement always evaluates to true and creates a new Rect object and I get the "creating" Alert. What's the right way of creating that Rect but only if doesn't exist?

    Read the article

  • Providing updates during a long Rails controller action

    - by highBandWidth
    I have an action that takes a long time. I want to be able to provide updates during the process so the user is not confused as to whether he lost the connection or something. Can I do something like this: class HeavyLiftingController < ApplicationController def data_mine render_update :js=>"alert('Just starting!')" # do some complicated find etc. render_update :js=>"alert('Found the records!')" # do some processing ... render_update :js=>"alert('Done processig')" # send @results to view end end

    Read the article

  • Unable to capture the id of div clicked

    - by user3674364
    This is my jsfiddle http://jsfiddle.net/6TUtw/4/ How can i register for the event div click , so that i can get the name i have tried with different things , but none of them worked . $('#tabs div').click(function() { var elem = $(this); alert(elem); }); $('#tabs').on('click', 'div.click', function () { var elem = $(this); alert(elem); }); $("#tabs").click(function(){ var elem = $(this); alert(elem); });

    Read the article

  • Jquery mobile and PhoneGap: Reload page to get next item in database

    - by Amy Sukumunu
    I want to reload the page after the user swipe right to the next item in database (id will increment 1) but it is not functioning. It show the alert (ID+1) but the page still does not reload or changePage(same page) to get the new item. $('#word').live( 'swipeleft', function( e ) { alert( 'You swiped right!' ); if(parseInt(sessionStorage.currWord_ID) >= parseInt(sessionStorage.firstWordID) && parseInt(sessionStorage.currWord_ID) < parseInt(sessionStorage.lastWordID)){ sessionStorage.currWord_ID = parseInt(sessionStorage.currWord_ID) + 1; alert("ID +1"); $.mobile.changePage($("#word"),{transition: "pop",reloadPage: true}); } } );

    Read the article

  • greasemonkey code modification

    - by muqtar
    Hi,all.. A user has helped me find hidden values in a page and display it using alert. If there are radio buttons and one of them is related to this value,is there a way to select the radio button automatically rathar than displaying the value in alert box.. Thanks... the code is as follows: var inputs = document.getElementsByTagName('input'); for (i=0; i<inputs.length; i++) { if (inputs[i].getAttribute("name") == "ans") { alert(inputs[i].getAttribute("value")); } } this "value" must be selected in the radio button rathar than alerting...

    Read the article

  • Javascript keeps undefining my vars, it's harshing my buzz. Help?

    - by Keene Maverick
    This is my first experience with javascript, and... Well... Ugh. Here's what's happening: function step_1(id) { //blah blah step_2(id); } function step_2(id) { //blah blah step_3(id); } function step_3(id) { //blah blah alert(id); } step_1(0); // I can stick any number here, same thing happens... The alert pops up and says "Undefined". But, if I throw an alert(id); in step_2, then both alerts say "0". Why/how is id undefined? What am I doing wrong? I've even tried reassigning id in each function, like: var nid = id; step_2(nid); etc... But that still doesn't work without the alerts.

    Read the article

  • WPF-to stroke arc with two different brushes

    - by user1914725
    i am new to geometric drawing in wpf. i have a volmeter arc that needs to have alert value. The section of the arc beyond that alert value has to be done with a different color than the rest of the arc. hence the arc is brushed with 2 different colors. a path has one brush at a time.hence how i apply two different pens to the same arc? the alert value is obtained with a lot of pain by doing calculations like gemetry.getpointatfraction.it won't easy to apply triggers any suggestions /approach?

    Read the article

  • jQuery/JSON/PHP failing

    - by user730936
    I am trying to call a php script that accepts JSON data, writes it into a file and returns simple text response using jQuery/AJAX call. jQuery code : $("input.callphp").click(function() { var url_file = myurl"; $.ajax({type : "POST", url : url_file, data : {'puzzle': 'Reset!'}, success : function(data){ alert("Success: " + data); }, error : function (data) { alert("Error: " + data); }, dataType : 'text' }); }); PHP Code : <?php $thefile = "new.json"; /* Our filename as defined earlier */ $towrite = $_POST["puzzle"]; /* What we'll write to the file */ $openedfile = fopen($thefile, "w"); fwrite($openedfile, $towrite); fclose($openedfile); echo "<br> <br>".$towrite; ?> However, the call is never a success and always gives an error with an alert "Error : [Object object]".

    Read the article

  • Flex Builder I want to go from titleWindow to a panel.

    - by dejaninic
    Hi. I'm building an user login page and I want to go from titleWindow to Panel. I'm suing following function but it always takes me back to parentApplication. My question is how can I go to my panel and not to Application page. I know that I'm using parentApplication but what should I use instead??? Here is a part of my code: private function handleLogin(event:ResultEvent):void { Alert.show("You have succesfully logged in.", "Information", Alert.OK, null, null, null, Alert.OK); parentApplication.accountPage.mainService.getAccount(); PopUpManager.removePopUp(this); }

    Read the article

  • Getting an Ajax response from Zend Framework Controller

    - by JavaLava
    I'm doing an Ajax request on one of my views to a Controller but I am unable to send back a response to the Ajax method. In the snippet below, I am trying to send the word 'hellopanda' back but in the alert message, I'll get data as an object. View : $.ajax({ type: "POST", url: "localhost/some-activity", data: dataString, success: function(data) { alert( "Data is: " + data); //do something with data }, error: function(data){ alert( "Data is: " + data); //do something with data }, onComplete: function(){ } }); Controller: public function someActivityAction(){ //do stuff echo "hellopanda"; } I'm pretty sure the echo is the problem. Any insights on to how to do a proper response to the view would be greatly appreciated.

    Read the article

  • Works in Firefox but not IE

    - by Abs
    Hello all, I make use of the following to find a string in a particular element, if it exists, tick a checkbox. This works great on Firefox but not internet explorer (8). I am having trouble finding why. $.fn.searchString = function(str) { return this.filter('*:contains("' + str + '")'); }; var myID = $('div').searchString(files_array[i].substr(-4)); alert(myID);//[object object] alert(myID.children());//[object object] myID.children().attr('checked', true);//does not tick checkbox alert(myID.children().attr('checked'));//undefined Does IE not like the children() function? Thanks all for any help

    Read the article

  • getResponseHeader('last-modified'); does not change value

    - by telexper
    var page = 'data/appointments/<? echo $_SESSION['name']; ?><? echo $_SESSION['last']; ?>App.html'; var lM; function checkModified(){ $.get(page, function(a,a,x){ var mod = x.getResponseHeader('last-modified'); alert (lM); alert ("page" +mod); }); } when i alert the last-modified from my page, it outputs the same value, even when when i deleted all my cookies and cache , deleted the file from the server and replace it. it still outputs one value Tue , Oct 23, 2012 3:37:41 GMT

    Read the article

  • Jquery to limit the range of input

    - by Sharvari
    I have a text box that takes input as amount..I want to prevent the user from entering Amount greater than a certain amount..I tried using ajax ..but its not working the way i want..I think jquery wud do the needful..but I am not so good at it..If any one can help?? Ajax function that i Have written: function maxIssue(max, input, iid) { var req = getXMLHTTP(); var strURL = "limit_input.php?max=" + max + "&iid=" + iid; if (input > max) { alert("Issue Failed.Quantity Present in Stock is " + max); } if (input < 0) { alert("Issue Failed.Enter positive Value"); } if (req) { req.onreadystatechange = function() { if (req.readyState == 4) { // only if "OK" if (req.status == 200) { document.getElementById('maxdiv').innerHTML = req.responseText; } else { alert("There was a problem while using XMLHTTP:\n" + req.statusText); } } } } req.open("GET", strURL, true); req.send(null); }

    Read the article

  • How do I make a OnClickListener in Java

    - by Bob
    I used to program with html and to make a alert all I had to do was make an alert("Hello World"); but with java it is much more advanced. I need help to make a button that when someone clicks it, it has an alert message on the screen. This is my code right now: MyOnClickListener onClickListener = new MyOnClickListener() { @Override public void onClick(View v) { Intent returnIntent = new Intent(); returnIntent.putExtra("deleteAtIndex",idx); setResult(RESULT_OK, returnIntent); finish(); } }; for (int i =0;i<buttonList.size();i++) { buttonList.get(i).setText("Remove"); buttonList.get(i).setOnClickListener(onClickListener); }

    Read the article

  • Is there a way to substr a value returned by toShortString()?

    - by Jym Khana
    I am working with openlayers and I can get a point on a map but I can't get the individual coords. feat = drawLayer.features[0]; var geom = feat.geometry; var loca = geom.toShortString(); var long = loc.substr(0,9); alert(geom.toShortString());//returns the correct coords in xx.xxx,xx.xxx format alert(loca);//returns 2 very large numbers in xx.xxx,xx.xxx format alert(long);//returns the first, incorrect number What exaclty am I doing wrong and how can I correct it? Thanks

    Read the article

  • Javascript handle 2 data attribute

    - by user3530661
    I need to use data attribute in my html like <div id="userlist" data-user="A.A.M"></div> then I need to alert the data-user I used var userlist = document.getElementById("userlist"); var show = userlist.getAttribute("data-user"); alert(show); My question is how to handle many data-user in the html like <div id="userlist" data-user="A.A.M"></div> <div id="userlist2" data-user="A.A.M2"></div> to alert A.A.M and A.A.M2 Thanks in advance and sorry for my bad English.

    Read the article

  • MySQL GIS and Spatial Extensions - how to map regions and query against them

    - by chibineku
    I am trying to make a smartphone app which will return a list of users within a certain proximity, say 100m. It's easy to get the coordinates of my BlackBerry and write them to a database, but in order to return a list of other users within 100m, I need to pull every other record from the database and compare the distance between the two points, checking to see if it's within range, before outputting that user's information. This is going to be time consuming if there are many users involved. So I would like to map areas (countries, cities, I'm not yet sure of the resolution I'll need) so that I can first target a smaller subset of all users. This will save on processing time. I have read the basics of GIS and spatial querying on the mysql website but to be honest the query is over my head and I hate copying and pasting code without understanding it. Plus it only checks for proximity - I want to first check if a coordinate falls within a certain area. Does anyone have any experience of such matters and feel like giving me some pointers? Resources such as any preexisting databases of points describing countries as polygons would be really helpful too. Many thanks to anyone who takes the time :)

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • C# window application : How to validate mobile no.

    - by SAMIR BHOGAYTA
    //First : Simple Method private void textBox1_KeyPress(object sender, KeyPressEventArgs e) { if (char.IsDigit(e.KeyChar) == true) { if (textBox1.Text.Length 10) { MessageBox.Show("Invalid Indian Mobile Number !!"); txtPhone.Focus(); } } //With the help of JavaScript function phone_validate(phone) { var phoneReg = ^((\+)?(\d{2}[-]))?(\d{10}){1}?$; if(phoneReg.test(phone) == false) { alert("Phone number is not yet valid."); } else { alert("You have entered a valid phone number!"); } }

    Read the article

  • Jquery dependent dropdown doesn't work in IE

    - by earlyriser
    I have a 3 dropdowns: countries, states, and cities. States and cities are dependent of the previous form and loaded via AJAX. In Firefox and Chrome everything is ok, but in IE (8 in my case) when I select a state, the cities dropdown isn't loaded. It is like IE don't detect the change. It is not a load problem, because I have tested with a simple alert box. Any help will be really appreciated. The states loaded page is similar to: <div id="states"> <select id="woeid_state"> <option value="1">Alabama</option> <option value="2">Florida</option> </select> </div> The cities loaded page is similar to: <div id="towns"> <select id="woeid_town"> <option value="100">Miami</option> <option value="101">Orlando</option> </select> </div> The JS $(document).ready(function() { function loadStates( parent_woeid ) { $('#states').load("<?php echo $states_page?>"+parent_woeid); return false; } function loadCities( parent_woeid ) { $('#towns').load("<?php echo $cities_page;?>/admin1/"+parent_woeid); return false; } $("#woeid_country").change(function() { //alert("I am an alert box"); var country = $("select#woeid_country").val(); loadStates ( country); }); $("#states").change(function() { //alert("I am an alert box"); var admin1 = $("select#woeid_state").val(); loadCities ( admin1 ); }); }); The form: <form class="ordinary_form" method="post" action=""> <label>Country</label> <select name="woeid_country" id="woeid_country"> <option value="23424975">United Kingdom</option> <option value="23424977">United States</option> <option value="23424979">Uruguay</option> <option value="23424980">Uzbekistan</option> <option value="23424907">Vanuatu</option> <option value="23424982">Venezuela</option> <option value="23424984">Vietnam</option> </select> <label>State/Province</label> <div id="states"></div> <label>City</label> <div id="towns"></div> </form>

    Read the article

  • ORA-7445 Troubleshooting

    - by [email protected]
        QUICKLINK: Note 153788.1 ORA-600/ORA-7445 Lookup tool Note 1082674.1 : A Video To Demonstrate The Usage Of The ORA-600/ORA-7445 Lookup Tool [Video]   Have you observed an ORA-07445 error reported in your alert log? While the ORA-600 error is "captured" as a handled exception in the Oracle source code, the ORA-7445 is an unhandled exception error due to an OS exception which should result in the creation of a core file.  An ORA-7445 is a generic error, and can occur from anywhere in the Oracle code. The precise location of the error is identified by the core file and/or trace file it produces.  Looking for the best way to diagnose? Whenever an ORA-7445 error is raised a core file is generated.  There may be a trace file generated with the error as well.   Prior to 11g, the core files are located in the CORE_DUMP_DEST directory.   Starting with 11g, there is a new advanced fault diagnosability infrastructure to manage trace data.  Diagnostic files are written into a root directory for all diagnostic data called the ADR home.   Core files at 11g will go to the ADR HOME/cdump directory.   For more information on the Oracle 11g Diagnosability feature see Note 453125.1 11g Diagnosability Frequently Asked Questions Note 443529.1 11g Quick Steps to Package and Send Critical Error Diagnostic Information to Support[Video]   NOTE:  While the core file is captured in the Diagnosability infrastructure, the file may not be included with a diagnostic package.1.  Check the Alert LogThe alert log may indicate additional errors or other internal errors at the time of the problem.   In some cases, the ORA-7445 error will occur along with ORA-600, ORA-3113, ORA-4030 errors.  The ORA-7445 error can be side effects of the other problems and you should review the first error and associated core file or trace file and work down the list of errors.   Note 1020463.6 DIAGNOSING ORA-3113 ERRORS Note 1812.1 TECH:  Getting a Stack Trace from a CORE file Note 414966.1 RDA Documentation Index   If the ORA-7445 errors are not associated with other error conditions, ensure the trace data is not truncated. If you see a message at the end of the file   "MAX DUMP FILE SIZE EXCEEDED"   the MAX_DUMP_FILE_SIZE parameter is not setup high enough or to 'unlimited'. There could be vital diagnostic information missing in the file and discovering the root issue may be very difficult.  Set the MAX_DUMP_FILE_SIZE appropriately and regenerate the error for complete trace information. For pointers on deeper analysis of these errors see   Note 390293.1 Introduction to 600/7445 Internal Error Analysis Note 211909.1 Customer Introduction to ORA-7445 Errors 2.  Search 600/7445 Lookup Tool Visit My Oracle Support to access the ORA-00600 Lookup tool (Note 153788.1). The ORA-600/ORA-7445 Lookup tool may lead you to applicable content in My Oracle Support on the problem and can be used to investigate the problem with argument data from the error message or you can pull out key stack pointers from the associated trace file to match up against known bugs.3.  "Fine tune" searches in Knowledge Base As the ORA-7445 error indicates an unhandled exception in the Oracle source code, your search in the Oracle Knowledge Base will need to focus on the stack data from the core file or the trace file. Keep in mind that searches on generic argument data will bring back a large result set.  The more you can learn about the environment and code leading to the errors, the easier it will be to narrow the hit list to match your problem. Note 153788.1 ORA-600/ORA-7445 TroubleshooterNote 1082674.1 A Video To Demonstrate The Usage Of The ORA-600/ORA-7445 Lookup Tool [Video] NOTE:  If no trace file is captured, see Note 1812.1 TECH:  Getting a Stack Trace from a CORE file.  Core files are managed through 11g Diagnosability, but are not packaged with other diagnostic data automatically.  The core files can be quite large, but may be useful during analysis within Oracle Support.4.  If assistance is required from Oracle Should it become necessary to get assistance from Oracle Support on an ORA-7445 problem, please provide at a minimum, the Alert log  Associated tracefile(s) or incident package at 11g Patch level  information Core file(s)  Information about changes in configuration and/or application prior to  issues  If error is reproducible, a self-contained reproducible testcase: Note.232963.1 How to Build a Testcase for Oracle Data Server Support to Reproduce ORA-600 and ORA-7445 Errors RDA report or Oracle Configuration Manager information Oracle Configuration Manager Quick Start Guide Note 548815.1 My Oracle Support Configuration Management FAQ Note 414966.1 RDA Documentation Index ***For reference to the content in this blog, refer to Note.1092832.1 Master Note for Diagnosing ORA-600

    Read the article

  • Ajax does not send the data to my php file [migrated]

    - by Mert METIN
    I try to send my data to php file but does not work. This my ajax file var artistIds = new Array(); $(".p16 input:checked").each(function(){ artistIds.push($(this).attr('id')); }); $.post('/json/crewonly/deleteDataAjax2', { artistIds: artistIds },function(response){ if(response == 'ok') alert('dolu'); elseif (response == 'error') alert('bos'); }); and this is my php public function deleteDataAjax2() { extract($_POST); if (isset($artistIds)) $this->sendJSONResponse('ok'); else $this->sendJSONResponse('error'); } However, my artistIds in php side is null. Why ?

    Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >