Search Results

Search found 35216 results on 1409 pages for 'dynamic html'.

Page 469/1409 | < Previous Page | 465 466 467 468 469 470 471 472 473 474 475 476  | Next Page >

• Can this be imporved? Scrubing of dangerous html tags.

  - by chobo2

  Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

  Read the article

• Can this be improved? Scrubing of dangerous html tags.

  - by chobo2

  I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

  Read the article

• How to express "where value is in dynamic list" in HQL/GORM?

  - by xcut

  For a grails application, I need to find a list of objects whose "attr" is one in a dynamic list of strings. The actual HQL query is more complex, but the bit I need help with is this: def result = MyObject.executeQuery("select o from MyObject as o where o.attr in :list", [list: aListOfStrings]) This is obviously not the right syntax, Grails throws it back at me as an "unexpected token", being the :list parameter. Is this possible in HQL? I don't particularly want to use Criteria in this part of the codebase.

  Read the article

• how do I make URI of dynamic web reference look in web.config instead of app.config?

  - by krprasad

  I have a class library(DLL) which has a web reference, its dynamic. I have copied the setting into the applicationSettings of the web.config but still it keeps referring to the old URI I had set during develoment. any idea how i can make it take the URI of the web-service from the web.config?

  Read the article

• How to access html request parameters for a .rhtml page served by webrick?

  - by cibercitizen1

  I'm using webrick (the built-in ruby webserver) to serve .rhtml files (html with ruby code embedded --like jsp). It works fine, but I can't figure out how to access parameters (e.g. http://localhost/mypage.html?foo=bar) from within the ruby code in the .rhtml file. (Note that I'm not using the rails framework, only webrick + .rhtml files) Thanks

  Read the article

• C# SQL: What is the best way to implement a dynamic table?

  - by SirMoreno

  I want to allow the user to add columns to a table in the UI. The UI: Columns Name:__ Columns Type: Number/String/Date My Question is how to build the SQL tables and C# objects so the implementation will be efficient and scalable. My thought is to build two SQL tables: TBL 1 - ColumnsDefinition: ColId, ColName, ColType[Text] TBL 2 - ColumnsValues: RowId, ColId, Value [Text] I want the solution to be efficient in DB space, and I want to allow the user to sort the dynamic columns. I work on .NET 3.5 MSSQL 2008. Thanks.

  Read the article

• How to create dynamic incrementing variable using "for" loop in php?

  - by Parth

  How to create dynamic incrementing variable using "for" loop in php? like wise: $track_1,$track_2,$track_3,$track_4..... so on....

  Read the article

• Is there any real alternative to GeoServer as dynamic map generator in Java ?

  - by Costi Ciudatu

  I'm looking for the most suitable tool for generating dynamic geographical maps in Java (with styles based on custom business data: colors, labels etc. will be dynamically set). After some searching, only GeoServer (and the underlying GeoTools library) seems to fit. Although I'm really happy with this solution, I'm afraid I might miss something and make some decision based on incomplete input. Any suggestion ? Any viable alternative to compare against ?

  Read the article

• is it possible to convert HTML to xml uisng the Python script..?

  - by Shashi

  I am using the HtmlParser to convert the HTML into xml How to use that in script please tell me .. means how to get child nodes in Html.

  Read the article

• What is the 'dynamic' type in c# 4.0 used for?

  - by Fahad

  C# 4.0 introduced a new type called 'dynamic'. It all sounds good but what would a programmer use it for? If anyone can think of a situation where it can save the day please tell me.

  Read the article

• How to discover classes with [Authorize] attributes using Reflection in C#? (or How to build Dynamic

  - by Pretzel

  Maybe I should back-up and widen the scope before diving into the title question... I'm currently writing a web app in ASP.NET MVC 1.0 (although I do have MVC 2.0 installed on my PC, so I'm not exactly restricted to 1.0) -- I've started with the standard MVC project which has your basic "Welcome to ASP.NET MVC" and shows both the [Home] tab and [About] tab in the upper-right corner. Pretty standard, right? I've added 4 new Controller classes, let's call them "Astronomer", "Biologist", "Chemist", and "Physicist". Attached to each new controller class is the [Authorize] attribute. For example, for the BiologistController.cs [Authorize(Roles = "Biologist,Admin")] public class BiologistController : Controller { public ActionResult Index() { return View(); } } These [Authorize] tags naturally limit which user can access different controllers depending on Roles, but I want to dynamically build a Menu at the top of my website in the Site.Master Page based on the Roles the user is a part of. So for example, if JoeUser was a member of Roles "Astronomer" and "Physicist", the navigation menu would say: [Home] [Astronomer] [Physicist] [About] And naturally, it would not list links to "Biologist" or "Chemist" controller Index page. Or if "JohnAdmin" was a member of Role "Admin", links to all 4 controllers would show up in the navigation bar. Ok, you prolly get the idea... Starting with the answer from this StackOverflow topic about Dynamic Menu building in ASP.NET, I'm trying to understand how I would fully implement this. (I'm a newbie and need a little more guidance, so please bare with me.) The answer proposes Extending the Controller class (call it "ExtController") and then have each new WhateverController inherit from ExtController. My conclusion is that I would need to use Reflection in this ExtController Constructor to determine which Classes and Methods have [Authorize] attributes attached to them to determine the Roles. Then using a Static Dictionary, store the Roles and Controllers/Methods in key-value pairs. I imagine it something like this: public class ExtController : Controller { protected static Dictionary<Type,List<string>> ControllerRolesDictionary; protected override void OnActionExecuted(ActionExecutedContext filterContext) { // build list of menu items based on user's permissions, and add it to ViewData IEnumerable<MenuItem> menu = BuildMenu(); ViewData["Menu"] = menu; } private IEnumerable<MenuItem> BuildMenu() { // Code to build a menu SomeRoleProvider rp = new SomeRoleProvider(); foreach (var role in rp.GetRolesForUser(HttpContext.User.Identity.Name)) { } } public ExtController() { // Use this.GetType() to determine if this Controller is already in the Dictionary if (!ControllerRolesDictionary.ContainsKey(this.GetType())) { // If not, use Reflection to add List of Roles to Dictionary // associating with Controller } } } Is this doable? If so, how do I perform Reflection in the ExtController constructor to discover the [Authorize] attribute and related Roles (if any) ALSO! Feel free to go out-of-scope on this question and suggest an alternate way of solving this "Dynamic Site.Master Menu based on Roles" problem. I'm the first to admit that this may not be the best approach.

  Read the article

• Creation and positioning of dynamic buttons in as3 inside a movie clip.

  - by Vin

  HI Am NEW TO as3 , can any one help me regarding creation of dynamic buttons and assign click events, please view the attachment picture to know my requirements.. http://i39.tinypic.com/9gkmds.jpg Pls guide me done this functionality in as3. Thanks

  Read the article

• Download image file from the HTML page source using python?

  - by Mohit Ranka

  I am writing a scraper that downloads all the image files from a HTML page and saves them to a specific folder. all the images are the part of the HTML page.

  Read the article

• Stopping some sounds from dynamic classes, and exlude some others.

  - by Hwang

  The sound I wanted to stop or play are separates into background music and button sound effect. I know you could use SoundMixer.stopAll() to stop all sound, and some how exclude the bg music, IF everything is written in the same class. But what if the sounds are called from others dynamic classes? How could I target them and exclude the bg Music?

  Read the article

• What is the current state of the art in HTML canvas JavaScript libraries and frameworks?

  - by Toby Hede

  I am currently investigating options for working with the canvas in a new HTML 5 application, and was wondering what is the current state of the art in HTML canvas JavaScript libraries and frameworks? In particular, are there frameworks that support the kind of things needed for game development - complex animation, managing scene graphs, handling events and user interactions? Also willing to consider both commercial and open source products.

  Read the article

• Unobtrusive javascript : <script> at the top or the bottom of the html code ?

  - by e-satis

  I've recently read the Yahoo manifesto Best Practices for Speeding Up Your Web Site. They recommend to put the javascript inclusion at the bottom of the HTML code when we can. But where exactly and when ? Should we put it before closing </html> or after ? And above all, when should we still put it in the <head> section ?

  Read the article

• Why does dynamic array always double by a factor of 2?

  - by Phoenix

  I was wondering how does one decide the resizing factor by which dynamic array resizes ? On wikipedia and else where I have always seen the number of elements being increased by a factor of 2? Why 2? Why not 3? how does one decide this factor ? IF it is language dependent I would like to know this for Java.

  Read the article

• How to convert a dynamic dll to static lib?

  - by xufan

  I write a program helloworld.exe ,it depends on a.dll,I don't have the source code of the a.dll.a.dll is a dynamic dll ,how can i change it to static library?so I can link it to the helloworld.exe.

  Read the article

• can i fetch the xaml button style on my dynamic button?

  - by SHASHANK

  hello all i have a problem i have some dynamic button and i want to put some style on it like my other button(Xaml button).how can i fetch the xaml code using c#?

  Read the article

• How can I retrieve element Id for Strolngly typed ASP.NET MVC HTML helper?

  - by sh1ng

  Hi In my View I'm using jquery ui datapicker. So I need initiate it with code like this $(function() { $('#elementID').datepicker({ }); }); In my View <%= Html.TextBoxFor(m=m.StartDate) % In old ASP.NET I may use tb_startDate.ClientID What is about retrieving element Id of Strongly Typed ASP.NET MVC HTML Helper? Is is possible?

  Read the article

• Weirdness using jquery's .html() function to set <a></a> with a special character &#10003; (checkmar

  - by Sam

  Hey all, I'm trying to have the following tag toggle between a "-" and the checkmark character (✓) <a id='p_4' class='fancy_button orange bls_button' href='#'>-</a> And here's the jquery code: if (button.text() == '-') { button.html('&#10003'); } This works in FF3.6 and IE8, but not in WebKit (Chrome or iPhone safari). Is there something I'm doing wrong, or does webkit just not like .html("✓") Thanks, Sam

  Read the article

• How can I drop table if Entity Mode in Hibernate properties is Dynamic-Map?

  - by divi

  Hi all, My application is creating tables dynamically using entity mode as dynamic-map in hibernate properties. Tables are generally network devices having their attributes as columns of table. Requirement is if device is deleted from database, its table will be deleted. Can i drop table using hibernate tools dynamically?

  Read the article

• Is it safe now to develop web application with HTML 5 specifications?

  - by Morteza M.

  Is it safe now to develop web application with HTML 5 specifications? or should we wait longer for final standards? I want to start developing a new project. I want it to be up to date in every aspects. should I wait more for html 5 or I can start programming based on it?

  Read the article

• How do you set the title attribute of an ASP.NET MVC Html.ActionLink to the generated URL

  - by Keith Hill

  I would like users to be able to see the corresponding URL for an anchor tag generated by Html.ActionLink() when they hover over the link. This is done by setting the title attribute but where I'm stuck is figuring out how to get that value: @Html.ActionLink(@testrun.Name, "Download", "Trx", new { path = @testrun.TrxPath }, new { title = ??) How can I specify the URL that ActionLink is going to generate? I could hardcode something I guess but that violates DRY.

  Read the article

• How to create more than one dynamic grid from a single data source using ASP.net?

  - by Krishnapriya

  Hi, I am a beginner. I want to know how can I create more than one dynamic data grid for a single data source. I need to show duplicate rows separately in different grids. For example If i have 4 duplicate values for ID 1 and 3 duplicate values for ID 2 then ID 1 should be displayed in separate grid and ID 2 should be displayed in separate gris. Reply me ASAP. KP

  Read the article

< Previous Page | 465 466 467 468 469 470 471 472 473 474 475 476  | Next Page >