Search Results

Search found 22416 results on 897 pages for 'url validation'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 48/897 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Globally Handling Request Validation In ASP.NET MVC

    - by imran_ku07
       Introduction:           Cross Site Scripting(XSS) and Cross-Site Request Forgery (CSRF) attacks are one of dangerous attacks on web.  They are among the most famous security issues affecting web applications. OWASP regards XSS is the number one security issue on the Web. Both ASP.NET Web Forms and ASP.NET MVC paid very much attention to make applications build with ASP.NET as secure as possible. So by default they will throw an exception 'A potentially dangerous XXX value was detected from the client', when they see, < followed by an exclamation(like <!) or < followed by the letters a through z(like <s) or & followed by a pound sign(like &#123) as a part of querystring, posted form and cookie collection. This is good for lot of applications. But this is not always the case. Many applications need to allow users to enter html tags, for example applications which uses  Rich Text Editor. You can allow user to enter these tags by just setting validateRequest="false" in your Web.config application configuration file inside <pages> element if you are using Web Form. This will globally disable request validation. But in ASP.NET MVC request handling is different than ASP.NET Web Form. Therefore for disabling request validation globally in ASP.NET MVC you have to put ValidateInputAttribute in your every controller. This become pain full for you if you have hundred of controllers. Therefore in this article i will present a very simple way to handle request validation globally through web.config.   Description:           Before starting how to do this it is worth to see why validateRequest in Page directive and web.config not work in ASP.NET MVC. Actually request handling in ASP.NET Web Form and ASP.NET MVC is different. In Web Form mostly the HttpHandler is the page handler which checks the posted form, query string and cookie collection during the Page ProcessRequest method, while in MVC request validation occur when ActionInvoker calling the action. Just see the stack trace of both framework.   ASP.NET MVC Stack Trace:     System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8723114   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111   System.Web.HttpRequest.get_Form() +129   System.Web.HttpRequestWrapper.get_Form() +11   System.Web.Mvc.ValueProviderDictionary.PopulateDictionary() +145   System.Web.Mvc.ValueProviderDictionary..ctor(ControllerContext controllerContext) +74   System.Web.Mvc.ControllerBase.get_ValueProvider() +31   System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) +53   System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) +109   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +399   System.Web.Mvc.Controller.ExecuteCore() +126   System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +27   ASP.NET Web Form Stack Trace:    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3213202   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108   System.Web.HttpRequest.get_QueryString() +119   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2022776   System.Web.UI.Page.DeterminePostBackMode() +60   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154   System.Web.UI.Page.ProcessRequest() +86                        Since the first responder of request in ASP.NET MVC is the controller action therefore it will check the posted values during calling the action. That's why web.config's requestValidate not work in ASP.NET MVC.            So let's see how to handle this globally in ASP.NET MVC. First of all you need to add an appSettings in web.config. <appSettings>    <add key="validateRequest" value="true"/>  </appSettings>              I am using the same key used in disable request validation in Web Form. Next just create a new ControllerFactory by derving the class from DefaultControllerFactory.     public class MyAppControllerFactory : DefaultControllerFactory    {        protected override IController GetControllerInstance(Type controllerType)        {            var controller = base.GetControllerInstance(controllerType);            string validateRequest=System.Configuration.ConfigurationManager.AppSettings["validateRequest"];            bool b;            if (validateRequest != null && bool.TryParse(validateRequest,out b))                ((ControllerBase)controller).ValidateRequest = bool.Parse(validateRequest);            return controller;        }    }                         Next just register your controller factory in global.asax.        protected void Application_Start()        {            //............................................................................................            ControllerBuilder.Current.SetControllerFactory(new MyAppControllerFactory());        }              This will prevent the above exception to occur in the context of ASP.NET MVC. But if you are using the Default WebFormViewEngine then you need also to set validateRequest="false" in your web.config file inside <pages> element            Now when you run your application you see the effect of validateRequest appsetting. One thing also note that the ValidateInputAttribute placed inside action or controller will always override this setting.    Summary:          Request validation is great security feature in ASP.NET but some times there is a need to disable this entirely. So in this article i just showed you how to disable this globally in ASP.NET MVC. I also explained the difference between request validation in Web Form and ASP.NET MVC. Hopefully you will enjoy this.

    Read the article

  • getting the url of the page and the url of the selected hyperlink

    - by Dan
    Hi This is pretty hard to explain but i'll give it a shot. Working with Safari to create an extension as is now possible with Safari 5 - how would I go about getting the URL of the current page with using JavaScript and the Safari API? I would also like to be able to get a hyperlink that is selected. For instance in Safari when you right click on a hyperlink and it says open in a new tab, open in a window etc - clicking opens that hyperlink. What part of the API is used to get access to the link itself, and how does it know its a link in the first place? I hope thats clear enough. Thanks

    Read the article

  • IIS SEO Toolkit and W3C Validation Service

    One thing that Ive been asked several times about the SEO Toolkit is if it does a full standards validation on the markup and content that is processed, and if not, to add support for more comprehensive standards validation, in particular XHTML and HTML 4.01. Currently the markup validation performed by the SEO Toolkit is really simple, its main goal is to make sure that the markup is correctly organized, for example that things like <b><i>Test</b></i> are not found in the...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • IIS SEO Toolkit and W3C Validation Service

    One thing that Ive been asked several times about the SEO Toolkit is if it does a full standards validation on the markup and content that is processed, and if not, to add support for more comprehensive standards validation, in particular XHTML and HTML 4.01. Currently the markup validation performed by the SEO Toolkit is really simple, its main goal is to make sure that the markup is correctly organized, for example that things like <b><i>Test</b></i> are not found in the...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • MVC 2 Client Side Model Validation with ExtJS

    One of the most exciting new features in MVC 2 is "Enhanced Model Validation support across both server and client"; this new enhanced support allows for client side validation to be dynamically generated into a view from DataAnnotations attributes on models. One minor complaint: Out of the box, it only supports the Microsoft AJAX libraries. Good news: It can use other frameworks, and we have done just that! Ext.ux.MvcFormValidator The MvcFormValidator is an alternative form validation...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Sneak Peek: New ASP.NET Validation Summary Control

    Check out this image of our upcoming ASP.NET validation summary control, ASPxValidationSummary: ASPxValidationSummary Benefits This new control helps you summarize validation errors from multiple controls and then displays them in a single block. This allows you to organize screen space more effectively if validation is required for several editors. Error entries can be displayed as a table, bulleted or ordered list. And each entry can be presented as a link that moves focus to the corresponding...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • MVC 2 Client Side Model Validation with ExtJS

    One of the most exciting new features in MVC 2 is "Enhanced Model Validation support across both server and client"; this new enhanced support allows for client side validation to be dynamically generated into a view from DataAnnotations attributes on models. One minor complaint: Out of the box, it only supports the Microsoft AJAX libraries. Good news: It can use other frameworks, and we have done just that! Ext.ux.MvcFormValidator The MvcFormValidator is an alternative form validation...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Rewriting URL's in codeigniter with url_title()?

    - by Craig Ward
    I am rewriting my website with codeigniter and have something I want to do but not sure it is possible. I have a gallery on my site powered by the Flickr API. Here is an example of the code I use to display the Landscape pictures: <?php foreach ($landscapes->photoset->photo as $l->photoset->photo) : ?> <a >photoset->photo->farm ?>/<?php echo $l->photoset->photo->server ?>/<?php echo $l->photoset->photo->id ?>/<?php echo $l->photoset->photo->secret ?>/<?php echo $l->photoset->photo->title ?>'> <img class='f_thumb'>photoset->photo->farm ?>.static.flickr.com/<?php echo $l->photoset->photo->server ?>/<?php echo $l->photoset->photo->id ?>_<?php echo $l->photoset->photo->secret ?>_s.jpg' title='<?php echo $l->photoset->photo->title ?>' alt='<?php echo $l->photoset->photo->title ?>' /></a> <?php endforeach; ?> As you can see when a user clicks on a picture I pass over the Farm, Server, ID, Secret and Title elements using URI segments and build the page in the controller using $data['farm'] = $this->uri->segment(3); $data['server'] = $this->uri->segment(4); $data['id'] = $this->uri->segment(5); $data['secret'] = $this->uri->segment(6); $data['title'] = $this->uri->segment(7); Everything works and is fine but the URL’s are a tad long, example “http://localhost:8888/wip/index.php/gallery/focus/3/2682/4368875046/e8f97f61d9/Old Mill House in Donegal” Is there a way to rewrite the URL so its more like “http://localhost:8888/wip/index.php/gallery/focus/Old_Mill_House_in_Donegal” I was looking at using: $url_title = $this->uri->segment(7); $url_title = url_title($url_title, 'underscore', TRUE); But I don’t seem to be able to get it to work. Any ideas?

    Read the article

  • Convert input to integer before save in rails

    - by Micke
    Hello, i have a set of select inputs representing a users birthday: birthyear, birthmonth and birthday. And i want to validate birthyear like this: validates_inclusion_of :birthyear, :in => Date.today.year-50..Date.today.year-12 So the user can be at least 12 years but at most 50 years when they are registering. But my problem is that the variable from the input is a string and not an integer. So how can i convert the input to an integer? or is there any easier way to check the users age? Thanks, Micke

    Read the article

  • validates_associated in production

    - by Rien
    Hi all. Imagine a simple model. class Service belongs_to :user validates_associated :user accepts_nested_attributes_for :user end Nothing special right? The validations on the associated User model trigger correctly in development mode. But don't do anything in production. I've added a validates_on_presence :user just like the docs say. This triggers when there's no User associated with the Service, but fill in one thing on the User model and nothing happens! It's driving me up the walls. Am I overlooking something? More info about the MVC: I use formtastic for the forms. Thanks!

    Read the article

  • recaptcha asp.net always returns invalid

    - by Curtis White
    The reCaptcha example for ASP.NET does not seem to work. I followed the instructions but it always returns false, "The verification words are incorrect.". The entries are good. I'm using localhost as the site but am not getting any public/private key errors which I did get when adding a bad key (as a test). I've seen this error reported a lot but no good answers. Some suggest to call the validate on the control before checking to see if it is valid but this did not work for me.

    Read the article

  • Drupal with clean urls turned on is putting question marks in URL

    - by aussiegeek
    I have a drupal site with clean urls, the pages load correctly, but then the URL is rewritten, which I really don't to happen. My .htaccess is: <IfModule mod_rewrite.c> RewriteEngine on # If your site can be accessed both with and without the 'www.' prefix, you # can use one of the following settings to redirect users to your preferred # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option: # # To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # adapt and uncomment the following: # RewriteCond %{HTTP_HOST} ^example\.com$ [NC] # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] # # To redirect all users to access the site WITHOUT the 'www.' prefix, # (http://www.example.com/... will be redirected to http://example.com/...) # uncomment and adapt the following: # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301] # Modify the RewriteBase if you are using Drupal in a subdirectory or in a # VirtualDocumentRoot and the rewrite rules are not working properly. # For example if your site is at http://example.com/drupal uncomment and # modify the following line: # RewriteBase /drupal # # If your site is running in a VirtualDocumentRoot at http://example.com/, # uncomment the following line: RewriteBase / # Rewrite URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_URI} !(connect|administration) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] </IfModule>

    Read the article

  • Apache multiple URL to one domain redirect

    - by Christian Moser
    For the last two day, I've been spending a lot of time to solve my problem, maybe someone can help me. Problem: I need to redirect different url's to one tomcat webbase-dir used for artifactory. following urls should point to the tomcat/artifactory webapp: maven-repo.example.local ; maven-repo.example.local/artifactory ; srv-example/artifactory Where maven-repo.example.local is the dns for the server-hostname: "srv-example" I'm accessing the tomcat app through the JK_mod module. The webapp is in the ROOT directory This is what I've got so far: <VirtualHost *:80> #If URL contains "artifactory" strip down and redirect RewriteEngine on RewriteCond %{HTTP_HOST} ^\artifactory\$ [NC] # (how can I remove 'artifactory' from the redirected parameters? ) RewriteRule ^(.*)$ http://maven-repo.example.local/$1 [R=301,L] ServerName localhost ErrorLog "logs/redirect-error_log" </VirtualHost> <VirtualHost *:80> ServerName maven-repo.example.local ErrorLog "logs/maven-repo.example.local-error.log" CustomLog "logs/maven-repo.example.local-access.log" common #calling tomcat webapp in ROOT JkMount /* ajp13w </VirtualHost> The webapp is working with "maven-repo.example.local", but with "maven-repo.example.local/artifactory" tomcat gives a 404 - "The requested resource () is not available." It seems that the mod_rewrite doesn't have taken any effect, even if I redirect to another page, e.g google.com I'm testing on windows 7 with maven-repo.example.local added in the "system32/drivers/hosts" file Thanks in advance!

    Read the article

  • Web Hosting URL Length Limit?

    - by Isaac Waller
    Hello, I am designing a web application which is a tie in to my iPhone application. It sends massively large URLs to the web server (15000 about.) I was using NearlyFreeSpeech.net, but they only support URLS up to 2000 characters. I was wondering if anybody knows of web hosting that will support really large URLs? Thanks, Isaac Edit: My program needs to open a picture in Safari. I could do this 2 ways: send it base64 encoded in the URL and just echo the query parameters. first POST it to the server in my application, then the server would send back a unique ID after storing the photo in a database, which I would append to a URL which I would open in Safari which retrieved the photo from the database and delete it from the database. You see, I am lazy, and I know Mobile Safari can support URI's up to 80 000 characters, so I think this is a OK way to do it. If there is something really wrong with this, please tell me. Edit: I ended up doing it the proper POST way. Thanks.

    Read the article

  • modx friendly urls nginx FPM php5.3 - friendly url's not working

    - by okdan
    Hi, Im using php5.3 on nginx 0.8.53 with FPM on Modx revolution. Im trying to get "friendly url's" to work, but all I get is 404's. In modx config, friendly url's is set to yes, friendly aliases is set to no (so it drops the suffix) My config file: server { listen 80; server_name .mydomain.net; # index index.php; root /home/mylogin/htdocs; location / { index index.php index.html; if (!-e $request_filename) { rewrite ^/(.*)$ /index.php?q=$1 last; } } # serve static files directly location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico)$ { root /home/mylogin/htdocs; access_log off; expires 30d; break; } } Fast CGI modx file: fastcgi_connect_timeout 60; fastcgi_send_timeout 300; fastcgi_buffers 4 32k; fastcgi_busy_buffers_size 32k; fastcgi_temp_file_write_size 32k; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_ignore_client_abort on; fastcgi_intercept_errors on; fastcgi_read_timeout 300; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param REDIRECT_STATUS 200;

    Read the article

  • JSF - Prevent validationFailed when raising a WARN ValidatorException

    - by Sébastien Tromp
    Hello, I have a form which uses validators for its fields. These validators can send back either Severity.SEVERITY_ERROR or Severity.SEVERITY_WARN messages, as illustrated: if (!isInMainFamily) { FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_WARN, "You should make sure to tag your competency in at least one main category", null); throw new ValidatorException(message); } However, SEVERITY_WARN messages are not blocking for me. They are just a way to tell the user they should correct their input, but won't prevent them from submitting the form and saving their data. However, it seems that throwing any kind of ValidatorException flags the FacesContext as "validationFailed", which then prevents the submission of the form. Is there a way to get around this? Or am I misunderstanding something? Thanks a lot for your help, Sébastien

    Read the article

  • Validate a number between 10 and 11 characters in length

    - by Montana Flynn
    I am using javascript (and PHP) to validate a simple form with a phone number field. I have it working fine checking that the field has only 10 characters, but I really want to check if the field has between 10 and 11 characters. Reason being, some people type numbers like so: 1 555 555 5555 and some people do this 555 555 5555. Here is what I have that works for checking if the length is 10: if (!(stripped.length == 10)) { alert("Please enter a valid US phone number.") return false }

    Read the article

  • Does DataType DataAnnotation Check the Expression?

    - by Jason
    I am currently using DataAnnotations within my ASP.NET MVC website to ensure data is properly validated. One question I wanted to verify (I think I know the answer, but I can't find verification online) - does the DataType DataAnnotation perform regular expression checks to ensure that you have received a valid e-mail/phone/currency/etc? [Required(ErrorMessage = "Price required")] [DataType(DataType.Currency, ErrorMessage = "Not a valid price")] [Range(0, double.MaxValue, ErrorMessage = "Price must be greater than 0.")] public decimal Price { get; set; } I believe the answer is no (meaning I have to provide my own, custom, RegularExpressionAttribute), but I wanted to double check before I do that for various field types.

    Read the article

  • Designing Business Objects to indicate constraints such as Max Length

    - by JR
    Is there a standard convention when designing business objects for providing consumers with a way to discover constraints such as a property's maximum length? It could be used up in the UI layer to, for example, set a Textbox's MaxLength property according to the maximum length limit back in the business object. Is there a standard design approach for this?

    Read the article

  • Validate site/domain via javascript

    - by Chez
    I have a standard html form where the user can specify a website/domain: favourite website: [ ] I expect the user to type things like: [www.google.com] [www.yahoo.com] [www.example.co.jp] I want to validate the domain/site via javascript so if a user had typed something wrong: [www...google.com] [www.-example.com] I tell them straight away. Can anybody post this javascript ? Alternatively can anybody point me to a site where I can look at their javascript ? Many Thanks

    Read the article

  • .NET IsValidXml Extension Method Performance

    - by tyndall
    I have a legacy application that I inherited that passes a lot of XML around as Strings. I often need the ability to check if a String will be valid XML. What is the fastest and least expensive way to check if a string is valid XML in .NET? I'm working in .NET 3.5 and would most likely use this as an extension method (off of string) in this one project within the solution.

    Read the article

  • Credit Card checksums and validations that do not require connection to the financial institution

    - by cjavapro
    The validations I know of are: Checksum the whole card number should add up to zero. (range is 0-9) Check the first digit(s) against the card type Check the length against the card type Check the CCV length against the card type (I think all the major types are 3 anyway) Of course make sure it is accepted card type as well as non expired. Are there any other validations :) (I expect many folks did not know about all of these) The reason I ask is because I overheard there was one to checksum number against expiration or CCV.. I just wanted to check.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >