Search Results

Search found 1496 results on 60 pages for 'adam hart'.

Page 56/60 | < Previous Page | 52 53 54 55 56 57 58 59 60  | Next Page >

• Rename "Event" object in jQuery FullCalendar plug-in

  - by Jeff

  GREAT PLUGIN!!! BUT... choice of word "Event" to mean a "calendar entry" was particularly unfortunate This is a wonderfully well-written plug in, and I've really impressed people here at work with what this thing can do. The documentation is astonishingly thorough and clear. Congratulations to Adam! HOWEVER, this plug-in refers to entries in the calendar as "Events" -- this has caused a lot of confusion in my development team's conversations, because when we use the word "Event" we think of things like onmouseover, click, etc. We would really prefer a term like CalendarEvent or CalendarEntry. I am not all that experienced with jQuery yet, so am wondering if there is a simple way to alias one of those terms to this plug-in's Event/Events object? (I know we could recode the plug-in directly, but our code will then break when we download an update.) Thanks!

  Read the article

• How to get element order number

  - by martin-masiar

  Hello everyone, how can i get order number of some element by javascript/jquery? <ul> <li>Anton</li> <li class="abc">Victor</li> <li class="abc">Simon</li> <li>Adam</li> <li>Peter</li> <li class="abc">Tom</li> </ul> There is 3xli with abc class. Now I need to get order(sequence) number of Simon li. Thanks in advance

  Read the article

• eclipse plugin not loading dll due to long path

  - by user113018

  I am building an eclipse plugin (a notes plugin, but its a eclipse plugin in the end). One of the plugins my plugin depends on needs to load a native dll. The problem is, that fails depending on where in the disk such dll is. If it is longer than a certain threshold I get the error below java.lang.UnsatisfiedLinkError: nlsxbe (The filename or extension is too long. ) at java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:952) at java.lang.ClassLoader.loadLibraryWithClassLoader(ClassLoader.java:921) at java.lang.System.loadLibrary(System.java:452) at lotus.domino.NotesThread.load(Unknown Source) at lotus.domino.NotesThread.checkLoaded(Unknown Source) at lotus.domino.NotesThread.sinitThread(Unknown Source) at com.atempo.adam.lotus.plugin.views.TopicView.createPartControl(TopicView.java:609) I have added the path to Path env var, and also registered the dll to no avail. My env is Ms vista profesional, java1.5, eclipse3.4 (and lotus 8) Anyone out there have a clue? Many thanks in advance.

  Read the article

• D3.js binding an object to data and appending for each key

  - by frshca

  I'm a D3.js newbie and I'm learning how to play around with data. Let's say I have an object with names as keys, and each key has an array of numbers like this: var userdata = { 'John' : [0, 1, 3, 9, 8, 7], 'Harry': [0, 10, 7, 1, 1, 11], 'Steve': [3, 1, 4, 4, 4, 17], 'Adam' : [4, 77, 2, 13, 11, 13] }; For each user, I would like to append an SVG object and then plot the line with the array of values for that user. So here is my assumption of how that would look based on tutorials, but I know it is incorrect. This is to show my limited knowledge and give better understanding of what I'm doing: First I should create the line var line = d3.svg.line().interpolate('basis'); Then I want to bind the data to my body and append an svg element for each key: d3.select('body') .selectAll('svg') .data(userdata) .enter() .append('svg') .append(line) .x(function(d, i) { return i; }) .y(function(d) { return d[i]; }); So am I close??

  Read the article

• Node.js vs PHP processing speed

  - by Cody Craven

  I've been looking into node.js recently and wanted to see a true comparison of processing speed for PHP vs Node.js. In most of the comparisons I had seen, Node trounced Apache/PHP set ups handily. However all of the tests were small 'hello worlds' that would not accurately reflect any webpage's markup. So I decided to create a basic HTML page with 10,000 hello world paragraph elements. In these tests Node with Cluster was beaten to a pulp by PHP on Nginx utilizing PHP-FPM. So I'm curious if I am misusing Node somehow or if Node is really just this bad at processing power. Note that my results were equivalent outputting "Hello world\n" with text/plain as the HTML, but I only included the HTML as it's closer to the use case I was investigating. My testing box: Core i7-2600 Intel CPU (has 8 threads with 4 cores) 8GB DDR3 RAM Fedora 16 64bit Node.js v0.6.13 Nginx v1.0.13 PHP v5.3.10 (with PHP-FPM) My test scripts: Node.js script var cluster = require('cluster'); var http = require('http'); var numCPUs = require('os').cpus().length; if (cluster.isMaster) { // Fork workers. for (var i = 0; i < numCPUs; i++) { cluster.fork(); } cluster.on('death', function (worker) { console.log('worker ' + worker.pid + ' died'); }); } else { // Worker processes have an HTTP server. http.Server(function (req, res) { res.writeHead(200, {'Content-Type': 'text/html'}); res.write('<html>\n<head>\n<title>Speed test</title>\n</head>\n<body>\n'); for (var i = 0; i < 10000; i++) { res.write('<p>Hello world</p>\n'); } res.end('</body>\n</html>'); }).listen(80); } This script is adapted from Node.js' documentation at http://nodejs.org/docs/latest/api/cluster.html PHP script <?php echo "<html>\n<head>\n<title>Speed test</title>\n</head>\n<body>\n"; for ($i = 0; $i < 10000; $i++) { echo "<p>Hello world</p>\n"; } echo "</body>\n</html>"; My results Node.js $ ab -n 500 -c 20 http://speedtest.dev/ This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking speedtest.dev (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Finished 500 requests Server Software: Server Hostname: speedtest.dev Server Port: 80 Document Path: / Document Length: 190070 bytes Concurrency Level: 20 Time taken for tests: 14.603 seconds Complete requests: 500 Failed requests: 0 Write errors: 0 Total transferred: 95066500 bytes HTML transferred: 95035000 bytes Requests per second: 34.24 [#/sec] (mean) Time per request: 584.123 [ms] (mean) Time per request: 29.206 [ms] (mean, across all concurrent requests) Transfer rate: 6357.45 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 0 0.2 0 2 Processing: 94 547 405.4 424 2516 Waiting: 0 331 399.3 216 2284 Total: 95 547 405.4 424 2516 Percentage of the requests served within a certain time (ms) 50% 424 66% 607 75% 733 80% 813 90% 1084 95% 1325 98% 1843 99% 2062 100% 2516 (longest request) PHP/Nginx $ ab -n 500 -c 20 http://speedtest.dev/test.php This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking speedtest.dev (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Finished 500 requests Server Software: nginx/1.0.13 Server Hostname: speedtest.dev Server Port: 80 Document Path: /test.php Document Length: 190070 bytes Concurrency Level: 20 Time taken for tests: 0.130 seconds Complete requests: 500 Failed requests: 0 Write errors: 0 Total transferred: 95109000 bytes HTML transferred: 95035000 bytes Requests per second: 3849.11 [#/sec] (mean) Time per request: 5.196 [ms] (mean) Time per request: 0.260 [ms] (mean, across all concurrent requests) Transfer rate: 715010.65 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 0 0.2 0 1 Processing: 3 5 0.7 5 7 Waiting: 1 4 0.7 4 7 Total: 3 5 0.7 5 7 Percentage of the requests served within a certain time (ms) 50% 5 66% 5 75% 5 80% 6 90% 6 95% 6 98% 6 99% 6 100% 7 (longest request) Additional details Again what I'm looking for is to find out if I'm doing something wrong with Node.js or if it is really just that slow compared to PHP on Nginx with FPM. I certainly think Node has a real niche that it could fit well, however with these test results (which I really hope I made a mistake with - as I like the idea of Node) lead me to believe that it is a horrible choice for even a modest processing load when compared to PHP (let alone JVM or various other fast solutions). As a final note, I also tried running an Apache Bench test against node with $ ab -n 20 -c 20 http://speedtest.dev/ and consistently received a total test time of greater than 0.900 seconds.

  Read the article

• VBScript + Regular Expressions

  - by Karthik

  Dim sString sString = "John;Mary;Anne;Adam;Bill;Ester" Is there a regex I can use to retrieve the following from the above list: John (; at the end of the name) Anne (; at the beginning and end) Ester (; at the beginning) I am currently using the following regex for each: 1. Joh.* 2. .*An.* 3. .*st.* But, the above retrieves the entire string instead of the values I want. How can I get the correct values? Code: Dim oRegex : Set oRegex = New RegExp oRegex.Global = False oRegex.IgnoreCase = False 'John oRegex.Pattern = "Joh.*" Set oMatch = oRegex.Execute(sString) sName = oMatch(0) The above code retrieves the entire string, instead of only John. Same issue with the others :(

  Read the article

• setaccesscontrol throws Attempted to perform unauthorized operation

  - by Darqer

  I have ws2008 (i think that the same trouble can take place on windows vista), it is joined to the domain. I run following code: DirectorySecurity ds = Directory.GetAccessControl( "c:\\windows\\ADAM" ); ds.AddAccessRule( new FileSystemAccessRule( "domainName\\user", FileSystemRights.Read | FileSystemRights.ListDirectory, AccessControlType.Allow ) ); Directory.SetAccessControl( configurationDirectory, ds ); I'm logged as domain administrator and I get following error: Attempted to perform unauthorized operation. Some User should have access to *exe available in this directory. What can I do to achieve it?

  Read the article

• Help me finding dependency list.

  - by Pearl

  I have two table employee table and employee dependency table. Employee tooks like below. insert into E values(1,'Adam') insert into E values(2,'Bob') insert into E values(3,'Candy') insert into E values(4,'Doug') insert into E values(5,'Earl') insert into E values(6,'Fran') Employee dependency table looks like below insert into Ed values(3,'2') insert into Ed values(3,'5') insert into Ed values(2,'1') insert into Ed values(2,'4') insert into Ed values(5,'6') I need to find the dependency list like below Eid Ename Dname 3 Candy Bob,Fran Please help me finding the above.

  Read the article

• SDP media field format

  - by TacB0sS

  Hey, I would like to create a SDP media field with its attributes, and there are a few things I don't understand. I've skimmed and read the relevant RFC and I understand most of what each field means, but what I don't understand is how do I derive from the Audio/Video Format of the JMF, which parameters of the format compose the rtpmap registry entries I need to use. I see many times the fields m=audio 12548 RTP/AVP 0 8 101 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=silenceSupp:off - - - - a=ptime:20 a=sendrecv these are received from the pbx server I'm connecting to, what do they mean in the terms of the JMF audio format properties. (I do understand these are standard audio format commonly used in telecommunication) UPDATE: I was more wondering about the format parameter '0 8 101' at the end of m=audio 12548 RTP/AVP 0 8 101 Thanks in advance, Adam Zehavi.

  Read the article

• cc.net dynamic paramaters in publisher block

  - by aseabridge

  I am Using CC.Net to run an .exe file after project build is complete and need to pass the project name, publish date/time and user on the command line as paramaters to the .exe. However I can't get cc.net to recognise these a dynamic properties and replace them with the correct values. Any ideas? <publishers><exec executable="C:\MyApp.exe"></exec><buildArgs>"$[$CCNetProject]" "$[$CCNetBuildDate]" "$[$CCNetBuildTime]" "$[$CCNetUser]"</buildArgs><buildTimeoutSeconds>30</buildTimeoutSeconds></publishers> Thanks in advance for the help. Adam

  Read the article

• How to write "good" user interface texts?

  - by Roddy

  Many applications are let down by the quality of the 'writing' in their user interfaces: typically, poor spelling, grammar, inconsistent tone, and worse yet, "humour" are the usual offenders. Are there good resources that can help developers to write UI messages that give a professional and positive impression to your customers, even when your code's going to hell in a handcart? Thanks, all — Some great resources here, so I will CW this question. I'm accepting Adam Sill's answer because it's the one that (as a developer of desktop apps) I found most pertinent.

  Read the article

• Small methods - Small sprocs

  - by Berlioz

  Uncle Bob recommends having small methods. Do stored procedures have an ideal size? Or can they run on for 100's and 100's of lines long? Also does anyone have anything to say about where to place business logic. If located in stored procedures, the database is being used as data processing tier. If you read Adam Machanic, his bias is toward the database, does that imply long stored procedures that only the author of the sproc understands, leaving maintainers to deal with the mess? I guess there is two inter-related questions, somehow. Thanks in advance for responding to a fuzzy question(s).

  Read the article

• WCF - (Custom) binary serialisation.

  - by Barguast

  I want to be able to query my database over the web, and I am wanting to use a WCF service to handle the requests and results. The problem is that due to the amount of data that can potentially be returned from these queries, I'm worried about how these results will be serialised over the network. For example, I can imagine the XML serialisation looking like: <Results> <Person Name="Adam" DateOfBirth="01/02/1985" /> <Person Name="Bob" DateOfBirth="04/07/1986" /> </Results> And the binary serialisation containing types names and other (unnecessary) metadata. Perhaps even the type name for each element in a collection? o_o Ideally, I'd like to perform the serialisation of certain 'DataContract'-s myself so I can make it super-compact. Does anyone know if this is possible, or of any articles which explain how to do custom serialisation with WCF? Thanks in advance

  Read the article

• Visual Studios Team System 2008 Code Coverage Window Closes

  - by ThoughtCrhyme

  Trying to run the code coverage tool in Visual Studios for a set of unit tests. Adam from Think First, Code Later has had the same problem: I wanted to get the code coverage metrics for the project. Naturally, I fire up the solution in Visual Studio 2008, go to the Test menu, click Edit Test Run Configurations, and click Local Test Run. I then click Code Coverage to turn on code coverage for a given assembly and POOF the Local Test Run Configraution window just disappears. He recommends installing this hotfix to fix the problem, however a) when I run that hotfix I get the message “None of the products that are addressed by this software update are installed on this computer. Click Cancel to exit setup.” and b) there is no Silverlight in our solution. Any other ideas for a fix?

  Read the article

• Lua: Why changing value on one variable changes value on an other one too?

  - by user474563

  I think that running this code you will get excactly what I mean. I want to register 5 names to a register(people). I loop 5 times and in each loop I have a variable newPerson which is supposed to save all information about a person and then be added to the people register. In this example only the names of the people are being registered for simplicity. The problem is that in the end all people turn to have the same name: "Petra". I playied a bit with this but can't get a reasonable reason for this behaviour. Help appreciated! local people={} local person={ name="Johan", lastName="Seferidis", class="B" } local names={"Markus", "Eva", "Nikol", "Adam", "Petra"} --people to register for i=1, 5 do --register 5 people local newPerson=person local name=names[i] for field=1, 3 do --for each field(name, lastname, class) if field==1 then newPerson["name"]=name end --register name end people[i]=newPerson end print("First person name: " ..people[1]["name"]) print("Second person name: "..people[2]["name"]) print("Third person name: " ..people[3]["name"])

  Read the article

• Exporting Eclipse project with a reference to native library

  - by TacB0sS

  I have an Eclipse project, that uses JMF, I found out I could skip the JMF installation process and still to use the CaptureDeviceManager of the JMF, and to receive the list of devices if I could point my project to the native lib of the JMF. I've managed to add the native lib to the IDE run/debug, but once I export the application to an external runnable Jar, the application cannot find the native lib. the files are located in c:\JMF*.dll I tried to add the folder path to the environment variable in windows - didn't work. I tried to add them into another Jar and add it to the project - didn't work. I tried to add the files into the project - didn't work. I tried to add the path to the class path - didn't work. I tried to add the path to the library path - didn't work. does someone have any sort of a solution? Thanks in advance, Adam Zehavi.

  Read the article

• Remove Duplicates from JavaScript Array

  - by kramden88

  This seems like such a simple need but I've spent an inordinate amount of time trying to do this to no avail. I've looked at other questions on SO and I haven't found what I need. I have a very simple JavaScript array such as peoplenames = new Array("Mike","Matt","Nancy","Adam","Jenny","Nancy","Carl"); that may or may not contain duplicates and I need to simply remove the duplicates and put the unique values in a new array. That's it. I could point to all the codes that I've tried but I think it's useless because they don't work. If anyone has done this and can help me out I'd really appreciate it. JavaScript or jQuery solutions are both acceptable.

  Read the article

• php / mysql - select id from one table excepting ids which are in second table

  - by John

  hello. for example i have 2 tables: 1 . users: id Name 1 Mike 2 Adam 3 Tom 4 John 5 Andy 6 Ray 2 . visits: userID date 1 ... 3 ... 6 ... i want to make a page which can be visited once in 12 hours, when user visits that page his id is included in database ( visits ), how i can select all users ( from database users) excepting users who visited page in <= 12 hours ( users from database visits )?

  Read the article

• How do you filter an NSMutable Array that contains core data?

  - by James

  I have an array that it is populated by core data as follows. NSMutableArray *mutableFetchResults = [CoreDataHelper getObjectsFromContext:@"Spot" :@"Name" :YES :managedObjectContext]; It looks like this in the console. (entity: Spot; id: 0x4b7e580 ; data: { CityToProvince = 0x4b7dbd0 ; Description = "Friend"; Email = "[email protected]"; Age = 21; Name = "Adam"; Phone = "+44175240"; }), How can i filter the array to remove anyone who is over a certain age? or use values in the array to make calculations? Please help i have been stuck for ages on this. Code would be gratefully appreciated.

  Read the article

• How to write "good" user interface text?

  - by Roddy

  Many applications are let down by the quality of the 'writing' in their user interfaces: typically, poor spelling, grammar, inconsistent tone, and worse yet, "humour" are the usual offenders. Are there good resources that can help developers to write UI messages that give a professional and positive impression to your customers, even when your code's going to hell in a handcart? Thanks, all — Some great resources here, so I will CW this question. I'm accepting Adam Sill's answer because it's the one that (as a developer of desktop apps) I found most pertinent.

  Read the article

• How do I get the current location of an iframe?

  - by studiothat

  I have built a basic data entry application allowing users to browse external content in iframe and enter data quickly from the same page. One of the data variables is the URL. Ideally I would like to be able to load the iframes current url into a textbox with javascript. I realize now that this is not going to happen due to security issues. Has anyone done anything on the server side? or know of any .Net browser in browser controls. The ultimate goal is to just give the user an easy method of extracting the url of the page they are viewing in the iframe It doesn't necessarily HAVE to be an iframe, a browser in the browser would be ideal. Thanks, Adam

  Read the article

• Multi join query returns to many results and improperly matched

  - by Woot4Moo

  I have the following minimal schema in Oracle: http://sqlfiddle.com/#!4/c1ed0/14 The queries I have run yield too many results and this query: select cat.*, status.*, source.* from cats cat, status status, source source Left OUTER JOIN source source2 on source2.sourceid = 1 Right OUTER JOIN status status2 on status2.isStray =0 order by cat.name will yield incorrect results. What I am expecting is a table that looks like the following however I cannot seem to come up with the correct SQL. NAME AGE LENGTH STATUSID CATSOURCE ISSTRAY SOURCEID CATID Adam 1 25 null null null 1 2 Bill 5 1 null null null null null Charles 7 5 null null null null null Steve 12 15 1 1 1 1 1 In plain English what I am looking for is to return all known cats + their associated cat source + their cat status while retaining null values. The only information I will have is the source that I am curious about. I also only want the cats that have a status of either STRAY or UNKNOWN (null)

  Read the article

• FtpWebResponse and StreamReader - specifying an offset

  - by AJ

  Hi, I am using the FtpWebRequest / FtpWebResponse objects in C# to download files from a server - so far, so good. I create a StreamReader object from the response stream and use a StreamWriter to create a local file. Now, the file I am reading happens to be in a very simple 'archive' format - there is a small TOC at the start of the file followed by the actual file data. I can therefore read the TOC and get a file offset and size of the data I want to download. My question is: Supposing the offset is 1024. I would use StreamReader.Read(buffer, 1024, length), but will .NET and the FTP protocol actually allow me to skip bytes 0-1023, or does the reader still go through the (relatively) slow process of downloading and discarding the bytes I don't need? This may make the difference between whether I want to use a single archive file, or a TOC file with the data files stored separately. As a bit of a secondary question, would my mileage vary using the Http classes instead of Ftp? Cheers, Adam

  Read the article

• Accessing elements from an array in objective c

  - by James

  I am trying to access individual elements of my array. This is an example of the contents of the array i am trying to access. <City: 0x4b77fd0> (entity: Spot; id: 0x4b7e580 <x-coredata://D902D50B-C945-42E2-8F71-EDB62222C0A7/Spot/p5> ; data: { CityToProvince = 0x4b7dbd0 <x-coredata://D902D50B-C945-42E2-8F71-EDB62222C0A7/County/p15>; Description = "Friend"; Email = "[email protected]"; Age = 21; Name = "Adam"; Phone = "+44175240"; }), The elements i am trying to access are Name, Phone, etc ... How would i go about doing this?

  Read the article

• Wishful Thinking: Why can't HTML fix Script Attacks at the Source?

  - by Rick Strahl

  The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as input for listings. The first line of defense of course is: Just say no to HTML input from users. If you don't allow HTML input directly and use HTML Encoding (HttyUtility.HtmlEncode() in .NET or using standard ASP.NET MVC output @Model.Content) you're fairly safe at least from the HTML input provided. Both WebForms and Razor support HtmlEncoded content, although Razor makes it the default. In Razor the default @ expression syntax:@Model.UserContent automatically produces HTML encoded content - you actually have to go out of your way to create raw HTML content (safe by default) using @Html.Raw() or the HtmlString class. In Web Forms (V4) you can use:<%: Model.UserContent %> or if you're using a version prior to 4.0:<%= HttpUtility.HtmlEncode(Model.UserContent) %> This works great as a hedge against embedded <script> tags and HTML markup as any HTML is turned into text that displays as HTML but doesn't render the HTML. But it turns any embedded HTML markup tags into plain text. If you need to display HTML in raw form with the markup tags rendering based on user input this approach is worthless. If you do accept HTML input and need to echo the rendered HTML input back, the task of cleaning up that HTML is a complex task. In the projects I work on, customers are frequently asking for the ability to post raw HTML quite frequently.  Almost every app that I've built where there's document content from users we start out with text only input - possibly using something like MarkDown - but inevitably users want to just post plain old HTML they created in some other rich editing application. See this a lot with realtors especially who often want to reuse their postings easily in multiple places. In my work this is a common problem I need to deal with and I've tried dozens of different methods from sanitizing, simple rejection of input to custom markup schemes none of which have ever felt comfortable to me. They work in a half assed, hacked together sort of way but I always live in fear of missing something vital which is *really easy to do*. My Wishlist Item: A <restricted> tag in HTML Let me dream here for a second on how to address this problem. It seems to me the easiest place where this can be fixed is: In the browser. Browsers are actually executing script code so they have a lot of control over the script code that resides in a page. What if there was a way to specify that you want to turn off script code for a block of HTML? The main issue when dealing with HTML raw input isn't that we as developers are unaware of the implications of user input, but the fact that we sometimes have to display raw HTML input the user provides. So the problem markup is usually isolated in only a very specific part of the document. So, what if we had a way to specify that in any given HTML block, no script code could execute by wrapping it into a tag that disables all script functionality in the browser? This would include <script> tags and any document script attributes like onclick, onfocus etc. and potentially also disallow things like iFrames that can potentially be scripted from the within the iFrame's target. I'd like to see something along these lines:<article> <restricted allowscripts="no" allowiframes="no"> <div>Some content</div> <script>alert('go ahead make my day, punk!");</script> <div onfocus="$.getJson('http://evilsite.com/')">more content</div> </restricted> </article> A tag like this would basically disallow all script code from firing from any HTML that's rendered within it. You'd use this only on code that you actually render from your data only and only if you are dealing with custom data. So something like this:<article> <restricted> @Html.Raw(Model.UserContent) </restricted> </article> For browsers this would actually be easy to intercept. They render the DOM and control loading and execution of scripts that are loaded through it. All the browser would have to do is suspend execution of <script> tags and not hookup any event handlers defined via markup in this block. Given all the crazy XSS attacks that exist and the prevalence of this problem this would go a long way towards preventing at least coded script attacks in the DOM. And it seems like a totally doable solution that wouldn't be very difficult to implement by vendors. There would also need to be some logic in the parser to not allow an </restricted> or <restricted> tag into the content as to short-circuit the rstricted section (per James Hart's comment). I'm sure there are other issues to consider as well that I didn't think of in my off-the-back-of-a-napkin concept here but the idea overall seems worth consideration I think. Without code running in a user supplied HTML block it'd be pretty hard to compromise a local HTML document and pass information like Cookies to a server. Or even send data to a server period. Short of an iFrame that can access the parent frame (which is another restriction that should be available on this <restricted> tag) that could potentially communicate back, there's not a lot a malicious site could do. The HTML could still 'phone home' via image links and href links potentially and basically say this site was accessed, but without the ability to run script code it would be pretty tough to pass along critical information to the server beyond that. Ahhhh… one can dream… Not holding my breath of course. The design by committee that is the W3C can't agree on anything in timeframes measured less than decades, but maybe this is one place where browser vendors can actually step up the pressure. This is something in their best interest to reduce the attack surface for vulnerabilities on their browser platforms significantly. Several people commented on Twitter today that there isn't enough discussion on issues like this that address serious needs in the web browser space. Realistically security has to be a number one concern with Web applications in general - there isn't a Web app out there that is not vulnerable. And yet nothing has been done to address these security issues even though there might be relatively easy solutions to make this happen. It'll take time, and it's probably not going to happen in our lifetime, but maybe this rambling thought sparks some ideas on how this sort of restriction can get into browsers in some way in the future.© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET  HTML5  HTML  Security   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

  Read the article

< Previous Page | 52 53 54 55 56 57 58 59 60  | Next Page >