Search Results

Search found 6519 results on 261 pages for 'nested attributes'.

Page 65/261 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >

  • Give style attributes to sub-elements inside a <style> tag?

    - by Giffyguy
    My <style> for thumbnails currently looks like this: <style type="text/css"> img.TN { width: 100%; margin-bottom: 5.294%; cursor: pointer; } </style> This is annoying, because I have to apply this style to every single thumbnail image individually, when there could be any number of them on the screen at any given time. All of the thumbnails are inside a single <div> that groups them together, and I'd like to apply a single style to the <div> that will push the attributes I need down to all of the the <img> elements nested inside, regardless how many thumbnails there are. I'm using ASP.NET 2.0, and CSS 2.0 Does anyone know how to do this? Thanks!

    Read the article

  • Using Completed User Stories to Estimate Future User Stories

    - by David Kaczynski
    In Scrum/Agile, the complexity of a user story can be estimated in story points. After completing some user stories, a programmer or team of programmers can use those experiences to better estimate how much time it might take to complete a future user story. Is there a methodology for breaking down the complexity of user stories into quantifiable or quantifiable attributes? For example, User Story X requires a rich, new view in the GUI, but User Story X can perform most of its functionality using existing business logic on the server. On a scale of 1 to 10, User Story X has a complexity of 7 on the client and a complexity of 2 on the server. After User Story X is completed, someone asks how long would it take to complete User Story Y, which has a complexity of 3 on the client and 6 on the server. Looking at how long it took to complete User Story X, we can make an educated estimate on how long it might take to complete User Story Y. I can imagine some other details: The complexity of one attribute (such as complexity of client) could have sub-attributes, such as number of steps in a sequence, function points, etc. Several other attributes that could be considered as well, such as the programmer's familiarity with the system or the number of components/interfaces involved These attributes could be accumulated into some sort of user story checklist. To reiterate: is there an existing methodology for decomposing the complexity of a user story into complexity of attributes/sub-attributes, or is using completed user stories as indicators in estimating future user stories more of an informal process?

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Do I need to use any other attributes other than CssClassProperty to enabled design-time support?

    - by keith
    Hi, I'm trying to provide the same design-time support that the CssClass provides on some custom properties of a server control. The documentation suggests that decorating the property with the CssClassProperty is all that's required. [CssClassProperty] public string SomeOtherCssClass{get;set;} This has no effect, in vs2008 or vs2010. I've looked at the WebControl class using reflector and implemented all the attributes, and every combination thereof, to my property and still no class dropdown. Some blog posts suggest that the use of the Editor attribute but a) there's not mention of it in the documentation and b) none of editors which are remotely related to css classes have any effect either. Am I missing something to enable this feature? Thanks in advance, Keith.

    Read the article

  • A reasonable way to add attributes to an xml root element.

    - by DrLazer
    The function "WriteStartElement" does not return anything. I find this a little bizzare. So up until now I have been doing it like this. XmlDocument xmlDoc = new XmlDocument(); XmlTextWriter xmlWriter = new XmlTextWriter(m_targetFilePath, System.Text.Encoding.UTF8); xmlWriter.Formatting = Formatting.Indented; xmlWriter.WriteProcessingInstruction("xml", "version='1.0' encoding='UTF-8'"); xmlWriter.WriteStartElement("client"); xmlWriter.Close(); xmlDoc.Load(m_targetFilePath); XmlElement root = xmlDoc.DocumentElement; Saving the doc, then reloading it to get hold of the start element so i can write attributes to it. Does anybody know the correct way of doing this because I'm pretty sure what I'm doing isn't right. I tried to use xmlWriter.AppendChild() but it doesnt seem to write out anything. :(

    Read the article

  • Should image size be defined in the img tag height/width attributes or in CSS?

    - by Benjamin Manns
    Is it better coding practice to define an images size in the img tag's width and height attributes? <img src="images/academia_vs_business.png" width="740" height="382" alt="" /> Or in the CSS style with width/height? <img src="images/academia_vs_business.png" style="width:740px; height:382px;" alt="" /> Or both? <img src="images/academia_vs_business.png" width="740" height="382" style="width:740px; height:382px" alt="" />

    Read the article

  • How to make tag group with including predefined attributes, to wrap other things quickly?

    - by jitendra
    for example. if i want to quickly wrap anything by this in once. in dreamweaver or in any other free software where i can do this. I want to select this <p>anything can be here - content, other html tag etc.</p> and in one shot want to wrap inside 2 divs with predefined classes <div class="one"> <div class="two"> <p>anything can be here - content, other html tag etc.</p> </div> </div> I have work with large amount of code and need to wrap random things in Divs with defined attributes.

    Read the article

  • How can I find all attributes with single quotes in a Sublime Text 2 document and replace with double quotes?

    - by Brandon Durham
    I'm feeling particularly nit-picky today. I'm working in some HTML docs that have single quotes around all attribute values through the docs, like this: <div class='classone classtwo'> I'd love to be able to do a find-and-replace in each doc and replace with double quotes, like this: <div class="classone classtwo"> Many elements in the document will have multiple attributes: <div class='classone classtwo' data-scripts='lazyload'> And some will have the correct double quotes: <div class='classone classtwo' data-scripts="lazyload"> What's the best way to replace all single quotes wrapping values with double?

    Read the article

  • Translate model fields' attributes from a Database with Django?

    - by Luiz C.
    I'm trying to create a Model that has fields that have the following attributes translatable: verbose_name and choices. I can easily do this by tagging the strings and using the i18l middleware. The problem is that I don't want to define the translation in po/mo files. Is there a way to pull this data from a database table? If so, any examples? There are some options out there that offer model content translation. That is not my case. I need to translate the verbose_name, choices and error_messages from database.

    Read the article

  • A reasonable way to add attributes to an xml root element in C#.

    - by DrLazer
    The function "WriteStartElement" does not return anything. I find this a little bizzare. So up until now I have been doing it like this. XmlDocument xmlDoc = new XmlDocument(); XmlTextWriter xmlWriter = new XmlTextWriter(m_targetFilePath, System.Text.Encoding.UTF8); xmlWriter.Formatting = Formatting.Indented; xmlWriter.WriteProcessingInstruction("xml", "version='1.0' encoding='UTF-8'"); xmlWriter.WriteStartElement("client"); xmlWriter.Close(); xmlDoc.Load(m_targetFilePath); XmlElement root = xmlDoc.DocumentElement; Saving the doc, then reloading it to get hold of the start element so i can write attributes to it. Does anybody know the correct way of doing this because I'm pretty sure what I'm doing isn't right. I tried to use xmlWriter.AppendChild() but it doesnt seem to write out anything. :(

    Read the article

  • How do I stop server control attributes being HTML encoded?

    - by Billious
    I'm trying to alter the onmouseover attribute of a HyperLink server control, but when I do so the JavaScript call I'm entering gets HTML encoded. For example: linkBooks.Attributes("onmouseover") = "changeImages(""books"", ""/images/common/books-dark.png""); return true;" Gets converted to: onmouseover="changeImages(&quot;books&quot;, &quot;/images/common/books-dark.png&quot;); return true;" How do I prevent this? The same code worked fine under VS2005 and .NET 2.0, I'm currently using VS2010RC and .NET 4.0.

    Read the article

  • How to step inside NSManagedObject; access individual attributes.

    - by user300972
    NSManagedObject *entryObj = [self.fetchedResultsController objectAtIndexPath:indexPath]; entryObj consists of four String attributes. If I NSLog entryObj, I get the information I want. I cannot figure out how to access each of these properties individually. I read a similar post where the solution was to call "entity." I cannot figure out how to use "entity" to access a specific attribute. Any ideas? References? Tutorials? Thanks in advance.

    Read the article

  • PHP SimpleXML recursive function to list children and attibutes

    - by Phill Pafford
    I need some help on the SimpleXML calls for a recursive function that lists the elements name and attributes. Making a XML config file system but each script will have it's own config file as well as a new naming convention. So what I need is an easy way to map out all the elements that have attributes, so like in example 1 I need a simple way to call all the processes but I don't know how to do this without hard coding the elements name is the function call. Is there a way to recursively call a function to match a child element name? I did see the xpath functionality but I don't see how to use this for attributes. Any ideas? Also does the XML in the examples look correct? can I structure my XML like this? Example 1: <application> <processes> <process id="123" name="run batch A" /> <process id="122" name="run batch B" /> <process id="129" name="run batch C" /> </processes> <connections> <databases> <database usr="test" pss="test" hst="test" dbn="test" /> </databases> <shells> <ssh usr="test" pss="test" hst="test-2" /> <ssh usr="test" pss="test" hst="test-1" /> </shells> </connections> </application> Example 2: <config> <queues> <queue id="1" name="test" /> <queue id="2" name="production" /> <queue id="3" name="error" /> </queues> </config> Pseudo code: // Would return matching process id getProcess($process_id) { return the process attributes as array that are in the XML } // Would return matching DBN (database name) getDatabase($database_name) { return the database attributes as array that are in the XML } // Would return matching SSH Host getSSHHost($ssh_host) { return the ssh attributes as array that are in the XML } // Would return matching SSH User getSSHUser($ssh_user) { return the ssh attributes as array that are in the XML } // Would return matching Queue getQueue($queue_id) { return the queue attributes as array that are in the XML } EDIT: Can I pass two parms? on the first method you have suggested @Gordon public function findProcessById($id, $name) { $attr = false; $el = $this->xml->xpath("//process[@id='$id']"); // How do I also filter by the name? if($el && count($el) === 1) { $attr = (array) $el[0]->attributes(); $attr = $attr['@attributes']; } return $attr; }

    Read the article

  • Why instantiation of static nested class object is allowed?

    - by Parag Meshram
    I have started learning Java language for Android Application developement. As per my understanding based on static class, we cannot instantiate object of static class. But why instantiation of static nested class object is allowed in following situaltion? class EnclosingClass { //... class static StaticInnerClass { //... } } Why we can create object of inner class if it is marked as static? EnclosingClass.StaticInnerClass s = new EnclosingClass.StaticInnerClass()

    Read the article

  • How to open a nested child PreferenceScreen in Android.

    - by Mike
    Hello, I have a PreferenceScreen that is defined in XML that serves all the preferences for my application. This PreferenceScreen also has a child PreferenceScreen nested within it. My implementing class is called PreferencesActivity. I know I can open the main Preferences window via startActivity(new Intent(this, PreferencesActivity.class)); but how do I go about opening the child PreferenceScreen via an Intent?

    Read the article

  • strange xcode error Could not compile reconstructed dtrace script:

    - by Rahul Vyas
    Hello all , i am getting this error when i try to compile an iPhone app. error: Could not compile reconstructed dtrace script: provider CorePlot { probe layer_position_change(char *,int,int,int,int); }; #pragma D attributes PRIVATE/PRIVATE/UNKNOWN provider CorePlot provider #pragma D attributes PRIVATE/PRIVATE/UNKNOWN provider CorePlot module #pragma D attributes PRIVATE/PRIVATE/UNKNOWN provider CorePlot function #pragma D attributes PRIVATE/PRIVATE/UNKNOWN provider CorePlot name #pragma D attributes PRIVATE/PRIVATE/UNKNOWN provider CorePlot args ld: error creating dtrace DOF section collect2: ld returned 1 exit status

    Read the article

  • How is this Nested Set SQL query converted into a LINQ query?

    - by Chad
    Querying a Nested Set Model table, here's the SQL... how can this be written in LINQ? SELECT parent.name FROM nested_category AS node, nested_category AS parent WHERE node.lft BETWEEN parent.lft AND parent.rgt AND node.name = 'FLASH' ORDER BY parent.lft; particularly, the FROM part... never tried to do anything like that in LINQ.

    Read the article

  • Strange behaviour of NSString in NSView

    - by Mee
    Trying to create a Skat-Game, I encountered the following problem: isBidding is a Boolean value indicationg, the program is in a certain state, [desk selected] is a method calling returning the current selected player, chatStrings consists of dictionaries, saving strings with the player, who typed, and what he typed - (void)drawRect:(NSRect)rect { NSMutableDictionary * attributes = [NSMutableDictionary dictionary]; [attributes setObject:[NSFont fontWithName:playerFont size:playerFontSize] forKey:NSFontAttributeName]; [attributes setObject:playerFontColor forKey:NSForegroundColorAttributeName]; [[NSString stringWithFormat:@"Player %i",[desk selected] + 1]drawInRect:playerStringRect withAttributes:attributes]; if (isBidding) { [attributes setObject:[NSFont fontWithName:chatFont size:chatFontSize] forKey:NSFontAttributeName]; [attributes setObject:chatFontColor forKey:NSForegroundColorAttributeName]; int i; for (i = 0; i < [chatStrings count]; i++, yProgress -= 20) { if (isBidding) [[NSString stringWithFormat:@"Player %i bids: %@",[[[chatStrings objectAtIndex:i]valueForKey:@"Player"]intValue], [[chatStrings objectAtIndex:i]valueForKey:@"String"]] drawAtPoint:NSMakePoint([self bounds].origin.x, yProgress) withAttributes:attributes]; else [[NSString stringWithFormat:@"Player %i: %@",[[[chatStrings objectAtIndex:i]valueForKey:@"Player"]intValue], [[chatStrings objectAtIndex:i]valueForKey:@"String"]] drawAtPoint:NSMakePoint([self bounds].origin.x, yProgress) withAttributes:attributes]; } if (isBidding) [[NSString stringWithFormat:@"Player %i bids: %@",[desk selected] + 1, displayString] drawAtPoint:NSMakePoint([self bounds].origin.x, yProgress) withAttributes:attributes]; else [[NSString stringWithFormat:@"Player %i: %@",[desk selected] + 1, displayString] drawAtPoint:NSMakePoint([self bounds].origin.x, yProgress) withAttributes:attributes]; yProgress = chatFontBegin; } } This is the part determining the string's content, the string is contributed by an [event characters] method. -(void)displayChatString:(NSString *)string { displayString = [displayString stringByAppendingString:string]; [self setNeedsDisplay:YES]; } The problem if have is this: when typing in more than two letters the view displays NSRectSet{{{471, 574},{500, 192}}} and returns no more discription when I try to print it. then I get an EXC_BAD_ACCESS message, though I have not released it (as far as I can see) I also created the string with alloc and init, so I cannot be in the autorelease pool. I also tried to watch the process when it changes with the debugger, but I couldn't find any responsible code. As you can see I am still a beginner in Cocoa (and programming in general), so I would be really happy if somebody would help me with this.

    Read the article

  • How to represent this nested array in YML format?

    - by morpheous
    I want to represent the following nested array structure in YML: container 1: N [contained_item]s where [contained_item] has the following structure contained_item: name: type: category: id: value: I hope the structure I am trying to describe is clear - I have used a mixture of Pseudo UML and YML. An aside: YML is a superset of JSON, and is used in the Symfony framework.

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • Can this be improved? Scrubing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • python: a way to get an exhaustive, sorted list of keys in a nested dictionary?

    - by saidimu
    exhaustive: - all keys in the dictionary, even if the keys are in a nested dictionary that is a value to a previous-level dictionary key. sorted: - this is to ensure the keys are always returned in the same order The nesting is arbitrarily deep. A non-recursive algorithm is preferred. level1 = { 'a' : 'aaaa', 'level2_1' : {'b': 'bbbbb', 'level3': {'c': 'cccc', 'd': 'dddddd'} }, 'level2_2' : { 'z': 'zzzzzzz' } }

    Read the article

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >