Search Results

Search found 6966 results on 279 pages for 'tag wint'.

Page 80/279 | < Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >

  • Validation is not working

    - by Joby Kurian
    hi...I have one asp content page.Its contain many controls like dropdownlist,textbox etc.All controls are inside a div tag.I gave required field validator for all my drop down list.i have one SAVE button that reside inside another div tag.I gave SAVE button cause validation true.But my problem is that, the validator is not working and the page.Isvalid property is true.What is the problem with my code?

    Read the article

  • What does <![CDATA[]]> in XML mean?

    - by mystify
    I often find this strange CDATA tag in XML files: <![CDATA[]]> I have observed that this CDATA tag always comes at the beginning, and then followed by some stuff. But sometimes it is used, sometimes it is not. I assume it is to mark that some "data" will be inserted after that. But what kind of "data"? Isn't anything I write in XML tags some sort of "data"?

    Read the article

  • Relationship problem?

    - by dilip
    I have four tables Tag=id,tag_name Image=Id,Image_name TagImage=Id,tag_id,Image_id ImageStudent=id,Image_id,student_id And I want to find a record using student id and tag name. What relationship do I use?

    Read the article

  • Syntax highlighting Abbreviations

    - by Nimbuz
    I'm using Google prettify for syntax highlighting and I'd like to modify the colors to match my website theme, but I don't understand some of the abbreviations from these: str = string atw kwd = keyword tag = tag com = comment typ = type? atn dec = declaration? lit pun = punctuation? like colons, braces? pln prettyprint

    Read the article

  • Error reading values from dynamically created table rows in Android

    - by jaymo
    So I have a couple of dynamically created tablerows.Each TableRow has a couple of Textviews.I have a button that on clicked should get all the values of the second and third textviews in each Tablerow in the Table. I have tried to do this using the code below mSubmitOrders.setOnClickListener(new View.OnClickListener() { public void onClick(View v) { if(mTable.getChildCount()>1){ for(int i = 0; i < mTable.getChildCount(); i++){ TableRow tr = (TableRow)mTable.getChildAt(i); TextView code = (TextView) tr.getChildAt(1); TextView quantity = (TextView) tr.getChildAt(2); String Scode = code.getText().toString(); Log.i("TAG", Scode); String Squantity = quantity.getText().toString(); Log.i("TAG", Squantity); } } But I get the below errors (Logcat below). Assistance required 10-22 09:00:16.345: E/AndroidRuntime(4495): FATAL EXCEPTION: main 10-22 09:00:16.345: E/AndroidRuntime(4495): java.lang.ClassCastException: android.widget.LinearLayout cannot be cast to android.widget.TextView 10-22 09:00:16.345: E/AndroidRuntime(4495): at com.symetry.myitprovider.ui.actual$4.onClick(actual.java:173) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.view.View.performClick(View.java:3131) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.view.View$PerformClick.run(View.java:12035) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.os.Handler.handleCallback(Handler.java:587) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.os.Handler.dispatchMessage(Handler.java:92) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.os.Looper.loop(Looper.java:132) 10-22 09:00:16.345: E/AndroidRuntime(4495): at android.app.ActivityThread.main(ActivityThread.java:4123) 10-22 09:00:16.345: E/AndroidRuntime(4495): at java.lang.reflect.Method.invokeNative(Native Method) 10-22 09:00:16.345: E/AndroidRuntime(4495): at java.lang.reflect.Method.invoke(Method.java:491) 10-22 09:00:16.345: E/AndroidRuntime(4495): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:844) 10-22 09:00:16.345: E/AndroidRuntime(4495): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:602) 10-22 09:00:16.345: E/AndroidRuntime(4495): at dalvik.system.NativeStart.main(Native Method) EDIT: I have modified my code and now there is no error..but its not working as needed.. The new code is as below.. mSubmitOrders.setOnClickListener(new View.OnClickListener() { public void onClick(View v) { if(mTable.getChildCount()>1){ for(int i = 0; i < mTable.getChildCount(); i++){ //TODO: Figure out how to do this well LinearLayout LL = (LinearLayout)mTable.getChildAt(i); View x = ((View)(LL.getParent()).getParent()); Log.i("TAG", "Past view"); TextView code = (TextView)((ViewGroup) x).getChildAt(2); String Scode = code.getText().toString(); Log.i("TAG", Scode); } But thing is its not getting the texview from TableLayout's Table Row..its getting a different one...the one I have circled in the picture ![Error]:http://semasoftltd.com/error.png

    Read the article

  • How to create a tags box like mixx & delicious?

    - by David
    i tried to search in google but no one talked about this. i want a css solution to create a liquid tag box like the orange ones in this : http://www.mixx.com/stories/10402914/haiti_us_gov_t_grants_matching_3_to_1_donations_to_worldvision_for_haiti so, even if the word is long the tag box will fit it. i want the same shape Thanks

    Read the article

  • Start javascript from asp.net page

    - by CruelIO
    Hi I have a usercontrol which includes some JavaScript, if I add the control to a standard web page I can start the JavaScript in the body tag, like this <body onLoad="Start()"> The problem is that I need to add the control to a webpage which is inside a masterpage, how do I then start the script when a page inside a masterpage doesn't have a body tag.

    Read the article

  • How to Parse through nsXml Parser.

    - by chsab420
    Hey All, i am very new to iphone Development and i am asked to use nsxml parser to parse xml from a google api. i have parsed another url which has xml but i am not able to parse google's because it is using id's to store data rather than inside tag. i.e. Can somebody help me that how can i parse the attribute inside the tag. Thanks & Regards

    Read the article

  • Rails autocomplete plugin.

    - by piemesons
    Hello Is there any plugin available for auto complete like in stackoverflow. Right now i am using acts_as_taggable plugin. I want to check the new created tag, autocomplete with comma separate. How to use auto_complete plugin and acts_as_taggable both. Consider the thing done in stackoverflow tag case.

    Read the article

  • Remove all arbitary spaces before a line in Vim

    - by Farslan
    I'v written a plugin where it comes to parsing a XML tag. The content inside the tag is indented and when i copy the parsed string into the file it's gettting like: Example line This is part of the parsed line Thats goes one End of line What I want is to remove all spaces in front of these lines, the final text should be Example line This is part of the parsed line Thats goes one End of line I've tried to use = but it doesn't work the way U want. How can I do that with minimal key strokes ?

    Read the article

  • Alternative for execCommand('underline');

    - by Phil
    The Underline-Tag are removed on HTML5… But the execCommand creates that Tag… Is there any alternative working like the execCommand? (An Alternative who prevents also things like nicetestString, things like that will happen if i use only the surroundContents Methode of the Range… it throws a BAD_BOUNDARYPOINTS_ERR)

    Read the article

  • Running PHP,MySQL and apache in Ubuntu 10.04 LTS

    - by Ramprakash
    Hello all, I have installed native apache and mysql,php in my linux server. I tried a page using phpinfo() and it worked.But when I try my own pages, the execution of the page stops when it comes to the php tag, even the css tag following it doesn't come to the browser. Please help me how to fix this issue.. Thanks in advance

    Read the article

  • How to add Eclipse Task Tags programmatically (Eclipse Plugin development)?

    - by sebnem
    Hi, I am developing an Eclipse Plugin. I want to add my custom Task Tag programmatically within the plugin. (Lets say DOTHIS) Later, i want to list the lines marked with DOTHIS tag in my custom taskView I know that it is done using the Eclipse UI from Project Properties Java Compiler Task Tags New. and then in the task view by Configure Contents but how can i do these arranegments within the plugin? Thanks in advance.

    Read the article

  • error on oncreate() method

    - by user1644081
    I am begginer in Android App and using Java as when I add this code : GCMRegistrar.checkDevice(this); GCMRegistrar.checkManifest(this); final String regId = GCMRegistrar.getRegistrationId(this); if (regId.equals("")) { GCMRegistrar.register(this, SENDER_ID); } else { Log.v(TAG, "Already registered"); } I had error on : SENDER_ID Log TAG the error "cannot be resolved to available "

    Read the article

  • How do I manipulate Handler Mappings cleanly in IIS7 using the Microsoft.Web.Administration namespac

    - by Kev
    I asked this over on Stack Overflow but maybe it's something an experienced IIS 7 administrator might know more about, so I'm asking here as well. When manipulating Handler Mappings using the Microsoft.Web.Administration namespace, is there a way to remove the <remove name="handler name"> tag added at the site level. For example, I have a site which inherits all the handler mappings from the global handler mappings configuration. In applicationHost.config the <location> tag initially looks like this: <location path="60030 - testsite-60030.com"> <system.webServer> <security> <authentication> <anonymousAuthentication userName="" /> </authentication> </security> </system.webServer> </location> To remove a handler I use code similar this: string siteName = "60030 - testsite-60030.com"; string handlerToRemove = "ASPClassic"; using(ServerManager sm = new ServerManager()) { Configuration siteConfig = serverManager.GetApplicationHostConfiguration(); ConfigurationSection handlersSection = siteConfig.GetSection("system.webServer/handlers", siteName); ConfigurationElementCollection handlersCollection = handlersSection.GetCollection(); ConfigurationElement handlerElement = handlersCollection .Where(h => h["name"].Equals(handlerMapping.Name)).Single(); handlersCollection.Remove(handlerElement); } The equivalent APPCMD instruction would be: appcmd set config "60030 - autotest-60030.com" -section:system.webServer/handlers /-[name='ASPClassic'] /commit:apphost This results in the site's <location> tag looking like: <location path="60030 - testsite-60030.com"> <system.webServer> <security> <authentication> <anonymousAuthentication userName="" /> </authentication> </security> <handlers> <remove name="ASPClassic" /> </handlers> </system.webServer> </location> So far so good. However if I re-add the ASPClassic handler this results in: <location path="60030 - testsite-60030.com"> <system.webServer> <security> <authentication> <anonymousAuthentication userName="" /> </authentication> </security> <handlers> <!-- Why doesn't <remove> get removed instead of tacking on an <add> directive? --> <remove name="ASPClassic" /> <add name="ASPClassic" path="*.asp" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="File" /> </handlers> </system.webServer> </location> This happens when using both the Microsoft.Web.Administration namespace and C# or using the following APPCMD command: appcmd set config "60030 - autotest-60030.com" -section:system.webServer/handlers /+[name='ASPClassic',path='*.asp',verb=;'GET,HEAD,POST',modules='IsapiModule',scriptProcessor='%windir%\system32\inetsrv\asp.dll',resourceType='File'] /commit:apphost This can result in a lot of cruft over time for each website that's had a handler removed then re-added programmatically. Is there a way to just remove the <remove name="ASPClassic" /> tag using the Microsoft.Web.Administration namespace code or APPCMD?

    Read the article

  • What is wrong in my DKIM setup? I'm getting all fails

    - by djechelon
    I own a domain name I have implemented SPF and DKIM to avoid my mails being junked. I have also upgraded to DMARC in monitor mode. Since I received a few failure reports recently I wanted to investigate more. I have only one server sending outbound emails, running postfix + dkimproxy. I trust that dkimproxy has no major software bugs resulting in bad messages. I have tested ReturnPath's automated DKIM test and this is the part related to DKIM/DomainKeys DKIM Results ============ Result = failed: invalid key for signature: Syntax error in tag: \"v Domain = domain.org Selector = sel DNS Record(s) = sel._domainkey.domain.org TXT "v=1; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsMMLhxzXkU+tagc44oMi7eX2BsFb8BsWeT8MRL+hxi4Lsosx7tuPm90iYgilNteyJoXuSP5SUf8B2tDAifdzYQhfhctr0hX9b6ocBCukGq5p0GHpNsCPWyFvxZsCkGqLRmkfb0c36quEAWBeQLe4Z/BwXBBiW1g96WFNb2/GRI1+9OHhligdfuo4PPuU+xiwX4GB0Ik50cJL4xTdBf7lrFwoGYa03ZkXuzKxeGE4cTk50OeIs6eqrzAfbmej4nCex2qGOUt1TWI7ZvCY7u3Gxj+XKaE7VFrQACZof+NP0k2pXPHg9saGJqZrr2i6+RoxGD0w/ibjAWij9enwqlnv2ORsZfe+FmXNOLJAhlYvhHaruubDpte1c7V3ZKDceM45ZawnVmSdLCfBrMbsqipzy8NXN5MxuANYFBkx5EDT+Ieab+zqcnf08m9bgDc4RXMYppDT1/lUy6On+nyfZEnJWiH3BUtgxS8X0uXciXbsooTmPnpkzzvvKXAE/Tv3XqL90q51geqP0EmaZI6lRTpiqoX7zFGlEBiiF7/u8oheszATks8LsNZ/boTFy0OVldbYNhxlIuRmqeXkqD6+kM5ObKtMEv3AdaeBiZmvyJTP8tCsSmPt+e954RLlz2HaDjjNnZNgsj/39U2RzZsFbVqW6uyQh36/y1X4joOiPf366GkCAwEAAQ==; t=s" Public Key Length = 4096 DomainKeys Results ================== Domain = domain.org Selector = sel DNS Record(s) = sel._domainkey.domain.org TXT "v=1; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsMMLhxzXkU+tagc44oMi7eX2BsFb8BsWeT8MRL+hxi4Lsosx7tuPm90iYgilNteyJoXuSP5SUf8B2tDAifdzYQhfhctr0hX9b6ocBCukGq5p0GHpNsCPWyFvxZsCkGqLRmkfb0c36quEAWBeQLe4Z/BwXBBiW1g96WFNb2/GRI1+9OHhligdfuo4PPuU+xiwX4GB0Ik50cJL4xTdBf7lrFwoGYa03ZkXuzKxeGE4cTk50OeIs6eqrzAfbmej4nCex2qGOUt1TWI7ZvCY7u3Gxj+XKaE7VFrQACZof+NP0k2pXPHg9saGJqZrr2i6+RoxGD0w/ibjAWij9enwqlnv2ORsZfe+FmXNOLJAhlYvhHaruubDpte1c7V3ZKDceM45ZawnVmSdLCfBrMbsqipzy8NXN5MxuANYFBkx5EDT+Ieab+zqcnf08m9bgDc4RXMYppDT1/lUy6On+nyfZEnJWiH3BUtgxS8X0uXciXbsooTmPnpkzzvvKXAE/Tv3XqL90q51geqP0EmaZI6lRTpiqoX7zFGlEBiiF7/u8oheszATks8LsNZ/boTFy0OVldbYNhxlIuRmqeXkqD6+kM5ObKtMEv3AdaeBiZmvyJTP8tCsSmPt+e954RLlz2HaDjjNnZNgsj/39U2RzZsFbVqW6uyQh36/y1X4joOiPf366GkCAwEAAQ==; t=s" The mail displays an anonymised DNS record with genuine public key. It reports an error in tag v. A few hours ago I noticed my v tag was v=DKIM1 instead of v=1 as specified in RFC. I thought it was an error made by me during the initial setup months ago and fixed to v=1, but anyway I received one DMARC success from Google. Let me explain better: I enforced DMARC a couple of days ago. On 4/16 morning I got a mail from Google telling me that DMARC fully passes, then since 4/17 I get all failures. Then I discovered the v=DKIM1 tag and replaced with v=1 without success I have not modified my DNS records before that. So, keeping in topic with the question, why does ReturnPath refuse my DKIM DNS record? Is something wrong in my DKIM implementation at DNS level? [Add] I have just tried port25.com's tester but at least DKIM passes ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: permerror (DK_STAT_BADKEY: Unusable key, public if verifying, private if signing.) ID(s) verified: header.From=########### DNS record(s): sel._domainkey.domain.org. 1800 IN TXT ""v=1; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsMMLhxzXkU+tagc44oMi7eX2BsFb8BsWeT8MRL+hxi4Lsosx7tuPm90iYgilNteyJoXuSP5SUf8B2tDAifdzYQhfhctr0hX9b6ocBCukGq5p0GHpNsCPWyFvxZsCkGqLRmkfb0c36quEAWBeQLe4Z/BwXBBiW1g96WFNb2/GRI1+9OHhligdfuo4PPuU+xiwX4GB0Ik50cJL4xTdBf7lrFwoGYa03ZkXuzKxeGE4cTk50OeIs6eqrzAfbmej4nCex2qGOUt1TWI7ZvCY7u3Gxj+XKaE7VFrQACZof+NP0k2pXPHg9saGJqZrr2i6+RoxGD0w/ibjAWij9enwqlnv2ORsZfe+FmXNOLJAhlYvhHaruubDpte1c7V3ZKDceM45ZawnVmSdLCfBrMbsqipzy8NXN5MxuANYFBkx5EDT+Ieab+zqcnf08m9bgDc4RXMYppDT1/lUy6On+nyfZEnJWiH3BUtgxS8X0uXciXbsooTmPnpkzzvvKXAE/Tv3XqL90q51geqP0EmaZI6lRTpiqoX7zFGlEBiiF7/u8oheszATks8LsNZ/boTFy0OVldbYNhxlIuRmqeXkqD6+kM5ObKtMEv3AdaeBiZmvyJTP8tCsSmPt+e954RLlz2HaDjjNnZNgsj/39U2RzZsFbVqW6uyQh36/y1X4joOiPf366GkCAwEAAQ==; t=s"" ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: #########) ID(s) verified: header.d=domain.org Canonicalized Headers: message-id:<[email protected]>'0D''0A' date:Thu,'20'18'20'Apr'20'2013'20'11:40:26'20'+0200'0D''0A' from:#############'0D''0A' mime-version:1.0'0D''0A' to:[email protected]'0D''0A' subject:Test'0D''0A' content-type:text/plain;'20'charset=ISO-8859-15;'20'format=flowed'0D''0A' content-transfer-encoding:7bit'0D''0A' dkim-signature:v=1;'20'a=rsa-sha1;'20'c=relaxed;'20'd=domain.org;'20'h='20'message-id:date:from:mime-version:to:subject:content-type'20':content-transfer-encoding;'20's=dom;'20'bh=uoq1oCgLlTqpdDX/iUbLy7J1Wi'20'c=;'20'b= Canonicalized Body: '0D''0A' DNS record(s): sel._domainkey.domain.org. 1800 IN TXT ""v=1; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsMMLhxzXkU+tagc44oMi7eX2BsFb8BsWeT8MRL+hxi4Lsosx7tuPm90iYgilNteyJoXuSP5SUf8B2tDAifdzYQhfhctr0hX9b6ocBCukGq5p0GHpNsCPWyFvxZsCkGqLRmkfb0c36quEAWBeQLe4Z/BwXBBiW1g96WFNb2/GRI1+9OHhligdfuo4PPuU+xiwX4GB0Ik50cJL4xTdBf7lrFwoGYa03ZkXuzKxeGE4cTk50OeIs6eqrzAfbmej4nCex2qGOUt1TWI7ZvCY7u3Gxj+XKaE7VFrQACZof+NP0k2pXPHg9saGJqZrr2i6+RoxGD0w/ibjAWij9enwqlnv2ORsZfe+FmXNOLJAhlYvhHaruubDpte1c7V3ZKDceM45ZawnVmSdLCfBrMbsqipzy8NXN5MxuANYFBkx5EDT+Ieab+zqcnf08m9bgDc4RXMYppDT1/lUy6On+nyfZEnJWiH3BUtgxS8X0uXciXbsooTmPnpkzzvvKXAE/Tv3XqL90q51geqP0EmaZI6lRTpiqoX7zFGlEBiiF7/u8oheszATks8LsNZ/boTFy0OVldbYNhxlIuRmqeXkqD6+kM5ObKtMEv3AdaeBiZmvyJTP8tCsSmPt+e954RLlz2HaDjjNnZNgsj/39U2RzZsFbVqW6uyQh36/y1X4joOiPf366GkCAwEAAQ==; t=s"" Public key used for verification: sel._domainkey.domain.org (4096 bits)

    Read the article

  • .NET HTML Sanitation for rich HTML Input

    - by Rick Strahl
    Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Breaking out of first element in IHTMLTxtRange

    - by XwipeoutX
    I'm trying to do a rich text editor for a web application, and I need to be able to mark some elements in the text as uneditable by the user. The reason for this is they're placeholders for dynamic content (like created date) that I want to have a live preview for. Take the following Code as an example - there's no toolbar or anything in this one, for light weightness, but the textarea and html are synchronized. <!-- DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" --> <html> <head> <title>Hi</title> <script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script> <script> $(function() { g = {}; g.iFrame = document.createElement("IFRAME"); $("#frameContainer").append(g.iFrame); g.iDoc = g.iFrame.contentWindow.document; g.iDoc.designMode = "on"; g.jTextArea = $("#textContainer textarea"); setTimeout(function() { g.iDoc.body.innerHTML = "<b class=\"notype\">Cannot type here</b>"; $(g.iDoc).trigger("keyup"); $(g.iDoc.body).focus(); }, 0); $(g.iDoc).keyup(function() { g.jTextArea.text(g.iDoc.body.innerHTML); }); g.jTextArea.keyup(function() { g.iDoc.body.innerHTML = this.innerText; }); var getSelection = function() { if (typeof g.iDoc.selection !== "undefined" && g.iDoc.selection.type !== "Text" && g.iDoc.selection.type !== "None") { g.iDoc.selection.clear(); } return g.iDoc.selection.createRange(); }; $(g.iDoc).keypress(function(event) { // If we're in a marked field, disable the operation. var sel = getSelection(); if ($(sel.parentElement()).hasClass('notype')) { sel.moveToElementText(sel.parentElement()); sel.collapse(); sel.move("character", -1); sel.select(); $("#log").append("<div>outside of thing</div>"); } }); $(testLink).click(function() { // Try and insert stuff at the front $(g.iDoc.body).focus(); var sel = getSelection(); sel.moveToElementText(sel.parentElement()); sel.collapse(); sel.move("character", -100); sel.pasteHTML("Before html?"); $(g.iDoc).trigger("keyup"); $(g.iDoc.body).focus(); }); }); </script> </head> <body id="#body"> <div id="container"> <div id="frameContainer"> <h1> Frame</h1> </div> <div id="textContainer"> <h1> Text</h1> <textarea rows="10" cols="80"></textarea> </div> <a href="#" id="testLink">Test</a> <div id="log"> </div> </div> </body> </html> In the keyup binding, I can successfuly detect if I'm inside another element, and move the cursor to the front of the text before inserting it no problem. However, since there is no text before the element marked as 'notype', it gets inserted inside the same element. This is double bad when the user presses "enter", as a new tag is genrated, and the "notype" tag is duplicated, obviously not required. I want the behaviour as follows: * If the user types while the cursor is in the 'notype' tag, the cursor is moved to front and the text goes there * If the cursor is at the last position inside the 'notype' tag, then the text appears after the tag * If the user types anywhere else, it's inserted as always. The link at the bottom tries to manually put the cursor at the front and insert the html. Obviously fails. I know this one can work by doing something like $(g.iDoc.body).prepend("before!"), but this obviously won't work in a real scenario (using keyup).

    Read the article

  • "Expected initializer before '<' token" in header file

    - by Sarah
    I'm pretty new to programming and am generally confused by header files and includes. I would like help with an immediate compile problem and would appreciate general suggestions about cleaner, safer, slicker ways to write my code. I'm currently repackaging a lot of code that used to be in main() into a Simulation class. I'm getting a compile error with the header file for this class. I'm compiling with gcc version 4.2.1. // Simulation.h #ifndef SIMULATION_H #define SIMULATION_H #include <cstdlib> #include <iostream> #include <cmath> #include <string> #include <fstream> #include <set> #include <boost/multi_index_container.hpp> #include <boost/multi_index/hashed_index.hpp> #include <boost/multi_index/member.hpp> #include <boost/multi_index/ordered_index.hpp> #include <boost/multi_index/mem_fun.hpp> #include <boost/multi_index/composite_key.hpp> #include <boost/shared_ptr.hpp> #include <boost/tuple/tuple_comparison.hpp> #include <boost/tuple/tuple_io.hpp> #include "Parameters.h" #include "Host.h" #include "rng.h" #include "Event.h" #include "Rdraws.h" typedef multi_index_container< // line 33 - first error boost::shared_ptr< Host >, indexed_by< hashed_unique< const_mem_fun<Host,int,&Host::getID> >, // 0 - ID index ordered_non_unique< tag<age>,const_mem_fun<Host,int,&Host::getAgeInY> >, // 1 - Age index hashed_non_unique< tag<household>,const_mem_fun<Host,int,&Host::getHousehold> >, // 2 - Household index ordered_non_unique< // 3 - Eligible by age & household tag<aeh>, composite_key< Host, const_mem_fun<Host,int,&Host::getAgeInY>, const_mem_fun<Host,bool,&Host::isEligible>, const_mem_fun<Host,int,&Host::getHousehold> > >, ordered_non_unique< // 4 - Eligible by household (all single adults) tag<eh>, composite_key< Host, const_mem_fun<Host,bool,&Host::isEligible>, const_mem_fun<Host,int,&Host::getHousehold> > >, ordered_non_unique< // 5 - Household & age tag<ah>, composite_key< Host, const_mem_fun<Host,int,&Host::getHousehold>, const_mem_fun<Host,int,&Host::getAgeInY> > > > // end indexed_by > HostContainer; typedef std::set<int> HHSet; class Simulation { public: Simulation( int sid ); ~Simulation(); // MEMBER FUNCTION PROTOTYPES void runDemSim( void ); void runEpidSim( void ); void ageHost( int id ); int calcPartnerAge( int a ); void executeEvent( Event & te ); void killHost( int id ); void pairHost( int id ); void partner2Hosts( int id1, int id2 ); void fledgeHost( int id ); void birthHost( int id ); void calcSI( void ); double beta_ij_h( int ai, int aj, int s ); double beta_ij_nh( int ai, int aj, int s ); private: // SIMULATION OBJECTS double t; double outputStrobe; int idCtr; int hholdCtr; int simID; RNG rgen; HostContainer allHosts; // shared_ptr to Hosts - line 102 - second error HHSet allHouseholds; int numInfecteds[ INIT_NUM_AGE_CATS ][ INIT_NUM_STYPES ]; EventPQ currentEvents; // STREAM MANAGEMENT void writeOutput(); void initOutput(); void closeOutput(); std::ofstream ageDistStream; std::ofstream ageDistTStream; std::ofstream hhDistStream; std::ofstream hhDistTStream; std::string ageDistFile; std::string ageDistTFile; std::string hhDistFile; std::string hhDistTFile; }; #endif I'm hoping the other files aren't so relevant to this problem. When I compile with g++ -g -o -c a.out -I /Applications/boost_1_42_0/ Host.cpp Simulation.cpp rng.cpp main.cpp Rdraws.cpp I get Simulation.h:33: error: expected initializer before '<' token Simulation.h:102: error: 'HostContainer' does not name a type and then a bunch of other errors related to not recognizing the HostContainer. It seems like I have all the right Boost #includes for the HostContainer to be understood. What else could be going wrong? I would appreciate immediate suggestions, troubleshooting tips, and other advice about my code. My plan is to create a "HostContainer.h" file that includes the typedef and structs that define its tags, similar to what I'm doing in "Event.h" for the EventPQ container. I'm assuming this is legal and good form.

    Read the article

< Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >