I'm using Google Caja to sanitize user input on my site. I'm currently processing the user's input inside the callback I pass to caja.whenReady(). However, on Microsoft Edge, the callback is never called because Edge can't be made safe by Caja. In the event that Caja doesn't work, I want to fall back to processing the user's content server side where I'll simply strip out all JavaScript.
How can I check if Caja works with the user's browser?
The code below will give you a function, browserSupportsCaja() that will return true at any time after Caja calls its whenReady() callbacks. This way you can determine if Caja is supported after it initializes.
If you check for Caja support before it finishes initializing, then you will get a false negative. To catch that, just put the code that you want to execute after Caja is ready in a whenReady() callback and assume that Caja is not available anywhere else.
caja.initialize({
cajaServer: 'https://caja.appspot.com/'
});
function browserSupportsCaja() {
return browserSupportsCaja.return_value;
}
browserSupportsCaja.return_value = false;
caja.whenReady( function() {
browserSupportsCaja.return_value = true;
});
Related
I have an application that enforces a strict page sequence. If the user clicks the Back button, the application detects an out-of-order page access and sends the user back to the start.
I'd like to make this a bit more friendly, by redirecting the user back to the correct page and displaying a pop-up javascript alert box telling them not to use the Back button.
I'm already using a function that does a lot of validity checking which returns None if the request is okay, or an HttpResponseRedirect to another page (generally the error page or login page) if the request is invalid. All of my views have this code at the top:
response = validate(request)
if response:
return response
So, since I have this validate() function already, it seems like a good place to add this extra code for detecting out-of-order access.
However, since the out-of-order detection flag has to survive across a redirect, I can't just set a view variable; I have to set the flag in the session data. But of course I don't want the flag to be set in the session data permanently; I want to remove the flag from the session data after processing the template.
I could add code like this to all of my render calls:
back_button = request.session.get('back_button', False)
response = render(request, 'foo.html', { 'back_button': back_button } )
if back_button:
del request.session['back_button']
return response
But this seems a bit messy. Is there some way to automatically remove the session key after processing the template? Perhaps a piece of middleware?
I'm using function-based views, not class-based, btw.
The session object uses the dictionary interface, so you can use pop instead of get to retrieve and delete the key at the same time:
back_button = request.session.pop('back_button', False)
I am working on an intranet application that uses the Google Visualization API to produce charts.
My question is is there a way to determine if access to https://www.google.com/jsapi server is down or blocked due to the company use of iPrism and display that information simply to the user on the page.
I know iPrism dosn't block it on my machine but i'm not sure about the client machines or that it may change in the future.
Any help is aapreciated.
I don't think there is anything you can trigger of of a script tag failing to load, but you could try to catch the failure before calling google.load, maybe with something like this?
if (typeof(google) == 'object' && typeof(google.load) == 'function') {
google.load('visualization', '1', {packages:['corechart'], callback: drawChart});
}
else {
// display error message about failing to load jsapi
}
I have a script :
<cfscript>
gf = createObject('component','com.general');
gf.checkIpBlocked();
</cfscript>
that I want to fire onSessionStart.
I added an onSessionStart to /siteID/includes/themes/myTheme/eventHandler.cfc. But the session start NEVER fires. I know there is something managing sessions because of I open the admin, login then close the browser, re-open it I am forced to login again.
If I set a session variable close the browser and and the session.testVar never goes away and seems to hold the initial value for a very long time.
I am not trying to manage mura users or anything I am just trying to set a session variable the first time in a "session". In a typical application.cfc this is easy.
Any insight is appreciated.
Unfortunately, that's a bug. However, one thing to keep in mind is that onSiteSessionStart is unreliable since it only fires when a siteID is defined within the request. For example, if you were to go to the admin and be asked to login your session will have started and there would have been no siteID.
For now I would try using onSiteRequestStart to param the variable instead.
function onSiteRequestStart($){
param name="session.ipChecked" default=false;
if(!session.ipChecked){
var gf = createObject('component','com.general');
gf.checkIpBlocked();
session.ipChecked=true;
}
}
In regard to our documentation we have three Mura 6 books available both printed and digital downloads from Lulu
And are also working to create a systematic way to post the contents of those books on our support site which we are hoping to complete by MuraCon on 9/30. So that the all of our documentation will stay update and in sync.
The Mura docs state that the application events are actually onGlobalSessionStart and/or onSiteSessionStart.
Application Events
onApplicationLoad onSiteSessionStart
onGlobalSessionStart onSiteSessionEnd
onSiteMissingTemplate onSiteError
onGlobalError onBeforeAutoUpdate
onAfterAutoUpdate onGlobalThreatDetect
Note that Events that begin with onGlobal are deļ¬ned on a per-Mura
instance basis.
Mura docs.
Can anyone tell me what purpose Ember.lookup serves?
It is used to lookup string keys.
An example of its use in the ember source is:
if(typeof modelType === "string"){
return Ember.get(Ember.lookup, modelType);
} else {
return modelType;
}
I can see that it returns a type from a string but I don't see where it is set or what the bigger picture is for its usage.
Ember.lookup was introduced along with Ember.imports and Ember.exports as a way to remove the dependency on window.
If you are running Ember in the browser, all three values will refer to the window, however if you are running without the browser, for instance, through NodeJS or with AMD, you will need to supply values yourself.
See the commit message for more information.
When the page displayed in our CDHtmlDialog does an Asp.Net AJAX UpdatePanel we get a navigate event, but everything after that seems to be lost. We don't have a document anymore or get any mouse events on the page.
Looks like I made the original post as an unregistered user, so I don't think I can edit it. We were able to work around the original issue, but it came up again in a different context (really starting to hate CDHTMLDialog).
Here is the cause of the problem:
Javascript calls are causing a Navigate event, and CDHtmlDialog::OnBeforeNavigate gets called and disconnects and deletes the IHTMLDocument2. Unfortunately it's not a true Navigate since the page never changed. This means CDHtmlDialog::OnNavigateComplete is never called to get the document back.
To make matters worse, when I override CDHtmlDialog::OnBeforeNavigate I find the URL string is unreadable (bug)?
The simplest (best?) solution:
We need to intercept the Before Navigate event, and only call the CDHtmlDialog's _OnBeforeNavigate2 if the URL isn't a javascript action:
BEGIN_EVENTSINK_MAP(CMyHTMLDlg, CDHtmlDialog)
ON_EVENT(CMyHTMLDlg, AFX_IDC_BROWSER, DISPID_BEFORENAVIGATE2, OnBeforeNavigate2, VTS_DISPATCH VTS_VARIANT VTS_VARIANT VTS_VARIANT VTS_VARIANT VTS_VARIANT VTS_PBOOL)
END_EVENTSINK_MAP()
void CMyHTMLDlg::OnBeforeNavigate2(LPDISPATCH pDisp, VARIANT* URL,VARIANT* Flags, VARIANT* TargetFrameName, VARIANT* PostData,VARIANT* Headers, BOOL* Cancel)
{
...
if (URL != NULL)
{
// Check if navigation is to a folder..
CString url = CString(*URL);
if(url.Left(11) != _T("javascript:"))
{
_OnBeforeNavigate2(pDisp, URL, Flags, TargetFrameName, PostData, Headers, (BOOL*)Cancel);
// If dynamic linking MFC then the above handler doesn't exist. Need to call OnBeforeNavigate direct.
// This is from a code site, and it compiles, but I've never tested it to see if it works.
//CDHtmlDialog::OnBeforeNavigate(pDisp,(LPCSTR)URL);
}
}
}
Most of this is pretty standard for setting up a CDHtmlDialog subclass, and it's pretty simple actually, but it took me a bit to figure out how to handle JavaScript. Unfortunately, I'm not sure how this will work if the JavaScript is making dynamic changes to the page itself.
A couple notes:
If the navigation needs to be completely canceled here, then set *Cancel = TRUE and don't call _OnBeforeNavigate2. Be careful here because this also cancels any JavaScript actions.
It wasn't clear until I saw the source, but CDHtmlDialog::_OnBeforeNavigate2 just calls CDHtmlDialog::OnBeforeNavigate.