We are facing issues of javascript getting embedded into message body,
following is the code snippet of the javascript,
} {*\htmltag241 var
DanaShimData="var DSJsFuncs =
,null,,,,[{nm:\"Refresh\",lcnm:\"refresh\",flg:0xb},{nm:\
\"Install\",flg:0xf},{nm:\"writeln\",flg:0x3f},{nm:\
"GotoURL\
\",flg:0xe},{nm:\"AddRoot\",lcnm:\"addroot\",flg:0xb},{nm:\
\"LoadURL\",lcnm:\"loadurl\",flg:0xb},{nm:\"addRule\
",flg:0xf},
{nm:\"postURL\",lcnm:\"posturl\",flg:0x12},{nm:\
"replace\ \",flg:0x12f},],[{
Could anyone please let us know if you have observed such occurances /
findings.
Any helps appreciated.
Thanks,
Sudipta Ghosh
Try to use HTMLCodeFormat() or HTMLEditFormat().
See docs.
There is a project called 'AntiSammy' (http://www.antisamy.net/) which uses files to combat XSS attacks that are provided by big sites like Slashdot and eBay. You may want to look at extracting the AntiSammy code to help you.
Here is a post by Peter Freitag on using AntiSammy without ColdBox.
http://www.petefreitag.com/item/760.cfm
Here are the docs for the ColdBox Framework:
http://wiki.coldbox.org/wiki/Plugins:AntiSamy.cfm
Also make sure you use cfqueryparams, captchas or some sort of session authentication form posts.
Related
I have built some RESTful api's with REstlet 2.3.4. I've been using HTTP_BASIC which let the browser prompt for credentials but it's time for a proper login form. I figure the easiest way to implement this is CookieAuthenticator. I can't find full working examples on github/google. I am sure i'm over looking them can someone provide a working example implementing CookieAuthenticator in Restlet?
I did get this to work after all. I have a longer answer here with some code examples. First, i was missing the fact that CookieAuthenticator is a filter and HAS the logic to handle login and logout. You need to create EMPTY ServerResources with a method annotated with #Post that has nothing in the body. Second, extend CookieAuthenticator and overwrite isLoggingIn(..) and isLoggingOut(..) with the code found in the link.
Cheers,
-ray
I am trying to modify Angular's built-in e-mail validator according to the official documentation (https://docs.angularjs.org/guide/forms, almost at the bottom of the page). They even provide a plunkr there which I forked and updated with REGEX expressions that should validate emails better than Angular's standard validation: http://plnkr.co/edit/UerAymIVWmAYKjeT3FH2?p=preview - works.
However, if I try to implement this code in my module, it doesn't work: http://plnkr.co/edit/UerAymIVWmAYKjeT3FH2?p=preview.
So basically I've just replaced
var app = angular.module('form-example-modify-validators', []); with
var App = angular.module('ionicApp', ['ionic', 'firebase', 'ngCordova']).
Feels like am lacking some very basic understanding of Angular here, could anyone please give me a hint?
Super stupid: Obviously the plunkr can't find my dependencies.
I'm been research on SendToKindle function, currently I'm using the Chrome SendToKindle Plugin. I want to implement this kind of function by using a web-service.
From what I see, the "SendToKindle" is analyzing the webpage by send the page to the amazon server, and then it will return a new url which will only contain the main article(Without any other elements).
e.g.
I reading this article:
http://www.nicholascarr.com/?page_id=21
use Chrome SendToKindle:
I got following new url:
https://www.amazon.com/gp/sendtokindle/reader?article=1392945012941
Dose anyone know how it this been implemented ?
Any help will be highly appreciated
Thank you
I'm curious about: http://nojsstats.appspot.com
This service is meant for google-analytics users that want to track their pageviews and others things even if javascript is disabled.
I wonder how this service works and how it can determine the necessary data without javascript? I mean what is happening when I HTTP-GET to the site:
Example (HTML code):
<img src="http://nojsstats.appspot.com/UA-123456/mywebsite.com" />
Follow the link, you will see what it does.
The Example you gave is basically a short code for:
http://www.google-analytics.com/__utm.gif?utmwv=1&utmn=93757836&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=mywebsite.com&utmr=&utmp=&utmac=UA-123456........
I just played with ember routing example. It looks quite interesting. Especially if you are going to build all your application on Ember framework.
But parameters in url follows after '#'. That means you can't copy and send a link to someone if client has to login with postback (if only to set a cookie with login parameters). Is there a better option - maybe use '?' instead of '#'?
You may also have a look at Ember.Router.
There are two good start points # https://gist.github.com/2679013 and https://gist.github.com/2728699
A lot of fixes have been made the last couple of days.
EDIT
A brand new guide is now available # https://emberjs-staging-new.herokuapp.com/guides/outlets#toc_the-router
Here is a full example courtesy of https://github.com/jbrown
http://jsfiddle.net/justinbrown/C7LrM/10/