Library To Clean Input To Prevent Cross Site Scripting
Jun 19, 2007
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.
Any js libraries or resources out there anywhere?
View 1 Replies
ADVERTISEMENT
Jul 20, 2005
I need to html encode all text field values on the client just before
sending them to the server. A javascript equilalent of Server.HTMLEncode in
IIS. I also need to be able to perform the reverse.
All I am trying to do is ensure that if a user enters html tags in the a
form, that the tags does not get parsed by the browser.
View 4 Replies
View Related
Apr 24, 2006
Is it possible to run an HTML file from "localhost" and bypass the
various security checks in place for cross-frame scripting? For
example, on a 2-frame page loaded locally:
a) frame 1 includes a form that accepts the name of a web site
(example: www.foo.com), which a script or perhaps a "target" attribute
then loads into frame 2
b) frame 1 waits for frame 2 to load, then reads (for example)
top.frame2.document.images.length and displays the total in frame 1
I realize that "localhost" is not going to match the domain appearing
in frame 2, but as I myself am running the script, logically, where is
the harm?
I haven't done much testing with this yet, but am planning an
application around this concept and am hoping I can make it work. Any
pointers?
View 4 Replies
View Related
Jul 23, 2005
I'm working on a project at the office that pulls together a bunch of
our websites into a portal thing and adds a better search engine. We're
also trying to accomadate newer browsers (Netscape 7.2, Firefox,
Safari) and are having some problems. The websites run on different
servers, all of which we control, so we are setting the document.domain
= "ourdomain.com"; in some javascript on ever page. However, we're
having problems. We use popup windows for some things, and sometimes
these popups want to 'populate' the parent frame window with a new page
as a result of a user selection on the popup.
This works most of the
time, but not always. For instance, in Netscape 7.2 it just seems to
fail with an "access denied..." error in javascript. In Firefox and
Safari it opens a new window and populates that instead of populating
the original parent window. Can anyone point me at some definitive
information about the document.domain property and how to use it
effectively?
View 1 Replies
View Related
Aug 30, 2009
I'm trying to set up a system similar to Google AdSense that allows other websites to display some HTML content from my site on theirs. I've looked at the show_ads.js file Google uses to display Ads but to be honest I've not found it easy to decipher. I've also read that using a <script> tag to load a JavaScript file from my site is simpler than trying to do do this with an AJAX request. it discusses returning JSON rather than HTML.
BTW I know I could use an iframe to achieve something similar but this won't give me the result I need because the content coming from my site will contain a link back to my site and I want the link to be registered as an inbound link to my site for SEO reasons.
View 1 Replies
View Related
Jul 23, 2005
I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.
Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">
otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x
}
</script>
View 1 Replies
View Related
May 13, 2009
I have created a payment system using Jquery. The problem I run into is when I move from http to https. I get the following error: Error: [Exception... "Access to restricted URI denied" code: "1012"
[Code]...
View 3 Replies
View Related
Mar 10, 2009
I'm not sure why my ajax is throwing a cross site scripting error. I have a php page that request a page not in my domain. I have another page where my ajax requests the php page, which is in my domain. Then the error is thrown. Since the php page is in my domain, why would the error be thrown?
View 3 Replies
View Related
Feb 5, 2009
You can use it for your own purposes and change it.SoftXPath library has two methods for loading xml:
1) load("myxmlfile.xml")
2) loadXML("<root><name country='israel'>SoftXML</name><name country='usa'>Microsoft</name></root>")
SoftXPath library has three public properties:
DefaultNameSpace - Use this property when there is namespace in your xml document
if(SoftXPath.LoadedXML) - Use this property to check if xml string was loaded
if(SoftXPath.Loaded) - Use this property to check if xml document was loaded
SoftXPath library has single method for querying xml document using XPath:
selectNodes(xpath expression)
this method returns array of objects including tag name and text content
I have tested this script in IE,FireFox,Mozilla,Opera
Code:
// SoftXPath source code
function SoftXpath(){
function completeLoad(){[code]...
View 1 Replies
View Related
Jan 9, 2010
I have a site and in that I don't want to users pressing tab key and also shift + tab key. So I need a small javascript code for preventing execution of tab key and Shift+Tab Keys.
View 1 Replies
View Related
Oct 19, 2007
Currently prototype does not support cross site ajax, such as dojo or jquery.
This is unfortunate, cause I am really used to prototype and would like to use this functionality.
What would be the best way for me to implement cross site ajax for prototype.
Note that I will still need the normal ajax functions as well, so a nice extend or something would be good.
View 1 Replies
View Related
Aug 28, 2006
I'm working on a function of my page that contant must be visible on another sites. Just like google ads, maps and so on..
The question is how do I create that portion of javascript that my friends can embed on their sites (without useing IFrame!)
View 2 Replies
View Related
Apr 20, 2009
I would to know please if is it possible to block the loading of particular site by/via javascript. Having a web page with a flash content that contains a call to a particular site, I don't want to receive information from that site. does exists a javascript code that block that call to that site?
View 4 Replies
View Related
Mar 30, 2010
I am trying to find the simplest, most cross-browser friendly dynamic navigation for my site. I tried to use a CSS version (Suckerfish) and it worked ok but it destroyed the formatting I had. I would really like to implement this kind of dropdown on my main navigation so users don't have to click and wait for a page to load. If possible, I'd like very few lines of code. That's why the CSS option was good... there was very little javascript.
View 7 Replies
View Related
Aug 8, 2007
I've recently been working on a small AJAX/PHP plugin, its very easy to understand, you just call the page and it returns a quote from a database in html, something like
<strong>quote here.. <em>author name</em></strong>
And then you style it however you want, its good for semantics that way, you would typically wrap it in a div and update that div with the output each time from your ajax.
It all works fine, and you can see an example here @ www.theshadownest.com.au click on the clock, and you will see the quote come up. disregard the other stuff in the box.
The idea i had for this was set up a large database of quotes with simple semantic output and let Ajax queries call that page, but i want to be able to call that page output from other servers, urls etc... I thought that would be fine, you just request the page with ajax on your site and it could return the response from my site...
But this does not work, you get a permission denied error in the Javascript, it obviously can't do this.
How do you write a PHP/AJAX plugin that can work from multiple sites, because i want to be able to let anyone make a request, its basically a resource for people who want to add quotes to their site without setting up their own database or writing their own php.
View 11 Replies
View Related
Apr 8, 2010
I am using GreaseMonkey to load jQuery 1.3.2 (there is a bug with the latest version of jquery and GM) and jQuery UI 1.8.0.I am using jQuery via GM to manipulate the GUI of a content management system. This CMS uses its own JS library to dynamically add stuff to the dom.
Question:How can I target a dom element that was added to the dom via this other JS lib?In other words, the CMS will add a div to the dom, and I am not sure how to tell jquery to wait for these elements to "be there" before applying the jquery goodness. Specifically, I would like to do this:
$(function() {
$('#zen1227').resizable();
});
But "#zen1227" does not "appear" until later via this other JS library.
View 4 Replies
View Related
Jun 17, 2007
When you press the down key while in an input field the default
behavior for some event creates a dropdown of the previously input
text. What event creates that behavior and how do I stop it ?
For example, to prevent ANY type of default behavior when clicking ANY
key, I thought this would work, but the dropdown still occurs. What am
I doing wrong ?
In html file:<body >
Search Text: <input type='text' id='searchtext' />
in javascript file:
function blank(){
return false;
}
function registersearch(){
document.getElementById("searchtext").
document.getElementById("searchtext").
document.getElementById("searchtext").
document.getElementById("searchtext").
}
View 3 Replies
View Related
Apr 14, 2010
<script language = "Javascript">
function echeck(str) {
var at="@"
var dot="."
var lat=str.indexOf(at)
var lstr=str.length
var ldot=str.indexOf(dot)
if (str.indexOf(at)==-1){
alert("Invalid Email")
return false
} .....
The form submits even if no input is provided. The database get updated with blank values.
View 2 Replies
View Related
Feb 1, 2006
In my example the focus should only jump to textbox2 if you press the tab
key and if ཇ' is in textbox1. That works fine.
However if you enter e.g. ཈' in textbox1 and click on 'Link', Mozilla
shows the alert 'Wrong numer' but also jumps to 'www.google.com'.
Opera and IE don't do that what's in my opinion the correct behavior. Code:
View 1 Replies
View Related
Jul 1, 2010
I've created a form using datepicker to choose the birthdate, now I'm trying to control what's in my inputs, but I have issues when it comes to the input of my datepicker
When I have focus on my input I diplay a message to guide the user, when the event blur happens I check if the input contains a valide date and display an alert when it's wrong, but the blur is launched even when the user clicks on the calendar of datepicker, so the alert message is displayed which isn't supposed to happen
I'm looking for a way to wait for the user to select a date before executing the blur, or at the blur event check if the calendar is open or closed before doing any control
View 2 Replies
View Related
Feb 25, 2011
Lots on the web about this, but finding it difficult to piece everything together.I have a simple (jquery) RTE I've built using usual tools (IFRAME with execcommand functions).I want to be able to strip all html tags from anything copied and pasted into the iframe (specifically to remove the residual junk from MS word).I have this to capture the paste event (which works)
Code:
$('iframe#rte').contents().find("body").bind('paste', function() { alert('pasting!'); })
MY question is this: How do I target the pasted copy (only) and strip out the tags?I was previously doing this with PHP on submitting the page, but can't do that as I obviously want to keep the valid html tags added by the RTE itself - I changed the PHP to just remove <span> tags - but this is no good as some browsers write execcommand(bold) as <span class="bold">text</span>.
View 1 Replies
View Related
Mar 12, 2010
Basically I have this grab from a myspace profile to import a band's upcoming show listings on another website. The problem is that myspace puts all this information into a table, and in order to style the elements individually, I need a way to grab all the text from each cell and put them into their own divs. I don't want any table or tbody or tr or td references or anything, just the content from the cells placed in their own divs so I that I can style this individually.
If you could come up with a way to move all information from inside a cell into an array, that would also work. code...
View 2 Replies
View Related
Oct 19, 2011
How do I get a value from an html input from any one other site, which is beingdirected to mine?
Note: I can not use QueryString,I would like to use JQuery.
View 3 Replies
View Related
Sep 9, 2011
I am working on a page currently:my test page. As you will see, i have a jcarousel slideshow loading on the right side of the homepage. You may also see that when the site loads, you can see the images in the UL list loading before they turn into the carousel. How can I hide this/clean this up?
View 1 Replies
View Related
Jul 23, 2005
I am finishing up creating a fairly complex page that is very rich in
DHTML. In addition to updating it self every couple of seconds,
various components on it support sync and async communication with
various web services.
The problem is that if a user tries to click on any JS driven content
before the page is fully loaded, it will not work properly since it
relies on many onLoad scripts that initiate webservices etc.
is there a clean way, to simply disable any page functionality before
it loads ?
other than explicitly enabling every control in window.onload() event.
View 5 Replies
View Related
Jun 18, 2009
Is there any way to resize an iframe dynamically to the height of its content that works cross browser and works when the iframe content is on another domain than the main page (I have access to both pages, so code can be put in either) Also, it must resize when links in the iframe are clicked (ie when a new page within the iframe is loaded)
View 1 Replies
View Related
