Library To Clean Input To Prevent Cross Site Scripting

Jun 19, 2007

We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.

Any js libraries or resources out there anywhere?

View 1 Replies


ADVERTISEMENT

Preventing Cross Site Scripting

Jul 20, 2005

I need to html encode all text field values on the client just before
sending them to the server. A javascript equilalent of Server.HTMLEncode in
IIS. I also need to be able to perform the reverse.

All I am trying to do is ensure that if a user enters html tags in the a
form, that the tags does not get parsed by the browser.

View 4 Replies View Related

Cross-frame Scripting And Localhost

Apr 24, 2006

Is it possible to run an HTML file from "localhost" and bypass the
various security checks in place for cross-frame scripting? For
example, on a 2-frame page loaded locally:

a) frame 1 includes a form that accepts the name of a web site
(example: www.foo.com), which a script or perhaps a "target" attribute
then loads into frame 2
b) frame 1 waits for frame 2 to load, then reads (for example)
top.frame2.document.images.length and displays the total in frame 1

I realize that "localhost" is not going to match the domain appearing
in frame 2, but as I myself am running the script, logically, where is
the harm?

I haven't done much testing with this yet, but am planning an
application around this concept and am hoping I can make it work. Any
pointers?

View 4 Replies View Related

Document.domain Issues And Cross Server Scripting

Jul 23, 2005

I'm working on a project at the office that pulls together a bunch of
our websites into a portal thing and adds a better search engine. We're
also trying to accomadate newer browsers (Netscape 7.2, Firefox,
Safari) and are having some problems. The websites run on different
servers, all of which we control, so we are setting the document.domain
= "ourdomain.com"; in some javascript on ever page. However, we're
having problems. We use popup windows for some things, and sometimes
these popups want to 'populate' the parent frame window with a new page
as a result of a user selection on the popup.

This works most of the
time, but not always. For instance, in Netscape 7.2 it just seems to
fail with an "access denied..." error in javascript. In Firefox and
Safari it opens a new window and populates that instead of populating
the original parent window. Can anyone point me at some definitive
information about the document.domain property and how to use it
effectively?

View 1 Replies View Related

JQuery :: Cross Domain Scripting To Embed HTML?

Aug 30, 2009

I'm trying to set up a system similar to Google AdSense that allows other websites to display some HTML content from my site on theirs. I've looked at the show_ads.js file Google uses to display Ads but to be honest I've not found it easy to decipher. I've also read that using a <script> tag to load a JavaScript file from my site is simpler than trying to do do this with an AJAX request. it discusses returning JSON rather than HTML.

BTW I know I could use an iframe to achieve something similar but this won't give me the result I need because the content coming from my site will contain a link back to my site and I want the link to be registered as an inbound link to my site for SEO reasons.

View 1 Replies View Related

Cross-Frame Scripting, IFRAME And Https (access Denied)

Jul 23, 2005

I'm trying to dynamically set the height of my Iframe. my https: main page
is calling another https in an Iframe. But i get an access denied error
from my javascript trying to call the parent document.

Main https page
<IFRAME APPLICATION="yes" style="width:100%;" id="iframename"
frameborder="no" scrolling="no" SRC="https://www.otherdomain.com">

otherdomain.com html
------------------------------------------------
<script>
function bodyheight() {
x = document.body.scrollHeight
parent.document.all.iframename.style.height = x
}
</script>

View 1 Replies View Related

JQuery :: Cross Port Library Call?

May 13, 2009

I have created a payment system using Jquery. The problem I run into is when I move from http to https. I get the following error: Error: [Exception... "Access to restricted URI denied" code: "1012"

[Code]...

View 3 Replies View Related

Ajax :: Throwing X-site Scripting Error

Mar 10, 2009

I'm not sure why my ajax is throwing a cross site scripting error. I have a php page that request a page not in my domain. I have another page where my ajax requests the php page, which is in my domain. Then the error is thrown. Since the php page is in my domain, why would the error be thrown?

View 3 Replies View Related

Cross Browser Lightweight Library For Querying XML Documents?

Feb 5, 2009

You can use it for your own purposes and change it.SoftXPath library has two methods for loading xml:

1) load("myxmlfile.xml")
2) loadXML("<root><name country='israel'>SoftXML</name><name country='usa'>Microsoft</name></root>")

SoftXPath library has three public properties:

DefaultNameSpace - Use this property when there is namespace in your xml document

if(SoftXPath.LoadedXML) - Use this property to check if xml string was loaded

if(SoftXPath.Loaded) - Use this property to check if xml document was loaded

SoftXPath library has single method for querying xml document using XPath:
selectNodes(xpath expression)

this method returns array of objects including tag name and text content

I have tested this script in IE,FireFox,Mozilla,Opera

Code:

// SoftXPath source code
function SoftXpath(){
function completeLoad(){[code]...

View 1 Replies View Related

Prevent Execution Of Tab Key In Site

Jan 9, 2010

I have a site and in that I don't want to users pressing tab key and also shift + tab key. So I need a small javascript code for preventing execution of tab key and Shift+Tab Keys.

View 1 Replies View Related

Cross Site Ajax In Prototype

Oct 19, 2007

Currently prototype does not support cross site ajax, such as dojo or jquery.
This is unfortunate, cause I am really used to prototype and would like to use this functionality.

What would be the best way for me to implement cross site ajax for prototype.

Note that I will still need the normal ajax functions as well, so a nice extend or something would be good.

View 1 Replies View Related

How To Show Cross-site Content?

Aug 28, 2006

I'm working on a function of my page that contant must be visible on another sites. Just like google ads, maps and so on..

The question is how do I create that portion of javascript that my friends can embed on their sites (without useing IFrame!)

View 2 Replies View Related

Prevent Loading Of A Site Via Script?

Apr 20, 2009

I would to know please if is it possible to block the loading of particular site by/via javascript. Having a web page with a flash content that contains a call to a particular site, I don't want to receive information from that site. does exists a javascript code that block that call to that site?

View 4 Replies View Related

Cross Browser Dynamic Navigation For Site?

Mar 30, 2010

I am trying to find the simplest, most cross-browser friendly dynamic navigation for my site. I tried to use a CSS version (Suckerfish) and it worked ok but it destroyed the formatting I had. I would really like to implement this kind of dropdown on my main navigation so users don't have to click and wait for a page to load. If possible, I'd like very few lines of code. That's why the CSS option was good... there was very little javascript.

View 7 Replies View Related

AJAX/php - Plugin Cross Site Request

Aug 8, 2007

I've recently been working on a small AJAX/PHP plugin, its very easy to understand, you just call the page and it returns a quote from a database in html, something like

<strong>quote here.. <em>author name</em></strong>

And then you style it however you want, its good for semantics that way, you would typically wrap it in a div and update that div with the output each time from your ajax.

It all works fine, and you can see an example here @ www.theshadownest.com.au click on the clock, and you will see the quote come up. disregard the other stuff in the box.

The idea i had for this was set up a large database of quotes with simple semantic output and let Ajax queries call that page, but i want to be able to call that page output from other servers, urls etc... I thought that would be fine, you just request the page with ajax on your site and it could return the response from my site...

But this does not work, you get a permission denied error in the Javascript, it obviously can't do this.

How do you write a PHP/AJAX plugin that can work from multiple sites, because i want to be able to let anyone make a request, its basically a resource for people who want to add quotes to their site without setting up their own database or writing their own php.

View 11 Replies View Related

JQuery :: Another JS Library : Target Element Added To Other JS Library?

Apr 8, 2010

I am using GreaseMonkey to load jQuery 1.3.2 (there is a bug with the latest version of jquery and GM) and jQuery UI 1.8.0.I am using jQuery via GM to manipulate the GUI of a content management system. This CMS uses its own JS library to dynamically add stuff to the dom.

Question:How can I target a dom element that was added to the dom via this other JS lib?In other words, the CMS will add a div to the dom, and I am not sure how to tell jquery to wait for these elements to "be there" before applying the jquery goodness. Specifically, I would like to do this:

$(function() {
$('#zen1227').resizable();
});

But "#zen1227" does not "appear" until later via this other JS library.

View 4 Replies View Related

Prevent Dropdown With Previous Input

Jun 17, 2007

When you press the down key while in an input field the default
behavior for some event creates a dropdown of the previously input
text. What event creates that behavior and how do I stop it ?

For example, to prevent ANY type of default behavior when clicking ANY
key, I thought this would work, but the dropdown still occurs. What am
I doing wrong ?

In html file:<body >
Search Text: <input type='text' id='searchtext' />

in javascript file:
function blank(){
return false;
}
function registersearch(){

document.getElementById("searchtext").
document.getElementById("searchtext").
document.getElementById("searchtext").
document.getElementById("searchtext").

}

View 3 Replies View Related

Validation - Prevent Submit On Empty Input

Apr 14, 2010

<script language = "Javascript">
function echeck(str) {
var at="@"
var dot="."
var lat=str.indexOf(at)
var lstr=str.length
var ldot=str.indexOf(dot)
if (str.indexOf(at)==-1){
alert("Invalid Email")
return false
} .....
The form submits even if no input is provided. The database get updated with blank values.

View 2 Replies View Related

How To Prevent Mozilla Using A Link If A Wrong Number Is In An Input Box

Feb 1, 2006

In my example the focus should only jump to textbox2 if you press the tab
key and if &#3911;' is in textbox1. That works fine.

However if you enter e.g. &#3912;' in textbox1 and click on 'Link', Mozilla
shows the alert 'Wrong numer' but also jumps to 'www.google.com'.
Opera and IE don't do that what's in my opinion the correct behavior. Code:

View 1 Replies View Related

JQuery :: Prevent Blur Of Input When Calendar Of Datepicker Is Open?

Jul 1, 2010

I've created a form using datepicker to choose the birthdate, now I'm trying to control what's in my inputs, but I have issues when it comes to the input of my datepicker

When I have focus on my input I diplay a message to guide the user, when the event blur happens I check if the input contains a valide date and display an alert when it's wrong, but the blur is launched even when the user clicks on the calendar of datepicker, so the alert message is displayed which isn't supposed to happen

I'm looking for a way to wait for the user to select a date before executing the blur, or at the blur event check if the calendar is open or closed before doing any control

View 2 Replies View Related

RTE Clean Up Pasted Text?

Feb 25, 2011

Lots on the web about this, but finding it difficult to piece everything together.I have a simple (jquery) RTE I've built using usual tools (IFRAME with execcommand functions).I want to be able to strip all html tags from anything copied and pasted into the iframe (specifically to remove the residual junk from MS word).I have this to capture the paste event (which works)

Code:
$('iframe#rte').contents().find("body").bind('paste', function() { alert('pasting!'); })

MY question is this: How do I target the pasted copy (only) and strip out the tags?I was previously doing this with PHP on submitting the page, but can't do that as I obviously want to keep the valid html tags added by the RTE itself - I changed the PHP to just remove <span> tags - but this is no good as some browsers write execcommand(bold) as <span class="bold">text</span>.

View 1 Replies View Related

Clean Contents Of Table And Put Them Into Their Own Divs?

Mar 12, 2010

Basically I have this grab from a myspace profile to import a band's upcoming show listings on another website. The problem is that myspace puts all this information into a table, and in order to style the elements individually, I need a way to grab all the text from each cell and put them into their own divs. I don't want any table or tbody or tr or td references or anything, just the content from the cells placed in their own divs so I that I can style this individually.

If you could come up with a way to move all information from inside a cell into an array, that would also work. code...

View 2 Replies View Related

JQuery :: Get Html Input Value From Another Site ?

Oct 19, 2011

How do I get a value from an html input from any one other site, which is beingdirected to mine?

Note: I can not use QueryString,I would like to use JQuery.

View 3 Replies View Related

JQuery :: Hide Images As They Load/clean Up Page?

Sep 9, 2011

I am working on a page currently:my test page. As you will see, i have a jcarousel slideshow loading on the right side of the homepage. You may also see that when the site loads, you can see the images in the UL list loading before they turn into the carousel. How can I hide this/clean this up?

View 1 Replies View Related

Clean Way For Disabling Dhtml Functionality Until Page Is Fully Loaded ?

Jul 23, 2005

I am finishing up creating a fairly complex page that is very rich in
DHTML. In addition to updating it self every couple of seconds,
various components on it support sync and async communication with
various web services.

The problem is that if a user tries to click on any JS driven content
before the page is fully loaded, it will not work properly since it
relies on many onLoad scripts that initiate webservices etc.

is there a clean way, to simply disable any page functionality before
it loads ?

other than explicitly enabling every control in window.onload() event.

View 5 Replies View Related

Cross Browser, Cross Domain Iframe Resizing Script?

Jun 18, 2009

Is there any way to resize an iframe dynamically to the height of its content that works cross browser and works when the iframe content is on another domain than the main page (I have access to both pages, so code can be put in either) Also, it must resize when links in the iframe are clicked (ie when a new page within the iframe is loaded)

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved