"<%: %>" Vs Microsoft The Anti XSS Library
Jun 28, 2010
With .net 4 there's a new <%: %> script enclosure that's like <%= %> but does an html encode. People are encouraging the use of this new syntax. My question is, does <%: %> protect against XSS better or as well as using the Microsoft Anti XSS library?
A Microsoft security person once told me to never just use HTML Encode as it doesn't protect very well and that I should always use the Anti XSS library (or another library). Is that still true with <%: %>? Or can I confidently use <%: %> knowing it's going to protect my app from XSS like people are saying?
View 2 Replies
Similar Messages:
Oct 1, 2010
Seems like Microsoft updated the Anti XSS library today:http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 In addition there is a new release of the Web Protection Libraryhttp://wpl.codeplex.com/ Are these two downloads the same thing? What XSS library should I be using?
View 2 Replies
Jan 8, 2010
In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time.
My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment() method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page?
Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?
View 3 Replies
Jan 7, 2010
When you can simply encode the data using HttpUtility.HtmlEncode, why should we use AntiXss.HtmlEncode? Why is white list approach better than black listing?Also, in the Anti XSS library, where do I specify the whitelist?
View 3 Replies
Mar 9, 2011
Has any one used Microsoft's Enterprise Library, if so what parts of it did you use? I am using building a website (I guess the client app type is not important, it can be a Windows app as well) with all the architectural layer, and I am specifically interested in the exception handling, logging and caching blocks for now. Any one used these, what were the good and bads of your experience with, any alternatives that you rather decided to use? Performance is a thing that I am also interested in. I am looking for a decent exception handling framework which is how I came across the exception handling block. Anything other out there? Is it a wise idea to use the data access block with an MVC application seeing that everybody is the repository pattern with an ORM framework? I am still researching frameworks, so I would like to hear as many opinions.
View 1 Replies
Nov 15, 2010
is the NuGet downloadable package Microsoft-Web-Helpers an official Microsoft library?
View 8 Replies
May 23, 2010
s is really old news, but I just found out today. I was watching a channel 9 video on jquery and wcf (http://channel9.msdn.com/shows/Devs4Devs/WCF-and-jQuery-A-Perfect-Couple) and the narrator said at the MIX conference that the Microsoft Client Library is dead and that jQuery is getting all those efforts. So I use the client side library at work. So my question is does this affect the UpdatePanel and it's client side events? The UpdatePanel control looks to be integrated into ASP.NET. I would prefer to not use it anyways because of well known performance issues, but my boss prefers it's simplicity
View 1 Replies
Jun 9, 2010
I am using microsoft enterprise libarary to connect to mysql using mysql .net connector (latest version 6.2.3)
But i am facing a problem of too many connections and connection pool reached maximum limit issue.
As connection is disposed by enterprise library iteself so i dont close the connection anywhere.
So after two or three hours i found i have 100 mysql connections in sleep mode which are doing nothing and are not being reused from the code .
So i want to ask is there any issue with my code or is there any issue with mysql connector
View 1 Replies
Apr 6, 2010
I want to include Microsoft AntiXss V1.5 library on my live site running in a medium trust setting.However, I got an error something like:Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.I tried this in full trust setting on my development machine and everything works good.Looks like this will run only in full trust configuration.
View 2 Replies
Feb 25, 2016
I have QuestionTable.
ID Question Answer1 Answer2 Answer3 Answer4
But I want import from MS Word into table. I have question like this:
Question: @1.The capital of India.
Answer:$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
@2.The capital of Tajikistan.
$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
@3.The capital of Afganistan.
$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
Output result:
ID Question Answer1 Answer2 Answer3 Answer4
1 1.The capital of India. A) Dushanbe; B) Moscow; C) Delhi; D) Kabul;
View 1 Replies
Mar 2, 2010
I am looking at the twitter api page http://apiwiki.twitter.com/ and I noticed that they have already built libraries that are wrappers against the twitter api. So I am thinking this is the best way to go but I am unsure which C# library I should use.
What I am trying to do is make some simple service or cmd line application that will help me automate retweeting.
So I am looking for a library that will allow me to get posts from other twitter accounts and then retweet them from another account.
I am not sure if the library can do this or not. Otherwise I was thinking of getting the RSS feed from the twiter account I want to get the twitters from parse out the new ones and use a library to retweet them on my own account.
I have not used twitter much so I am hopping someone can shed some light on this.
View 2 Replies
Dec 16, 2010
I need to learn the following security-related questions pertaining to ASP.NET membership system (which I am currently using):
1) How to set up "secure" log-in for site members (when other sites say "secure login", what exactly is meant?) --- is that easy for a novice programmer to set up?; are there third parties?; is this done in collaboration with the site host?...Or by using the ASP.NET member system (which I have already set up), is that by default "secure" already?
2) When signing members up, what is best way to block out spammers from the registration process? Is there also third party software I can use? Perhaps someone can give quick answers to these, or point me in the right direction to read a good updated resource on this.
View 4 Replies
Jun 29, 2010
I am building an email feature in my website (jobs site). By using this functionality, recruiters will be able to send emails to candidates. I want an option so that the user can also set 'From Address' and the email should be ANTI-SPAM compliant.
View 2 Replies
Mar 28, 2011
We have developed apllication in Microsoft VS 2008 and when we opening this same application with Microsoft VS 2010. Then it's asking to convert.
So can anybody tell me what it is converting exactly. Means it's open application in Microsoft VS 2010 and running properly also. But i am understanding whats happning while converting.
View 3 Replies
Oct 27, 2010
I am facing the problem to acess the Data Base. some time ago i am easily acess the data base by typing the server name(like 127.80.1.7) and type the user id and password from web.config file but now i am find the error.like Login failed for user 'NSAdmin' (Microsoft Sql Server, Error:18456).
View 3 Replies
Dec 9, 2010
My server administrator does not allow me to install Microsoft Office in the server.
I have developed a website which converts XML files to Excel and it is using Microsoft.Office.Interop.Excel.
Is there any way I can run this application without installing Microsoft Office in the server?
View 7 Replies
Mar 11, 2011
Can I install Microsoft Visual Studio 2010 Service Pack 1 in Microsoft Visual Web Developer 2010 Express?
View 1 Replies
Oct 19, 2010
I was just curious has anyone set up two projects a asp.net mvc membership project and a silverlight wcf ria project in a silverlight library?? I really do not see alot of examples over the internet and I would appreciate any advice I also saw you set basic authentication to none. I know silverlight uses classic mode in iis
View 1 Replies
Mar 28, 2011
I was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt and decrypt a series of texts? Do you have to purchase that key? Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?
View 3 Replies
Oct 1, 2010
is there a way of referencing a .NET 4.0 in a .NET 2.0 app? Whenever I try to compile and build I get an error saying:
Could not load file or assembly 'blahblahblah' or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded.
Ive tried adding the Library as a project AND as a .DLL but still no luck. Unfortunately converting the .NET 2.0 to .NET 4.0 is not optional...
View 4 Replies
Jan 25, 2010
I have a C# library that gets built and gets placed into my website's bin folder. In my C# library I have a .ascx file and I'm trying to put another .ascx control in there. But I get this error:
Could not resolve type for tag "fb:FormBuilder". Make sure the proper namespace is registered.
This is in the top of my user control that I want to add to others:
<%@ Control Language="C#" Inherits="System.Web.UI.UserControl, ITextControl" %>
In my parent control, I have this:
<%@ Control Language="C#" %>
<%@ Register TagPrefix="fb" TagName="FormBuilder" Src="~/Resources/ControlTemplates/Backend/FormBuilder.ascx" %>
....
<fb:FormBuilder runat="server" id="FormCode"></fb:FormBuilder>
All my files are set as the Build Option as being "Embedded Resource" (.NET 3.5).
View 2 Replies
Apr 19, 2010
I have a web Application and have created a seperate class library project.I am trying to use the Class Library by referencing it in the Web Application. I am doing this by right clicking the web application and clicking 'Add Reference...'. I then browse to my Class library and click ok. This gets added to a Bin folder in my web application.The problem is I can't actually get any of the objects that are in the Clas Library. I have tried adding a using statement to the top of the page. It tells me that the object could not be found (are you missing a using directive or an assembly reference?)Can anyone tell me what I'm doing wrong?
View 3 Replies
Mar 19, 2011
I installed ASP MVC 3, but when I go to tools I can't see the Library Package Manager, it was supposed to install along ASP MVC 3, how come I cannot see it?
View 2 Replies
Jan 27, 2011
I have a .dat file which I was given to use for a test application. I would like to distribute this file with my library. How can I do this without needing to tell them copy this here to this folder etc.
View 3 Replies
Jan 25, 2011
I am using Enterprise library for my data access. when I am running the application, at the CreateDatabase() statement I am getting this exception:
Microsoft.Practices.ObjectBuilder2.BuildFailedException was unhandled by user code Message="The current build operation (build key Build Key[Microsoft.Practices.EnterpriseLibrary.Data.Database, null]) failed: The value can not be null or an empty string. (Strategy type Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfiguredObjectStrategy,index 2)" Source="Microsoft.Practices.ObjectBuilder2"
Now, I googled a bit and I found that I have to place
<dataConfiguration defaultDatabase="LocalSqlServer"/>
but I don't know where. Is it the right solution? Also, at the time of installing enterprise library I didn't see any connection string statement? So, I wonder how it will take the connection string from web.config file. In the connection string section of my web.config file I have:
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=MSTR;Initial Catalog=USERDb;Integrated Security=true;" providerName="System.Data.SqlClient"/>
View 1 Replies
