Can Attacker Change The Src Attribute In Iframe
Jan 20, 2010
I have a website that uses IFrame in a page that loads other pages based on server side logic. So, if I do a View source, I would see something like this:
<iframe src="DeterminedOnServerSide.aspx" id="myFrame">
</iframe>
My question is - Is there any way, an attacker can change the src attribute to point other users to a malicious website considering that the src is determined on the server side?
View 5 Replies
Similar Messages:
Feb 27, 2010
string iframeSrcPage = iframeMain.Attributes["src"];
to get iframe source, always returns the value which set in aspx page itself, even that value is changed using javascript code,
iframeObject.src = pageURL;
So, how to get an IFrame src attribute value from ASP.Net code behind?
View 1 Replies
Feb 24, 2011
on ASP.Net code behind page i have generated the source and now i want to get that value of src attribute of iframe on html page?
View 1 Replies
Apr 8, 2010
I want to change source of iframe dynamically. i.e by request.query the url will be assigned.
View 1 Replies
Sep 1, 2010
<iframe id="hdnFrm" name="hdnFrm" src="" scrolling="yes" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0" style="width:90%;height:90px"></iframe>here is my iframe. This in on a php page on a different website. Right below the iframe is a form. The form posts variables to a page on my vb.net website. The codebehind processes the data in the form. The results of processing are sent back to the iframe above.When this happens instead of the height beinc 90px, I want to change it to a different number.How can i do this?Do I set up some type of "listener" for when the controls arrival.
View 6 Replies
Apr 15, 2010
I have an XDocument that looks similar to
<root>
<a>
<b foo="1" bar="2" />
<b foo="3" bar="4" />
<b foo="5" bar="6" />
<b foo="7" bar="8" />
<b foo="9" bar="10" />
</a>
</root>
I wish to change the attribute foo to something else, and the attribute bar to something else. How can I easily do this? My current version (below) stack overflows with large documents, and has an awful smell to it.
string dd=LoadedXDocument.ToString();
foreach (var s in AttributeReplacements)
dd = dd.Replace(s.Old+"=", s.New+"=");
View 2 Replies
Jul 19, 2010
is it possible to change attribute values on a non-asp.net controls (like an image)? I can change attributes on buttons and the like, but not on images? btnID.Style.Add("display", "inline") This works for a btn, but if I try to use this code to reference image (or even just try to make the image disappear) - it does not work Further info: I am using this code on a drop down list - basically when the user makes a selection i want to remove an image (make it invisible or visible) or change its display attribute (e.g. to inline). It does work ok for a real btn - but i can't reference an image ID.
View 3 Replies
Jan 20, 2011
I have an app I am transitioning to MVC3 to see what the upgrade path is essentially. I've hit a snag. I believe I've run into a change that may be due to the changes for Dependency Injection in action filter attributes, but I have been unable to track down the cause, and the "correct" solution.This project uses StructureMap and NHibernate. The NHibernate session is started at the beginning of each request, and ends at the end of each request, thanks to a small module. This is just to give an idea of the stack involved...o I have a few custom Authorize attributes (Inheriting from AuthorizeAttribute) that perform some more complicated authorization logic for specific actions that they decorate. Part of their functionality involves using two repositories which they must either (a) have injected, or (b) get from the StructureMap ObjectFactory themselves. In MVC2 I was using option b, so that the CONSTRUCTOR of the attribute looked like this:
[Code]....
This worked fine, as in MVC2 the constructor was called each time the attribute was evaluated. This BREAKS in MVC3, where it would appear that this is no longer the case. Due to this apparent change, the FIRST time this attribute is evaluated, it runs fine, but each subsequent time, any calls in the repositories fails because it claims the NHibernate Session object hasn't been started! The reason being, as far as I can tell, that the CustomAuthorizeAttribute is created once, and then held in whatever state it exists in at that point for the lifetime of the application... Which means that the dependencies inside of it (Which SHOULD go out of scope at the end of each request, and be reinstantiated / fetched at the beginning of subsequent requests), are instead persisting with it becoming stale after the first evaluation.After banging my head against the desk for a few hours, I realized that simply moving these calls to the ObjectFactory into the AutorizeCore method made everything work again.Now, all of this was of course, a hack, because there wasn't a good easy to do real dependency injection into attributes in MVC2. I hear that is changed in MVC3, and I am wondering if this behavior is in response this change, and if so, what do I need to do to make this work?
View 3 Replies
Jan 26, 2011
I have the following defaultmembership provider in my web.config
<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
I am trying to update the enablePasswordReset from false to true programmatically but am struggling.. This is as far as I got!
ConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
var section = (MembershipSection)config.GetSection("system.web/membership");
var defaultProvider = section.DefaultProvider;
var providerSettings = section.Providers[defaultProvider];
// Now what?
View 2 Replies
Mar 17, 2011
I am new in ASP.NET and I am having a problem in generating the ID of each label that I generate in ListView's ItemTemplate control. I use it like this :
<asp:SqlDataSource ID="JobCat" runat="server"
ConnectionString="<%$ ConnectionStrings:KROVAN %>"
SelectCommand="SELECT * FROM [TblJobCat]"></asp:SqlDataSource>
<asp:ListView ID="ListView1" runat="server" DataSourceID="JobCat">
<ItemTemplate>
<li>
<a href="Jobs.aspx?CatID=<%# Eval("JobCatID") %>"><%# Eval("JobCategories") %></a>
<asp:Label ID="label<%# Eval("JobCatID") %>" runat="server"></asp:Label>
</li>
</ItemTemplate>
</asp:ListView>
When I run it, it says Parse Error. So is there any solution than can be done to change the label ID like this?
View 4 Replies
Aug 17, 2010
I have a web user control menu of page. Now I want HOME (which is an hyperlink text) in menu to be Bold at the time default.aspx Loaded (Load event)! How can I do that If any one can provide code! I am using VB .Net at back.
View 2 Replies
May 24, 2010
I am facing challenge of changing action attribute of html form tag. As my application is on shared hosting (medium trust) environment of godaddy server, I cannot use reflection to get control adapter of html tag page. So, I cannot use the following code in my Url Rewriting module.
[Code]....
Is there any otherway to implement the same functionality without reflection?
View 4 Replies
Jan 3, 2011
panel defaults to absolute positioning - change the left attribute
[Code]....
View 3 Replies
Nov 30, 2010
i am trying to load a dynamic iframe but it cannot visualize the page.
this is my html code:
[Code]....
and this is my codebehind:
[Code]....
i am using a content update panel on the page but the div of the iframe is out of the content panel.
View 1 Replies
Dec 23, 2010
in my application iam using an iframe, all pages are loaded on that iframe according to menu selection.My problem is that while timeout the login page is loaded inside the iframe.under the menu sectionHow can i overcome this?
View 1 Replies
Feb 9, 2011
I have created a web application that docks other web applications into it.When an application is docked the app creates a link button in its "tool box" on the left hand side of the page, users can easily click on any link button to navigate to the desired docked app.
I have a web app that uses iframes to display other web applications inside it. In effect it is a docking application where users can easily access many web applications from within one main app, while staying within the main app. I am having challenges dynamically resizing the iframe based on the size of the application the user is accessing.I have searched the web and tried many ideas but have yet to discover the code that will do the trick.
First, for a docking web application is the iframe the best approach? I have see some posts on ajax but am uncertain how that will help.
Second, if an iframe is the way to do it does anyone have code that will completely liminate the need for iframe scroll bars?
Note:The applications docked in the main we app may be of any size and can change size as users interact with them.
View 3 Replies
Mar 29, 2011
Our website application needs to open other web sites Iframe.(Our application is web based tool to help high school children to analyze the websites. It has to show news websites to in one iframe and in rest of the page there will be questions related to the news website)
But since many websites use framekiller code, these sites take control of entire page. Is there any ternative way / solution to this problem?It is necessary to be able to open other sites in our website (in iframe or any alternate way), otherwise whole concept of our application will become void.
View 1 Replies
Mar 31, 2011
<asp:GridView ID="GridView1" runat="server">
<Columns>
<asp:TemplateField>
<ItemTemplate>
<asp:TextBox ID="TextBox1" onchange="calculate()" runat="server" Text="0"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
I'm getting this error on the above markup: Message 1 Validation (ASP.Net): Attribute 'onchange' is not a valid attribute of element 'TextBox'.
View 2 Replies
Mar 17, 2011
I have a problem with my web site 1stSigBdeAssn.org. I have made no changes to the site but I now get the following error message:
Parser Error Message:
Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive.
Source Error:
[code]....
View 4 Replies
Feb 1, 2011
I created a simple Master Page in Visual Studio 2008:
<%@
Master
Language="VB"
CodeFile="MasterPage.master.vb"
Inherits="MasterPage" %>
<!DOCTYPE
html
PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
and got green underlined 'Master' with two warning messages: 1.Validation (ASP.NET): This attribute name must be followed byan equal (=) sign and a value. If the value is in quotation marks, the quotation marks must match. 2. Validation (ASP.NET): Attribute 'Master' is not a valid attribute of element 'Control'.How I can get rid of the messages?
View 3 Replies
May 7, 2015
I am using a link in href for example: URL....I want that to be dislayed dynamically from database my PID should be fetched from database.
View 1 Replies
Feb 16, 2011
i have a page with html link control. i am trying to change the "href" attribute from codebehind but it gives
"object reference not set to instance of object" error.
HtmlLink link1 = (HtmlLink) Page.FindControl("stylesheet");
link1.Attributes.Add("Href", "css/styles.css");
View 3 Replies
Jun 14, 2010
i open a iframe in a page, from that page opend in iframe, i want the page url.means one page mainpage.aspx have a iframe, that iframe open open a iframepage.aspx page.from the iframepage.aspx page's button click event i want to referesh the mainpage.aspx page.how can i do.
View 1 Replies
Sep 17, 2010
I have a tag:
<asp:ListItem
CssClass="LabelCSS">Executive</asp:ListItem>
and I am getting the error message
Validation(ASP .Net):Attribute CssClass is not a valid attribute of element ListItem.
What attribute would I use for Css with ListItem?
View 2 Replies
Nov 29, 2010
i'm trying to host an .net framework4.0 application in IIS7. i got an error while clicking on the manage module in modules .like ("Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive. ") .I changed my application poll to .net4.0.I am able to browse my application
</system.serviceModel>
</configuration>
View 5 Replies