|
No because iframes exist on the client, they are only accessible via code that runs on the client such as javascript. The code on your vb files runs on the server and has no knowledge of, or access to client iframes.
|
|
|
|
|
i am talking about asp.net mvc.
just seen a example but do not understand when people mention url with ajax begin form?
@using (Ajax.BeginForm(new AjaxOptions { Url = Url.Action("Foo", "Bar", null, "http") }))
{
...
}
when we need to post data to different controller and action then url is used?
if yes but ajax begin form has option where we can specify controller and action name then why should we generate url where form will be posted ?
The Ajax.BeginForm takes the following parameters
actionName
controllerName
routeValues
ajaxOptions
htmlAttributes
please help me to understand the url usage with ajax begin form. thanks
|
|
|
|
|
The URL option is used to to set a specific url to POST something to it. The URL option is there so you could specify a full string URL and not just an ASP.NET MVC Controller/Action format thing. So typically in ASP.NET MVC, you could just do:
@using (Ajax.BeginForm("YourAction", "YourController")
to POST to an MVC action. To POST to a URL specific route, you could do:
@using (Ajax.BeginForm(new AjaxOptions {
Url = "http://www.somedomain.com/foo"
}
|
|
|
|
|
i have editor which external user will use to create page. now wicked person can inject something malicious. so tell me how to prevent it?
i will allow user to upload any string data but how could i show it in page as a result html will display nicely but if there js code that will not be executed....just display html.
how to exclude script section from html data when displaying in page. thanks
|
|
|
|
|
Use something like AngleSharp[^] to parse the content, and strip out any tags or attributes that aren't explicitly allowed.
You'll probably also want to set up a Content Security Policy[^] to block inline scripts and third-party scripts that your site doesn't use.
NB: Some older browsers don't support CSP, so you can't solely rely on this to block XSS.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
i read article from these links
http://www.dotnet-programming.com/post/2015/04/12/How-to-Handle-Cross-Site-Scripting-in-ASPNET-MVC-Application.aspx
https://www.codeguru.com/csharp/.net/net_asp/preventing-cross-site-scripting-attacks-in-asp.net-mvc-4.htm
they saying to use AntiXSS library. can i use in production? is it robus?
guide me. thanks
|
|
|
|
|
The AntiXSS library is robust and perfectly suitable for use in production.
However, that will completely encode the output. From your original post, it doesn't sound like that's what you're trying to do.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Please let me know the step which is created for an MVC project with angular 4 in vs 2013 or give any reference link
|
|
|
|
|
|
suppose i have a interface from where user insert data to database. database is running in USA pc. user may enter data from USA,UK,Germany and India. so their timezone is different.
so do i need to store date and time as utc format ?
how to send timezone info of user to sql server store procedure and in sql server store procedure convert utc date and time to supplied timezone?
how to capture user timezone id or name which i will use to convert utc date and time to specific user time timezone info ?
i need to develop a application which show data entered by user from different country and data will be stored in USA pc.
please guide me detail.
|
|
|
|
|
Never save timezone information when saving datetime information. Always store dates and times as UTC values. The timezone information is only needed at the user's PC, when converting between local time and UTC.
|
|
|
|
|
at client side how could i convert utcdatetime to local datetime? give me some link or hints.
|
|
|
|
|
|
hi
please give me a code i want to prevent my website from csrf by using csrf-token, i want not to show page url or generate a random code in my url that expires every new time that we click on the link how can i do it?
|
|
|
|
|
There are great number of examples available in Google for CSRF-token.Language obviously you can only know whether you are using java or C#.Net or whatever.Please be specific while you are discussing on some topics.
|
|
|
|
|
We know when a user request a website first time then a session cookie dropped in user pc. If browser cookie is disabled then how session cookie is dropped at client side?
if browser cookie is disabled then session cookie is append at the end of url as query string?
please tell me what happen for session cookie when browser cookie is disabled in asp.net MVC.
|
|
|
|
|
If cookies are refused then the user gets a new session with each request, the site doesn't know it is a returning user. You can configure cookieless sessions in the config which will add a tracking ID to the url instead but this is generally a bad thing.
|
|
|
|
|
sorry not clear. you said - If cookies are refused then the user gets a new session with each request
if browser cookie is disabled then session id will be append with url like cookie less session ?
if we configure cookie less session then session id is added with url. so if browser cookie is disabled then session id will be added with url?
thanks
|
|
|
|
|
If you want cookieless sessions you need to enable them in the configuration and everyone uses them, even people who accept cookies. Generally I'd stick with cookies being required for sessions, if the user doesn't want to accept cookies then they have to put up with the consequences of that.
|
|
|
|
|
just tell me if browser cookie is disabled then session id will be passing to client?
|
|
|
|
|
Yes it will but it will just be thrown away by the browser.
|
|
|
|
|
you said -- Yes it will but it will just be thrown away by the browser.
when session id will be thrown away by the browser then error screen will be displayed?
|
|
|
|
|
No, the browser just ignores the cookies.
|
|
|
|
|
Hello, I would like to see the page in my gridview but I am not working what I am seeing on the internet, should I use a data source?
here I leave my code
<%@ Page Title="Inventario de Aplicaciones" Language="vb" MasterPageFile="~/CHJ_InventarioAplicaciones.Master"
AutoEventWireup="false" CodeBehind="Principal.aspx.vb" Inherits="CHJ.InventarioAplicaciones.Web.Principal" %>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="Main" ViewStateMode="Inherit">
<%----%>
<div id="divTituloPagina" class="divTituloPagina">
<span class="texto_tituloPagina">
<asp:Label runat="server" CssClass="texto_tituloPagina" Text="Inventario de Aplicaciones" ID="lblTitulo"></asp:Label>
</span>
</div>
<%----%>
<div style="margin-left: 10px; margin-bottom: 5px; margin-top: 5px; text-align:left;" >
<asp:Button ID="BtnNuevaAplicacion" OnClick="BtnNuevaAplicacion_Click" runat="server" Text="Nueva Aplicación" Font-Bold="True" CssClass="titulo_commando" Font-Italic="false" />
</div>
<%----%>
<div id = "divBackground" style="position: fixed; z-index: 999; height: 100%; width: 100%; top: 0; left:0; background-color: grey; filter: alpha(opacity=60); opacity: 0.6; display:none">
</div>
<div id="divContenidoPagina" class="divContenidoPagina" >
<asp:GridView ID="grdAplicaciones" runat="server" Width="100%" Height="80%" AutoGenerateColumns="False"
BackColor="White" EnableTheming="False" Font-Size="13px"
ViewStateMode="Enabled" ValidateRequestMode="Enabled" Font-Names="Arial" RowStyle-Width="100%" AllowCustomPaging="True" AllowPaging="True"
SortedAscendingCellStyle-VerticalAlign="NotSet" DataKeyNames="IdAplicacion" PageSize="18" AllowSorting="True"
EnableSortingAndPagingCallbacks="True" >
<Columns>
<asp:BoundField HeaderText="Nombre" DataField="Nombre" ItemStyle-Width="300px" >
<ItemStyle Width="300px"></ItemStyle>
</asp:BoundField>
<asp:BoundField HeaderText="Tipo" DataField="TipoAplicacionTexto" ItemStyle-Width="50px" ItemStyle-HorizontalAlign="Left" ItemStyle-VerticalAlign="Middle">
<ItemStyle Width="150px"></ItemStyle>
</asp:BoundField>
<asp:BoundField HeaderText="Estado" DataField="EstadoTexto" ItemStyle-Width="150px" ItemStyle-HorizontalAlign="Left" ItemStyle-VerticalAlign="Middle">
<ItemStyle Width="150px"></ItemStyle>
</asp:BoundField>
<asp:ButtonField ButtonType="Image" CommandName="INCIDENCIAS" ImageUrl="~/Images/incidencias.png" Text="Botón3" HeaderStyle-Width="25px" FooterStyle-VerticalAlign="Middle" FooterStyle-HorizontalAlign="Center" HeaderStyle-HorizontalAlign="Center" HeaderStyle-VerticalAlign="Middle" ItemStyle-HorizontalAlign="Center" ItemStyle-VerticalAlign="Middle" >
<FooterStyle HorizontalAlign="Center" VerticalAlign="Middle"></FooterStyle>
<HeaderStyle HorizontalAlign="Center" VerticalAlign="Middle" Width="25px"></HeaderStyle>
<ItemStyle HorizontalAlign="Center" VerticalAlign="Middle"></ItemStyle>
</asp:ButtonField>
<asp:ButtonField ButtonType="Image" CommandName="APP" ImageUrl="~/Images/view_16x16.gif" Text="Botón4" HeaderStyle-Width="25px" FooterStyle-VerticalAlign="Middle" FooterStyle-HorizontalAlign="Center" HeaderStyle-HorizontalAlign="Center" HeaderStyle-VerticalAlign="Middle" ItemStyle-HorizontalAlign="Center" ItemStyle-VerticalAlign="Middle" >
<FooterStyle HorizontalAlign="Center" VerticalAlign="Middle"></FooterStyle>
<HeaderStyle HorizontalAlign="Center" VerticalAlign="Middle" Width="25px"></HeaderStyle>
<ItemStyle HorizontalAlign="Center" VerticalAlign="Middle"></ItemStyle>
</asp:ButtonField>
<asp:ButtonField ButtonType="Image" CommandName="EDITAR" ImageUrl="~/Images/file_edit_16x16.gif" Text="Botón1" HeaderStyle-Width="25px" FooterStyle-VerticalAlign="Middle" FooterStyle-HorizontalAlign="Center" HeaderStyle-HorizontalAlign="Center" HeaderStyle-VerticalAlign="Middle" ItemStyle-HorizontalAlign="Center" ItemStyle-VerticalAlign="Middle" >
<FooterStyle HorizontalAlign="Center" VerticalAlign="Middle"></FooterStyle>
<HeaderStyle HorizontalAlign="Center" VerticalAlign="Middle" Width="25px"></HeaderStyle>
<ItemStyle HorizontalAlign="Center" VerticalAlign="Middle"></ItemStyle>
</asp:ButtonField>
<asp:ButtonField ButtonType="Image" CommandName="BORRAR" ImageUrl="~/Images/trash_16x16.gif" Text="Botón2" HeaderStyle-Width="25px" FooterStyle-VerticalAlign="Middle" FooterStyle-HorizontalAlign="Center" ItemStyle-HorizontalAlign="Center" ItemStyle-VerticalAlign="Middle" HeaderStyle-HorizontalAlign="Center" HeaderStyle-VerticalAlign="Middle" >
<FooterStyle HorizontalAlign="Center" VerticalAlign="Middle"></FooterStyle>
<HeaderStyle HorizontalAlign="Center" VerticalAlign="Middle" Width="25px"></HeaderStyle>
<ItemStyle HorizontalAlign="Center" VerticalAlign="Middle"></ItemStyle>
</asp:ButtonField>
<asp:ButtonField ButtonType="Image" CommandName="GruposSEG" ImageUrl="~/Images/2608_GoldLock_16x16.png" Text="Botón5" HeaderStyle-Width="25px" FooterStyle-VerticalAlign="Middle" FooterStyle-HorizontalAlign="Center" ItemStyle-HorizontalAlign="Center" ItemStyle-VerticalAlign="Middle" HeaderStyle-HorizontalAlign="Center" HeaderStyle-VerticalAlign="Middle" >
<FooterStyle HorizontalAlign="Center" VerticalAlign="Middle"></FooterStyle>
<HeaderStyle HorizontalAlign="Center" VerticalAlign="Middle" Width="25px"></HeaderStyle>
<ItemStyle HorizontalAlign="Center" VerticalAlign="Middle"></ItemStyle>
</asp:ButtonField>
</Columns>
<HeaderStyle BackColor="Gray" Font-Bold="True" ForeColor="White" />
<%----%>
<FooterStyle ForeColor="#8C4510" BackColor="#F7DFB5" />
<PagerStyle ForeColor="#8C4510" HorizontalAlign="Center" Width="100%" />
<%----%>
<pagersettings mode="NextPreviousFirstLast" firstpagetext="|Pri|" lastpagetext="|Últ|" nextpagetext="|Sig|" previouspagetext="|Ant|" position="Bottom" />
<RowStyle Width="100%"></RowStyle>
</asp:GridView>
</div>
<%----%>
</asp:Content>
modified 2-Jan-18 10:30am.
|
|
|
|
|
solution AllowCustomPaging="True" for AllowCustomPaging="False"
|
|
|
|