|
Kornfeld Eliyahu Peter wrote: Stand against the wall!
Ain't it a bit more hard punishment than the mistake he made?
|
|
|
|
|
Why it is so hard to stand against the wall?
(It is my imagination, or you heard some gunshots? There were nothing... )
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I was actually relating the Lounge with the class room where teacher orders the poor student to stand against the wall(as a punishment)
Kornfeld Eliyahu Peter wrote: or you heard some gunshots
I actually heard the laughters of the class-mates upon the punishment.
|
|
|
|
|
Consider why this is a difficult thing to do with no standard solution.
It is because it is an odd thing to do.
That sounded very rude so I hope you are still with me. (I'm really not trying to be rude, just direct.)
What I mean is that you are posting the data (expected) and the template (unexpected).
Here, by template, I mean HTML.
HTML is really just a template.
I'm on the outside of your solution so I immediately think, "Why? Why is Sander posting HTML, when the HTML (template) should be described at the server side? Why would he post HTML when that is surely described on the server side? Since it is on the server side, the server doesn't need the template data posted since it already has it."
The only reason I can figure is that you are allowing users to post markup for their posts something like you can do here in this forum. Is that it?
If it is, then this will always be a challenge, because now you actually have to become an HTML parser because now instead of allowing a browser to handle the __template__ you have to pull out the bytes which represent the __template__ and separate them from the bytes which are the data.
Well, I'm not offering much of a solution, but possibly a different take on what is really going on.
I think separation of concerns leads us to think more clearly about each piece of a solution.
Hopefully I've added something to this discussion.
|
|
|
|
|
Yeah, thanks. You're right.
It is an odd thing to do.
And indeed the user can add markup to stuff.
Ultimately I've just disabled the check, since it's an internal intranet application and the customer has explicitly asked to be able to do HTML markup.
I leave it to them to not use script tags and that kind of stuff.
I've already secured it a bit with an HTML editor that translates <> typed by the user to <> so it ain't that bad
Just don't hack the browser or post HTTP requests directly.
Although that can be considered bad intent and cost employees their job and who knows more (which still doesn't make the data right though).
|
|
|
|
|
You could do a check to disallow any scripting, etc. Let "normal" HTML through, but remove any 'dangerous' tags.
|
|
|
|
|
Sander Rossel wrote: but there's no standard function for that. If it is on MSDN can it be considered standard?
HttpUtility.HtmlEncode Method (String)
Converts a string to an HTML-encoded string.[^]
There are strangers on the Plain, Croaker
|
|
|
|
|
I need to do that on the front-end and that's not exactly JavaScript is it
Well, at least it's a start.
|
|
|
|
|
Messy beach leads to illness (7)
Easy Word I think
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
bumache?
Anagram (messy) of beach and, um...
A bumache can often be a prelude to an illness.
Not as easy as you thought, or no-one cares.
Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.
|
|
|
|
|
On the right track but apply anagram on the other word for beach
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
Ah, disease - anagram of seaside.
Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.
|
|
|
|
|
You are up next.
See, the word was easy.
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
It was, I think bumache was better though.
Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.
|
|
|
|
|
veni bibi saltavi
|
|
|
|
|
Movie Quote Of The Day
I'm the product of a f***ed up generation.
Which movie?
|
|
|
|
|
Don't know, but it would kinda explain Justin Bieber if it was suddenly discovered that his parents were first cousins...
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
Fist of the North Star
Geek code v 3.12 {
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
}
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
|
|
|
|
|
|
Ice Age: Dawn of the Dinosaurs
Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.
|
|
|
|
|
|
Ahm, Meet the Fockers?
Don't mind those people who say you're not HOT. At least you know you're COOL.
I'm not afraid of falling, I'm afraid of the sudden stop at the end of the fall! - Richard Andrew x64
|
|
|
|
|
Tramspotting?
veni bibi saltavi
|
|
|
|
|
a few good men
In Word you can only store 2 bytes. That is why I use Writer.
|
|
|
|
|