Hello everyone! I would like to know whether there is a way to insert/inject a <string> element defined in an XML file into another <string> element, doing that just with XML. For example I could have: <string name="author">Francesco</string>` and I am looking for something like: <string name="about_application">Author: @string/aut...
hi, I'd like to call a JavaScript function out of Java (Android). Well, the following source code works fine for me (source) 1 /** 2 * This is not called on the UI thread. Post a runnable to invoke 3 * loadUrl on the UI thread. 4 */ 5 public void clickOnAndroid() { 6 mHandler.post(new Runnable() { 7 public void run() { 8 ...
I'm using prepared statements and MySQLi with my queries to protect against injection attacks. Would prepared statements remove the need for mysql_real_escape_string entirely? Is there anything else I should consider when securing my site? ...
I know there is no harm in adding it either way but I'm curious... If I was to use htmlentities(); with ENT_QUOTES and then mysql_real_escape_string(); the variable before entering it into the Database, then just use html_entity_decode(); along with stripslashes(); to display the information... Would this still be safe and secure? ...
Hey guys, I'm learning OO PHP, and have been looking into PDO -- One thing I'm not clear on though is whether I should be using PDO prepared statements in conjunction with the filter_var() function or just by themselves. For instance, should I be doing $query = $database->connection->prepare("SELECT name FROM acounts WHERE id = :id LIMI...
Hi all, I currently have a webapp that consists of ~100 unique URLs + ~75 pages. The application uses Spring for security and Tomcat to host. My question is how do I prevent the following from happening: http://localhost/myApp/myPage;rollback; If that's not clear, what I am trying to prevent is my application from processing anythin...
Hello all, The short question: Does Castle Windsor have something similar to Spring.Net's "Lookup Method Injection" that can be configured from XML, which provides the ability to fetch transient instances from the container without the class being aware of the IoC container? The long question: I'm a long time Spring/Spring.Net user and...
It's clear to me how to inject an object which is in my domain (I have access to the source) using Weld. You just annotate the implementation with e.g. @Named and @ApplicationScoped, and then annotate the target attribute with @Inject to get the implementation injected. However, not sure how can I inject implementations of classes which...
For example if I am colecting a [URL value] in a form, saving that [URL value] in a database, and then using it in a page like this: <a href="[URL value]" > The Link </a> How do I protect against this [URL value]: http://www.somelink.com"> Evil text or can be empty </a> ALL THE EVIL HTML I WANT <a href=" How can I protect agai...
Hello everybody! After hours of penetrating Google I ended up here. I'll come straight to the point: I'm about to "refresh" my C/C++ skills and gain experience with the unmanaged world again. As a "basic" task I developed a little key logger (which are just a few lines with the Windows API) but now I want to extend it with a "stealth" f...
I'm working on a Synergy port to the Android (see synergy-foss.org). The only way I've found to inject keystrokes is to use the Cyanogen Mod and write keystrokes to /dev/uinput. However, my app does not have permissions to write to /dev/uinput. The only way around this that I've found is to chmod 777 /dev/uinput. However... it seems ...
Basically i am looking for the difference between asp injection and sql injection on a asp webpage and what are the different types of asp injection other than sql injection ...