I am going trough the OWASP Top 10 list of 2007 and 2010. I stumbled upon Cross Site Request Forgery (CSRF) this is often called session riding as you let the user usee his session to fulfill your wishes. Now a solution to this is adding a token to every url and this token is checked for every link. For example to vote on product x th...
So, I am trying to use JSP to create a set of webpages. I want to link two pages so that if the user clicks a button in one page, it will trigger an event in the other page. Is there an efficient way to do this? I was taking a look at creating cookies and/or sessions. Any suggestions on these two methods? Thanks Edit: The second page ...
What is the best way to handle browser-specific CSS file loading? Assume you are running in the context of a proper MVC framework. Here are some options, you are free to discuss the pros and cons of these options as well as any other methods you know of, and prefer: Server-side solution: use the controller (e.g. servlet) to analyze th...
Hi guys, I'm building an app for a small business so I've to work with currencies, decimal numbers, etc... My goal is to create something like pulseapp.com. I've searched for opensource projects to look and the only thing I had found was django-cashflow. This app uses python-money. I've read some of the code and the ways it's coded see...
I was looking for a platform where widgets developed using various technologies like Java can communicate with each other. In other words When I add widgets to an interface I need them to talk to each other. For example A Click event in one widget should trigger an event in some other widget. I have been looking into the web for soluti...
I have a PHP script that checks the HTTP Referer. if ($_SERVER['HTTP_REFERER'] == 'http://www.example.com/') {...} However, this seems inherintly unsafe ... because what happens if the user goes to 'http://example.com/' or 'http://www.ExaMple.com' (both of which don't match the equality test). Question: what's a better equality test ...
I have a bound dropdown list populated with a table of names through a select, and databinding. it shoots selectedindexchanged that (through a postback) updates a certain gridview. What happens is, since it runs from changing the index, the one that always comes selected (alexander) can only me chosen if you choose another one, then cho...
On my portfolio page I have this setup: <div id="portfolio"> <ul id="sites"> <li> <h3><a href="#">MotorSomethin</a></h3> <img src="http://dummyimage.com/265x100/000/fff" /> <p> We tried going for a very dark but flashy look for this website. Hence the reason we used fla...
Considering the negative effects of document.write(), why are most tracking/marketing tags written using document.write()? I've thought about it quite a bit, and the only respectable idea I've come up with is that by writing it client side, we're guaranteed the browser won't try to cache the resource. Is that it? Any other ideas? ...
Is there consistency and/or a standard on how browsers send a url to a host related to trailing slashes? Meaning, if I type in http://example.com in the address bar of a web browser, is the browser suppose to add a trailing slash (http://example.com/) or not? ...
Is there any jQuery (or standalone) plugin that would allow be to build an Interactive US map just like this: http://bit.ly/9PSiDB Many thanks ...
Python needs a framework, so does Java (for the web). I don't know much about Ruby or Coldfusion. But is there another language out there for the web that can stand alone as it is without a need for a framework or without strict adherence to a design pattern (MVC and the likes) aside from PHP? BTW, the statement that Python and Java need...
Working on an AJAX website (HTML,CSS,JavaScript, AJAX, PHP, MySQL). I have multiple javascript functions which take rows from mysql, wrap them in html tags, and embed them in the HTML (the usual usage of AJAX). THE PROBLEM: Everything is working perfect, except when I run the site with Firefox (for once its not InternetExplorer causin...
There are a lot of similar questions, but, probably, mine is a little bit different: What is the right way to load resource from inside of .jar file located in WEB-INF/lib folder (if I know the jar file name and the name of the class it resource belongs to), while Web Application is running? Should I use getServletContext().getResourceA...
I want to include Microsoft AntiXss V1.5 library on my live site running in a medium trust setting.However, I got an error something like: Required permissions cannot be acquired. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the er...
I 'm devoloping a web page which has multi simalar inputs(lots of dropdownlist,text) grouped by some type selection (for example an imagetype input has some dropdowns,text inputs alse an other type has similar dropdowns ,text inputs also... ) these inputs will be selected over a treenode. when a node selected,input values of the selected...
Assuming that it's even possible, what would be your recomendations to make a bundle compatible between different platform releases? Specially between R3 and R4. Update about my requirements: The idea was to develop a web interface for a embedded device that currently runs an OSGi R3 container but that it could be upgraded soon to R4 (...
I want to know what is the best way to validate a submition of an html form with Spring 3.0. The validations are simple mandatory checks, not very business oriented. I'm currently using spring-modules-validator + commons-validator, but it's maven dep. is with Spring 2.0 , not 3.0. I'm not using annotations. ...
Question: How can you use the JQuery Auto-Completion plugin to suggest a location ("City, State") for an input field? Meaning, someone wants to type in "Chicago, IL" ... so they begin typing "Chi" and it auto-suggestions "Chicago, IL". My biggest hurdles is finding a service that I can query to find out all US city+state names. I esse...
I downloaded the Web Deployment Project plug-in for Visual Studio 2005. I installed it. I have a project that I am working on that is a Web Application Project. The Add Web Deployment Project Build menu selection is not in the Build Menu or Solution Explorer. If I create a raw test Web Site Project, the menu item magically appears. ...