Question Using XSLT 1.0, given a string with arbitrary characters how can I get back a string that meets the following rules. First character must be one of these: a-z, A-Z, colon, or underscore All other characters must be any of those above or 0-9, period, or hyphen If any character does not meet the above rules, replace it with an ...
GWT's serializer has limited java.io.Serializable support, but for security reasons there is a whitelist of types it supports. The documentation I've found, for example this FAQ entry, says that any types you want to serialize "must be included" on the whitelist, and that the list is generated at compile time, but doesn't explain how th...
I've noticed that just in the last year or so, many major websites have made the same change to the way their pages are structured. Each has moved their Javascript files from being hosted on the same domain as the page itself (or a subdomain of that), to being hosted on a differently named domain. It's not simply parallelization Now, t...
We have a reverse proxy here, running Apache in version 2.2.x Essentially I want to create a whitelist so that only valid URLs will go through the proxy and be processed by the web server. How do you do this in the Apache config file, or do you need to use SQUID? ...
In my website (under development), the members can send messages to each other which are sent directly to their email, now I'm worried that some members can send spam to other members (I have a spam filter but it doesn't give 100% protection as you know), I'm worried that my domain might get blacklisted on Yahoo, Gmail, Hotmail or AOL wh...
I want to get on the whitelists for my email system, any recommendations whom to should contact about doing this, do I contact the big email providers directly (Yahoo, gmail, Microsoft hotmail/msn, AOL)? Also besides domainkeys, dkim and SPF records what else is a good way to protect yourself from getting on blacklists and going into sp...
I have a POST action that looks like this: public ActionResult Create([Bind(Include="userrole,credentials.emailAddress,credentials.password")]User u, string confirmPassword, bool agreeToTerms) I'm using the default model binder and credentials is a property on my User object. Credentials has two fields (emailAddress & password). If I ...
How to whitelist just some attributes with HTMLpurifier? I want HTMLpurifier to delete all the other, not allowed attributes. ...
Hello, I am writing a django app that keeps track of which email addresses are allowed to post content to a user's account. The user can whitelist and blacklist addresses as they like. Any addresses that aren't specified can either be handled per message or just default to whitelist or blacklist (again user specified). Here are the dj...
I would like to setup a http proxy on my work machine (no admin rights, WinXP) to only allow access to a whitelist of URLs. What would be the easiest solution? I prefer open-source software if possible. ...
I have a flash application that I am going to put up on my website shortly. I want to be able to "lock it" to the site to prevent: Hosting the .SWF on another site (after an illicit download), and Preventing the .SWF from opening if included in an iFrame on another site While allowing: A whitelist of sites to be passed through/enab...
Imagine a string, like 'Agh#$%#%2341- -!zdrkfd' and I only wish to perform some operating on it such that only the lowercase letters are returned (as an example), which in this case would bring 'ghzdrkfd'. How do you do this in Python? The obvious way would be to create a list, of characters, 'a' through 'z', then iterate over the ch...
As we all know by now, XSS attacks are dangerous and really easy to pull off. Various frameworks make it easy to encode HTML, like ASP.NET MVC does: <%= Html.Encode("string"); %> But what happens when your client requires that they be able to upload their content directly from a Microsoft Word document? Here's the scenario: Peop...
As outlined by this guys post, blocking IP's via PHP is pretty easy. However, how can I do this, site wide, using IIS? Here are my (big) caveats: I do not have access to change the php.ini. So I can't use auto_prepend feature. I am on Windows with IIS so I can't use .htaccess. I don't have any PHP "footer" which gets called on all o...
Hello, I've got the common situation where I've got user input that uses a subset of HTML (input with tinyMCE). I need to have some server-side protection against XSS attacks and am looking for a well-tested tool that people are using to do this. On the PHP side I'm seeing lots of libraries like HTMLPurifier that do the job, but I can'...
I have an input for users where they are supposed to enter their phone number. The problem is that some people write their phone number with hyphens and spaces in them. I want to put the input trough a filter to remove such things and store only digits in my database. I figured that I could do some str_replace() for the whitespaces and ...
I want to allow a lot of user submitted html for user profiles, I currently try to filter out what I don't want but I am now wanting to change and use a whitelist approach. Here is my current non-whitelist approach function FilterHTML($string) { if (get_magic_quotes_gpc()) { $string = stripslashes($string); } $string...
For the life of me I can't remember where/how to add ips to sqlserver's whitelist for remote connections. Thanks. ...
I was reading about development of XPCOM component. I came across these terms called whitelist data and blacklist data, I tried to find out on google but couldn't .. I do not know how its related to programming so forgive me if i placed the question at wrong place.. ...
I'm creating some IFrameable content. We want the user to be able to IFrame this page, but only from a set list of domains. Is there anything that we can check to see what the domain name of the parent page is? if (top != self) { top.location.replace(self.location.href); } ...