|
I'm playing with a .NET Server RC1 and having some problems when trying to setup IIS 6.0. Ok, I have lots of experience in past versions of IIS so, I'm to ask this:
My IIS 6.0 is working fine, processing ASP pages normally, serving normally HTML, GIF and so on. But, when I try to GET a .vbs file it fails with a 404 code. I've double-checked (triple-checked, in fact) security settings and the file is there!
If I rename this file to any extension with a known MIME type like .txt, .zip it works fine. If I rename to .xxx, it gives me a 404 error again.
So, what I am doing wrong ?!
Q261186 - Computer Randomly Plays Classical Music
|
|
|
|
|
Daniel Turini wrote:
So, what I am doing wrong ?!
Well I don't have access to IIS 6.0 at the moment so I am just shooting blind here but why not try and add .vbs as a new text mime type?
In IIS 5 you just go web, properties, http headers, file types, New Type.
I am guessing IIS 6 has tightened up because IIS 5 lets a VBS file through without any new MIME mappings. Could screw some people when they upgrade no?
|
|
|
|
|
Paul Watson wrote:
In IIS 5 you just go web, properties, http headers, file types, New Type.
Thanks, It's what I did a few moments ago, but this seems more to a workaround to me. There are some new "features" in IIS 6.0, like disabled ASP by default and all of them have nice wizards or interfaces for doing this.
I figured that it there should be a cleaner way of enabling this. It seems that in IIS 6.0 you have to explicitly enable all extensions you want IIS shares.
Q261186 - Computer Randomly Plays Classical Music
|
|
|
|
|
if i remember, IIS6 comes locked down - kind of like running URLScan or IIS lockdown on an IIS5 site. In XP/2000 look under the winnt/system32/inetsvr or something like that for a urlscan directory. You can set the allowed extensions here. It overrides IIS and is like putting a condom over port 80. Never run a web server with out it!!!! It's the best, cheapest protection you can get. But hopefully, by the time IIS6 comes out, you wont be using VBscript.;)
|
|
|
|
|
James Saville wrote:
But hopefully, by the time IIS6 comes out, you wont be using VBscript
Didn't they say something similar about COBOL once?
Thanks for the lockdown stuff BTW, never heard of it but am sure to try it out now.
|
|
|
|
|
Paul Watson wrote:
Thanks for the lockdown stuff BTW, never heard of it but am sure to try it out now.
I think that is the same thing that says if your webserver is connected to a network port, it is not safe. DOPE!
"There are no stupid question's, just stupid people."
|
|
|
|
|
I am considering buying a editor control form a web project I am doing that will allow people to post text to a site and format it using HTML. I know how hazzardous this can be if someone places a nasty javascript tag or somethign in the message, that's why I am asking this here.
I want to allow the formatting tages (bold, ul, lists, tables, etc...) but strip out all the tags that can cause troubles (IE Javascript and vbscript).
Does anyone have a good listing of what I would have to strip out before I store the text?
Also, this has more to do with the actual storeage... Does anyone have a list of the characters that I have to watch out for that can give SQL a headache? I know about '"' already but are there any others that I will need to escape?
|
|
|
|
|
I tend to allow people to use tags like [b][/b] for bold rather than <b></b>. If they enter HTML-looking tags then it gets converted to use lt/gt tags.
The basic tags I allow are headers, bold, italic, underline. I also allow [link *url*], [mail *url*] and [font *face* *color* *size*] (I keep meaning to improve this last one so that you don't need to enter face and color to change the size but I haven't done it yet).
I also replace line feeds with "<br>", except after a header close and translate ampersand, less than, greater than, pound and quote.
Here's some C# code... it's far from perfect coding (serious lack of comments for one thing and I didn't know about Regex when I wrote this - in fact it was adopted quickly from an old VBScript where RegEx wasn't an option) but it works and you can fiddle it to your needs.
private string Format2Html(string Formatted)
{
string[] hdrTags = {"h1", "h2", "h3", "h4", "h5"};
string[] nmlTags = { "b", "i", "u", "center" };
string[][] splTags = { new string[] { "link", "a", "href=\"%\"" },
new string[] { "mail", "a", "href=\"mailto:%\"" },
new string[] { "font", "font", "face=\"%\"", "color=\"%\"", "size=\"%\"" } };
string rtn = Formatted.Replace("&", "&").
Replace("<", "<").
Replace(">", ">").
Replace("£", "£").
Replace("\"", """).
Replace(Environment.NewLine, "<br>" + Environment.NewLine);
int next = 0, start = 0;
for (start=rtn.IndexOf('['); start > -1; start=rtn.IndexOf('[', start + 1))
{
string replacement = "";
next = rtn.IndexOf('[', start + 1);
int end = rtn.IndexOf(']', start + 1);
if (end == -1) end = rtn.Length - 1;
if (end > next && next > -1) end = next;
int length = (end - start) + 1;
string tag = rtn.Substring(start, length).TrimEnd(']').TrimStart('[').Trim(' ');
string[] tkn = tag.Split(' ', ',');
for (int i = 0; i < hdrTags.Length; i++)
{
if (hdrTags[i] == tkn[0])
{
replacement = "<" + hdrTags[i] + ">";
}
else if (hdrTags[i] == tkn[0].TrimStart('/'))
{
replacement = "</" + hdrTags[i] + ">";
if (rtn.Substring(end + 1, 4) == "<br>") end += 4;
}
}
for (int i = 0; i < nmlTags.Length; i++)
{
if (nmlTags[i] == tkn[0])
{
replacement = "<" + nmlTags[i] + ">";
}
else if (nmlTags[i] == tkn[0].TrimStart('/'))
{
replacement = "</" + nmlTags[i] + ">";
}
}
for (int i = 0; i < splTags.Length; i++)
{
if (splTags[i][0] == tkn[0])
{
replacement = "<" + splTags[i][1];
for (int j = 1, k = 2; (j < tkn.Length) && (k < splTags[i].Length); j++, k++)
{
while (tkn[j].Length == 0) j++;
replacement += " " + splTags[i][k].Replace("%", tkn[j]);
}
replacement += ">";
}
else if (splTags[i][0] == tkn[0].TrimStart('/'))
{
replacement = "</" + splTags[i][1] + ">";
}
}
if (replacement.Length > 0)
rtn = rtn.Remove(start, (end - start) + 1).Insert(start, replacement);
}
return rtn;
} HTH
Paul
Why don't you take a good look at yourself and describe what you see - Led Zeppelin, Misty Mountain Hop
|
|
|
|
|
C# code to remove HTML tags:
System.Text.RegularExpressions.Regex r = new System.Text.RegularExpressions.Regex(@"<[^>]*>|</[^>]*>");
r.Replace(s, "");
|
|
|
|
|
Daniel Turini wrote:
"<[^>]*>|]*>"
God don't those RegEx patterns make your eyes bleed? RegEx pattern builders are a must IMO.
Thanks for the pattern BTW, quite a useful one.
|
|
|
|
|
UGH! But all I want to do is remove things like ... as well as any of the inline code that can be inserted.
I assume that I could just so a regex.replace on all the ... stuff, but then I have to deal with all the inline code as well...
The other problem I see is what heppens if someone wants to post code (in a
... block.. that I would want to leave...
UGH!
|
|
|
|
|
Regular expressions is the way to go. You need to escape all script , object , applet , embed and param tags, and remove any event handlers on other tags.
using System.Text.RegularExpressions;
...
static bool IsLikeRe(string src, string pattern)
{
return Regex.IsMatch(src, pattern,
RegexOptions.IgnoreCase | RegexOptions.Singleline);
}
static string ReReplace(string src, string pattern, string replace)
{
return Regex.Replace(src, pattern, replace,
RegexOptions.IgnoreCase | RegexOptions.Singleline);
}
static string ReReplaceAll(string src, string pattern, string replace)
{
string ret = src;
while (IsLikeRe(ret, pattern))
ret = ReReplace(ret, pattern, replace);
return ret;
}
static string StripScript(string html)
{
string res = ReReplaceAll(html, "<script(.*)>", "<script$1>");
res = ReReplaceAll(res, "</script(.*?)>", "</script$1>");
res = ReReplaceAll(res, "<(object|applet|embed|param)([^>]*)>",
"<$1$2>");
res = ReReplaceAll(res, "</(object|applet|embed|param)([^>]*)>",
"<$1$2>");
res = ReReplaceAll(res,
@"<([^>]+?)\son(?:[^>]+?)=(['""])(?:[^>]+?)\2([^>]*?)>",
"<$1$3>");
return res;
}
|
|
|
|
|
In an asp file,
First the following in the html head section:
<% if request.querystring("action") = "postupload" and bError = False then %>
<META HTTP-EQUIV="refresh" content="1;URL=<%=sValidatedBaseURL%>/thread-view.asp?threadid=<%=iThreadID%>">
<% end if %>
second in the body section:
<% if not ( request.querystring("action") = "postupload" and bError = False ) then %>
<div align="center"><a href="<%=sValidatedBaseURL%>/thread-view.asp?threadid=<%=iThreadID%>"><img src="<%=sValidatedBaseURL%>/images/back-button.gif" border="0"></a></div>
the whole body part:
<body style="margin ">
<!-- #include file="includes/header.asp"-->
<% if vForumInfo(FI_showquotes) = 1 then%><hr width="90%" size=1><div align="center" class="smalltext"><%=sBBSRandomQuoteText%> <%=GetRandomQuote%></div><% else %><BR><% end if %>
<hr width="90%" size=1>
<div align="center" class="error"><%=sError%></div><BR><BR>
<% if not ( request.querystring("action") = "postupload" and bError = False ) then %>
<div align="center"><a href="<%=sValidatedBaseURL%>/thread-view.asp?threadid=<%=iThreadID%>"><img src="<%=sValidatedBaseURL%>/images/back-button.gif" border="0"></a></div><BR>
<form ENCTYPE="multipart/form-data" method="post" action="attach-file.asp?threadid=<%=iThreadID%>&action=postupload">
<table align="center" width="50%">
<tr><td colspan="2" class="messagecellheader">Attach a file</td></tr>
<tr><td colspan="2" class="messagecellbody2">Thread: "<%=ValidateField(sThreadSubject)%>"</td></tr>
<tr><td class="messagecellbody">File:</td>
<td class="messagecellbody"><input type="file" name="attachment" size="40"></td></tr>
<tr><td class="messagecellbody2">Instructions:</td>
<td class="messagecellbody2">Attachments must be less than <%=vForumInfo(FI_MaxAttachSize)%>KB<BR><BR>If this thread already has an attachment,<BR>uploading a new attachment will overwrite the old one.<BR><BR>If you leave the file blank, the attachment will be deleted.</td></tr>
<tr><td class="messagecellbody"> </td>
<td class="messagecellbody"><input type="image" src="<%=sValidatedBaseURL%>/images/submit-button.gif"></td></tr>
</table>
</form>
<% end if %>
<!-- #include file="includes/footer.asp"-->
</body>
please I want help,maybe the questions are very simple,so take some trouble to answer me.
<small><b>this is my signature for forums quoted from shog*9:</b>
<b><u>I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.</u></b></small>
|
|
|
|
|
I want to set up my home page in such a way that, it should go to the localhost or to the website, depending on the net connection availability.
Any idea?? I use dial up serviece.....
Tahnks in advance,
SPS
|
|
|
|
|
howdy all,
busy designing a new web application that would be perfectly suited to a webclass application.
ie. one template page that defines the layout and within that layout tokens to define where runtime generated content should be placed.
my question is this ...
how should we be doing this kind of thing in asp.net ?
should we build server controls and drop these onto the aspx pages ?
should we build one page that serves as a template and the other pages inherit from this ?
should we still use something similar to token substitution ?
please help, any ideas ... suggestions ... guidance would be hugely appreciated
cheers
Ryan
|
|
|
|
|
Page Templates in ASP.NET[^]
ASP.NET is far more powerful in this manner than vb6 webclasses
You can also use user/custom/server controls for this, but in reality you will find yourself using both technologies.
|
|
|
|
|
thanks ... i have been toying with some ideas, of which some are good - others seem better.
has anybody had experience in implementing this type of thing ? which method is best ?
i am currently toying with the idea of using a base class that all pages inherit from. this base class will use user controls to dynamically build their content at runtime. each page will then only be concerned with what needs to be placed in the content section, the base class will handle the rest.
is there an equivalent to visual inheritance in asp.net ?
cheers
Ryan
|
|
|
|
|
ryancrawcour wrote:
which method is best
Both... lol.
When you need a consistent "style" for a bunch of pages sitewide then use a template. But then in your template also make use of custom controls.
They are not mutually exclusive.
ryancrawcour wrote:
is there an equivalent to visual inheritance in asp.net ?
Not sure officially what visual inheritance is but Google has some links.
|
|
|
|
|
Is it possible to put user control in datalist to bind one of its propeties to database?
Mazy
"If I go crazy then will you still
Call me Superman
If I’m alive and well, will you be
There holding my hand
I’ll keep you by my side with
My superhuman might
Kryptonite"Kryptonite-3 Doors Down
|
|
|
|
|
Hi, everyone!
When I use the following statments in JSP to
connect to DB2, I meet with a trouble,
--------
Connection con = DriverManager.getConnection(url, user, password);
--------
The error is:
--------
java.sql.SQLException: No suitable driver
at
java.sql.DriverManager.getConnection(DriverManager.java:543)
at
java.sql.DriverManager.getConnection(DriverManager.java:183)
... ...
--------
Here url is a String whose value is jdbc:db2://localhost/MYTEST
But when I change the value to
jdbc:db2:MYTEST, then everything is OK!
I do not know why.
I want to know the format of the url of a DB2 database when
I want to connect to a DB2 database on a remote machine.
Cheers,
George
|
|
|
|
|
Alright this has driven me mad and I am sick of reading other answers which get 99% of the way there and then fall over at the last step for me. I am sure I am missing something fundamental, but simple, here.
Basically I have a custom/server/whatever control which dynamically adds controls to itself in an overriden Render method. It adds three controls; two image buttons and a panel. They all render fine and look lovely, but what I want is for an event to be fired when I click either of the image buttons. When clicked the image buttons will set a member var. of the control.
Here is the code so far with what the event handling which I thought would work:
using System;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.ComponentModel;
namespace bluegrass.content
{
public class resourcegallery : WebControl
{
public string View;
<code>private void view_thumbnail_Click(object sender, ImageClickEventArgs e)
{
this.View = "Thumbnail";
}</code>
<code>private void view_list_Click(object sender, ImageClickEventArgs e)
{
this.View = "List";
}</code>
protected override void Render(HtmlTextWriter output)
{
<code>ImageButton imgViewThumbnail = new ImageButton();</code>
imgViewThumbnail.ID = "view_thumbnail";
imgViewThumbnail.ImageUrl = "res/img/view_thumbnail.gif";
imgViewThumbnail.AlternateText = "Click for a Thumbnail view of the Resource Gallery";
imgViewThumbnail.CssClass = "viewbutton";
if (View == "Thumbnail") imgViewThumbnail.Visible = false;
<code>imgViewThumbnail.Click += new System.Web.UI.ImageClickEventHandler(this.view_thumbnail_Click);</code>
<code>this.Controls.Add(imgViewThumbnail);</code>
<code>ImageButton imgViewList = new ImageButton();</code>
imgViewList.ID = "view_list";
imgViewList.ImageUrl = "res/img/view_list.gif";
imgViewList.AlternateText = "Click for a List view of the Resource Gallery";
imgViewList.CssClass = "viewbutton";
if (View == "List") imgViewList.Visible = false;
<code>imgViewList.Click += new System.Web.UI.ImageClickEventHandler(this.view_list_Click);</code>
this.Controls.Add(imgViewList);
Panel panelResourceGallery = new Panel();
panelResourceGallery.ID="ResourceGallery";
panelResourceGallery.CssClass="resourcegalleryview";
panelResourceGallery.Controls.Add(new LiteralControl(View));
this.Controls.Add(panelResourceGallery);
base.Render(output);
}
}
}
The event handling and relevant imagebuttons are highlighted.
So in short when either imgViewList or imgViewThumbnail are clicked client side I want the view_list_Click and view_thumbnail_Click handlers to be fired.
Please remember this is a custome control, not a user control (I can raise events fine in a user control, but I need the capabilities of a custom control.)
Thanks for any help
|
|
|
|
|
I assume it's not working because the scope of imgViewThumbnail, imgViewList and panelResourceGallery are all lost when you leave Render(). Thus all the EventHandlers will be destroyed when you leave the function.
Have you tried making panelResourceGallery a property of resourceGallery?
[edit]Terminology failure error: by function I mean method and by property I mean member variable [/edit]
Paul
Life is just a sexually transmitted desease - Matthew Wright (ex-journalist, TV presenter) 10-Oct-02
I finally have a sig! - Paul Riley (part-time deity) 10-Oct-02
|
|
|
|
|
Paul Riley wrote:
I assume it's not working because the scope of...
Oh man the light just went on and owners arrived home (home being my brain.)
You are two inches from the answer. The answer is to do with the control life cycle rather than scope, but your scope idea twigged me to the life cycle bit. i.e. I need to be assigning the event handlers and everything else in the OnInnit method/event/function/whatever-the-right-label-is-but-who-really-cares-huh and not the Render. Render is done almost last, already past the event firing stage.
*sigh* One of those "lets be dumb" days
Thanks Paul.
|
|
|
|
|
You know what's really sickening? I just came to the same conclusion but you got in before I could post an extra reply.
Ho hum... doesn't matter as long as you got it working
Paul
Life is just a sexually transmitted desease - Matthew Wright (ex-journalist, TV presenter) 10-Oct-02
I finally have a sig! - Paul Riley (part-time deity) 10-Oct-02
|
|
|
|
|
Paul Riley wrote:
Ho hum... doesn't matter as long as you got it working
But it does, it is the thought that counts here, so thank you
I am just really glad my problem was something simple and not that I had to implement more delegates and interfaces and what not. Go .NET!
|
|
|
|
|