I am working on CRUD application and above one is snapshot of its design and
I have done validation for updating in this application.
I go through from here.
But I did not rectify my problems.
I want to validate it during inputing means when I does not input anything in text box then it would not add it in database and give proper error on console.
Below is my code Image:
You can try one of the following:
https://www.npmjs.com/package/express-validation
https://www.npmjs.com/package/express-validator
https://www.npmjs.com/package/jsonschema
https://www.npmjs.com/package/json-validation
Next time include code examples in your question. It's hard to give you any specific answer seeing only random screenshots of your editor windows with a tiny font as JPEGs.
Related
I am designing a system which takes user submitted code and saves it in database. Code can be in any language, ruby, python, elixir, javascript, etc. There's no restriction on language. Code saved in database is never meant to be run. It will be displayed in blog article or converted into file for download. Similar example might be GitHub gist or Cacher, both takes user submitted code and displays on website.
How do I make sure User submitted code is sanitised and secure to be displayed on webpage with code highlighter?
What processing do I need to do on code such that I can safely display it? I don't want to impose strict restrictions on users.
Any gotcha I need to be aware?
Any idea how those website implement this feature?
I am using Elixir and Phoenix framework. Is there any pitfalls I should be careful about? I am thinking of using Phoenix.HTML module to escape codes. I just wanna be sure that my approach doesn't have known loop holes.
I think you are looking for this https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
I am in the middle of a project where we want to use ace code editor embedded in the browser. I would like to implement it just like how codeschool or any other teaching platform do using ace library. I want users to solve a given prompt in the code editor and want to grab it and run some test in the background before giving the result back to the result window. I am new to this field and would like to get some advice from someone who has the similar experience. Can anyone let me know where I can start and like a brief summary of flow I should follow? e.g
user solve the prompt
user hit "Run or Submit" button
the code will be delivered to a server that handles the result or it will be handled on the client side.
give the user the result of the prompt.
Intro
I have learn basic programming in the past at school (vb) so i understand the logic behind an application and the way it think.
I started this week to learn python because ... I would like to be able to build what i need without having to smash my head in the keyboard.
In the mean time i would like to resolve my problem and i'm asking to all of you in case someone have seen something somewhere.
I have try to search but not sure how to ask so respond was not relevant.
My Question
I know i can do this in excel but i'm looking for another way if possible.
Does someone knows if there existe an application online or on a mac that give me the ability to:
1- Import data from a csv file and add it in a database. So every day i will log 100 line of data.
2- After that i would like to manage condition related on data store in store in file 2 and 3.
3- That will generated a file 4 where i can see the only important case i have to take care for the day.
I imagine a little bit Access from microsoft but i don't remember if i was able to add parameter on the data i will visualise or condition.
What i'm trying to achieve
I have to process a lot of data manually right now and i'm trying to find a way to take out automatically the recurring problem from a list that i receive every day And there is no other way for me than build my own validation process.
Thank for your help. I'm new but i will try my best to bring something is this community (Python studies lv1, VB -15ans) . For now i'm building my startup And my expertise is more in technical skill on security products and technical support.
In case i'm not alone that would like to be able to do some basic thing like i was needed without having to program from scratch a database program i found those 2 solution yet:
https://www.zoho.com/creator/
and
http://www.ifreetools.com/
Whenever i create a contact form in my Joomla! 3.3.6, some script appears in the the page's HTML code that contains many words Joomla in it. I'd like to change those Joomla words and replace them with another words (i.e. Foo) for some security issue. I'd like to know whether or not i'm able to do so and how.
That script is:
<script>(function(){var strings={"JLIB_FORM_FIELD_INVALID":"\u0641\u06cc\u0644\u062f \u0646\u0627\u0645\u0639\u062a\u0628\u0631: "};if(typeof Joomla=='undefined'){Joomla={};Joomla.JText=strings;}
else{Joomla.JText.load(strings);}})();</script>
I have no idea whether a plugin or an extension creates it or not.
Thank you
Regards
This script seems to be translating some text required for the form to use in its javascript, eg validation messages. It does this using a javascript version of JText, which is part of core Joomla. There is some info on how that works here. Weirdly, there seems to be little information in the official Joomla documentation about it.
The main JText function it is calling appears here: media/system/js/core.js
I'm sure it would be possible to write a plug-in to remove this script before the page is rendered and then to translate any untranslated text with your own scripts. However, I'm not sure I see any security benefit in doing this so it seems a waste of time.
Ultimately, someone sniffing a site for what it is built in is far more likely to see if core files exist by going direct to places like media/system/js/core.js, rather than to scan the code for the word "Joomla" - which would trigger a lot of false-positives (any site which just mentions Joomla) and negatives (any page which doesn't have a form on it). It also does not reveal the version of Joomla, which is the info a hacker would more likely be after.
I think you have to search for the script (i.e via Notepad++) in the whole directory. It must be a plugin for the contact form that has some inline script in it.
also do you use any special third party plugin or so? that might be the source of it.
PS: also i had some similar experience, i don't know exactly how i got rid of those words, but like you, i wanted to do that to hide the fact that i'm using joomla for security.
Its actually Joomla who add this, from the file: Joomlainstall/libraries/joomla/document/html/renderer/head.php
And load it globaly from:
Joomlainstall/libraries/cms/html/formbehavior.php
The developer ad that code by using the function, JText, for an example:
JText::_( 'COM_CONTACT_EMAIL_FORM' )
In my case it was the plugin ContactUs Form who add the javascript. If JText is not used, it is not loaded. If I disabled the plugin, the javascript was then not loaded. If you have that plugin enabled, my be try an other contact form?
For security reson it is bad programming by the developer off Joomla, for sure.
I'm working on an rather small application (C#, winform) that is kind of front-end to MS Access database file stored on shared drive. While it is possible that drive could be down I am checking connection while loading Main Form.
I would like to know your opinions on how to deal with this problem.
I came up with ideas like:
Application shows only MessageBox
with an error message and close
itself (before actually showing up),
as it won't be useful at all.
Application load itself and then
display an error-message to not make
users confused (if they click warning
before reading the explanation).
What are yours best practices?
I think it's rather irrelevant whether the application is shown or not because in the end, you display the message box with the error anyway. The user clicks OK and you close your Application.
However, to me it's a bit nicer without the application showing in background, mainly because it makes no sense to fire it up when the database isn't available. Save yourself (and the pc) the time it takes to show it ;)