I am working on code that was originally written by a vendor that has gone out of business. It is a classic ASP site and a lot of the server side code looks like the following. I'm wondering if there is a way to decrypt/unscramble it.
<%##~^EgAAAA==###&P~,PxN,k6###&1AIAAA==^#~#%>
Do your files begin with
<%# LANGUAGE = VBScript.Encode %>
I've inherited files like that before and I decoded them with this
http://virtualconspiracy.com/content/scrdec/usage
UUDECODE & UUENCODE are you friends here.
Related
We are developing an MVC .NET Core project with VS19.
We are also using Devextreme.
We have several cshtml files with devextreme components and templates.
Templates in DevExtreme ASP.NET MVC Controls support ERB-style syntax. The following constructions are available.
<% code %> - executes the code.
<%= value %> - prints the value as is (for example, John).
<%- value %> - prints the value escaping HTML (John becomes
<b>John</b>).
Implementing Templates
In the past we only used the
<%= value %> - prints the value as is (for example, John).
which leaded into some injections in a pen test.
As a result we now only are using the
<%- value %> - prints the value escaping HTML (John becomes
<b>John</b>).
We are also using sonarqube. The idea now is that we want to create a rule that gets triggered if someone dont uses the correct escaping. But how can i achieve that?
As far as i understand this topic after a day of research is, that you cant create rules for (cs)html & c# in sonarqube. Which leaded me to some research in writing a roslyn analyzer that exports it results to sonarqube. But i found out that even these ones dont get triggered by cshtml files.
Nevertheless i get some warnings in cshtml files if i create anonymous js functions:
Where does it come from? How can i create own rules that are applied on cshtml files?
kind regards
david
Your scenario may not be directly supported. I presume you reviewed Importing Issues from Third-Party Roslyn
Analyzers (C#, VB.NET)
SonarQube analyzes code based on (mapped) extension. Just guessing now ...
We have .cshtml mapped to language type HTML (YMMV). This is under Administration | Configuration | General Settings | HTML - {SQ_URL}/admin/settings?category=html (which also covers .jsp). Perhaps your is mapped to type JavaScript (JS) ? Try undo your mapping?
not sure if I'm missing some option, but <div><b>hello</div> says it's ok (no errors), this is the code (vb) ...
Dim htmlDoc = New HtmlDocument()
htmlDoc.Loadhtml("<div><b>hello</div>")
htmlDoc.ParseErrors.count is 0
Am I missing setting an option or something?
PD: I tried htmlDoc.Loadhtml("<b>hello") and that does return as invalid, not sure why the unclosed <b> inside the <div> doesn't.
(I originally posted this in the "code review" site and they said this belonged to Stack Overflow)
The library is clearly not a validating tool. The ParsedErrors collection is more a hint for serious problems (that the library considers itself as a serious problem).
If you want a validating tool, HTML Tidy is the standard.
I'm writing a web-crawler using Chickenfoot and need to save PDF files. I can either click the link on the page or grab the PDF's URL and use
go("http://www.whatever.com/file.pdf")
and I get the firefox "Opening file.pdf" dialog box, but can't click the "OK" button to actually save the file.
I've tried using other means to download the files (wget, python's urllib2, twill), but the PDF files are gated so none of those will work.
Any help is appreciated.
This example of how to save a target in the Mozilla developer documents looks like it should do exactly what you want. I've tested a Chickenfoot example that is very similar that gets the temp environment variable, and that worked well for me in Chickenfoot.
https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIWebBrowserPersist#Example
You might have to play with the application associations in Tools, Options, Applications to make sure the action is set to Save File, but those settings might not apply to these functions.
End Answer, begin related grumblings...
I sure wish someone would fix the many bugs in Chickenfoot, and write a nice Cookbook programming guide. I've been using it for years, and there are still many basic things I've not been able to figure out how to do. I finally broke down and subscribed to the mailing list, as the archives have some decent script examples. It takes a lot of searching through the pdf references, blogs, etc. as the web API reference is very sparse.
I love how simple Chickenfoot can make automating some tasks, but it takes me days of searching javascript, DOM, and Firefox documents to find ways to do some of the things it can't, since I'm not really a web programmer. The goal of Chickenfoot seems to be that I shouldn't have to be, but unfortunately few are refining the proof of concept, as MIT has dropped the project.
I tried to do this several ways using only Chickenfoot commands and confirmed they don't work with the latest Firefox 3 and Chickenfoot 1.0.7.
I hope this helps! Good luck. Sorry I only ran across your question yesterday, but found it too interesting to leave alone.
You won't be able to click on Firefox dialogs for the sake of security.
The best way to download the content of a URL is to read then write the content of the URL.
// Chickenfoot 1.0.7 Javascript Code to download the content of a url.
include( "fileio.js" ); // enables the write function.
var url = "http://google.com",
saveFileTo = "c://chickenfoot-google.com";
write( saveFileTo, read( url ) );
You might find it helpful to use jquery with chickenfoot.
http://groups.csail.mit.edu/uid/chickenfoot/scripts/index.php?title=Using_jQuery,_jQuery_UI_and_similar_libraries
This has worked for me to save Excel files from NCES portal.
http://muaz-khan.blogspot.com/2012/10/save-files-on-disk-using-javascript-or.html
I was using Firefox 3.0 and the "old syntax" version of the code. I also stripped code intended for IE and "(window.URL || window.webkitURL).revokeObjectURL(save.href);" which generated an error.
For months now I've been trying to find a code syntax formatting extension that works for BlogEngine.Net. I'm not fond of the behavior of the default formatting extension, and have tried a couple of others (manoli is among them), but they always seem to interact badly with the TinyMCE editor. Does anyone know of an extension that works, or a different approach that will allow me to make code samples pretty on my blog without hacking the crap out of the HTML myself?
Thanks.
I would try using Windows Live Writer along w/ the Paste From Visual Studio plugin. One you go WLW, you'll never go back to that damn TinyMCE interface.
WLW here:
http://get.live.com/writer/overview
Plugin here:
http://gallery.live.com/liveItemDetail.aspx?li=d8835a5e-28da-4242-82eb-e1a006b083b9&l=8
Thanks, Rafe. Thanks to this post that Hanselman put up the day after I asked the question, I downloaded WLW and am now using it. As far as getting prettily formatted code, I'm using cut-and-paste from a little tool developed and available on manoli.net.
Check out SyntaxHighlighter.. Works excellent. For easy integration into BlogEngine have a look at my blog post.
Is there a utility that will generate html or css for blocks of code (.net c#) when you post it on a website?
I have seen several websites with very nicely formatted code and I dont believe they do this manually.
Google prettify -
http://code.google.com/p/google-code-prettify/
I prefer Syntax Highlighter implementations (I'm using Wordpress plugin implementation for my blog).
Advantages
It is based on JavaScript and does
not care about what you have on the
server.
Posts with this formatting display
properly on different RSS feeds and
can be copied to clipboard.
It is trivial to extend syntax
rules. I'm using that to highlight
custom operators in Boo-based DSL (see sample post)
Multiple languages are supported
out-of-the-box
(source: googlecode.com)
You can get JavaScript syntax-highlighting scripts, such as this one by Dean Edwards.
This is also a jQuery version apparently based on it which looks good.
CopySourceAsHtml is an add-in for Microsoft Visual Studio 2005 that allows you to copy source code, syntax highlighting, and line numbers as HTML.
http://copysourceashtml.codeplex.com
It's highly configurable, and works much better than the download page would make you expect! Don't know if there is something similar for VS 2008
If you don't have the ability to add the google prettifier CSS reference, this would be a better way to go, as what you get is a complete HTML with the required style. I use it all the time on our developers wiki, and loving it.
An even better solution, if you don't want to bother installing anything, is to just use the little web app I wrote called BlogTrog CodeWindow:
http://www.blogtrog.com
It's easy to use. Just paste your code and embed the results.