SonarJs still shows warning about postMessage cross-domain issue - sonarqube

The error message is "make sure this cross-domain message is being sent to the intended domain".
This check rule from RSPEC-2819
Authors should not use the wildcard keyword ( *) in the targetOrigin argument in messages that contain any confidential information, as otherwise there is no way to guarantee that the message is only delivered to the recipient to which it was intended.
I assume it demands * cannot be used as targetOrigin, But It still shows warning when I use intended domain as targetOrigin like below:
Please somebody can tell me how to pass this check,
Any help would be appreciated

This rule detects only if a method postMessage is invoked on an object with a name containing window in it. Source code: PostMessageCheck.java. To bypass it, just assign your contentWindow object into different one, like this:
var content = this.elem.contentWindow;
content.postMessage('your message', window.location.origin);

Have faced similar issue in sonarQube. Below fix worked. Just get rid of using window object using directly.
Actual code:
window.parent.postMessage("data", parenturl);
Fix:
var content=window;
content.parent.postMessage("data",parenturl);

Related

How to validate Browser Error's message with cypress

For example if user dont fill this field and press "continue" button, this error message will pop up.
I wonder is there a way with Cypress that I check that error message was displayed?
Kind regards
You can make this assert : cy.get('input:invalid').should('have.length', 1)
See https://github.com/cypress-io/cypress-documentation/pull/1919/files how to assert the validation message
I know this is an older question but here is another solution.
cy.get(`[data-testid="XXXX"]`)
.invoke('prop', 'validationMessage')
.should((text: string) => {
expect(text).to.contain(YYYY);
});
Using the above code here is what happens:
You grab the input / textarea element using cy.get Note: it is recommended to use a data-testid or obtain the element by something less brittle so the test doesn't fail if the text changes etc.
Using the invoke method, you can check validationMessage against prop then then, obtain the inner text and use expect to check if it's valid. This is very handy if you use custom validation messages.

“Error no label add or removes specified” when trying to modify labels using Gmail's Ruby API

I've looked at https://www.rubydoc.info/github/google/google-api-ruby-client/Google/Apis/GmailV1/ModifyThreadRequest and the examples https://developers.google.com/gmail/api/v1/reference/users/labels/update for Python and JS but can't figure out how to format the request properly in ruby.
I'm trying:
service.modify_thread('me',thread_id,{'add_label_ids'=>['UNREAD']})
and various other permutations of the object but can't get anything other than Google::Apis::ClientError: invalidArgument: No label add or removes specified in response.
Any help appreciated
modify_thread expects a Google::Apis::GmailV1::ModifyThreadRequest object as third argument according to the documentation.
In the source of the constructor of ModifyThreadRequest you can see that it looks for a key :add_label_ids in its arguments.
So if modify_thread creates the ModifyThreadRequest object itself then
service.modify_thread('me',thread_id, add_label_ids: ['UNREAD'])
should work.
If that fails I would try
mtr = Google::Apis::GmailV1::ModifyThreadRequest.new(add_label_ids: ['UNREAD'])
service.modify_thread('me', thread_id, mtr)

cfajaxproxy is sending invalid parameters?

For some reason that I don't understand, on my development machine can't call to function of a cfc component from a cfajaxproxy.
In my cfm document:
<cfajaxproxy cfc="#Application.CfcPath#.empleado"
jsclassname="ccEmpleado">
This works, and also I can instantiate an object to get all the functions of that cfc component:
var cfcEmpleado = new ccEmpleado();
But, when I try to call a function of that object:
var nb_Empleado = cfcEmpleado.RSEmpeladoNombreBIND(1,1);
Debug complains:
Error: The ID_EMPRESA parameter to the RSEmpeladoNombreBIND function is required but was not passed in.
I got this from Network tab on Chrome and figured out that something is generating an invalid parameter:
http://127.0.0.1/vpa/componentes/empleado.cfc?method=RSEmpeladoNombreBIND&_cf_ajaxproxytoken=[object%20Object]&returnFormat=json&_cf_nodebug=true&_cf_nocache=true&_cf_clientid=41C92098C98042112AE2B3AAF523F289&_cf_rc=0
As you can see, there's a parameter [object%20Object], that is messing around my request, and that's why it fails. I don't why is happening this. Other people has tested this, and it works, but in mine doesn't.
I have Coldfusion 9, Apache, Windows 8. Is is some configuration issue on Coldfusion, or a bug?
I can't tell if this is your error or not, but it might be. This was a problem that we had for awhile. You should consider using explicit names to avoid any confusion. Add the "js" in there.
<cfajaxproxy cfc="cfcEmpleado" jsclassname="proxyEmpleado">
var jsEmpleado = new proxyEmpleado();
I will try to find a link to an article about this very thing.

ClientGlobalContext.js.aspx broken in Dynamics 2011?

I am trying to implement a custom web resource using jquery/ajax and odata. I ran into trouble and eventually found that when I call:
var serverUrl = context.getServerUrl();
The code throws exceptions.
However, when I change serverUrl to the literal url, it works. I then found forum posts that said I should verify my .aspx page manually by going to https://[org url]//WebResources/ClientGlobalContext.js.aspx to verify that it is working. When I did that I received a warning page:
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.
--------------------------------------------------------------------------------
Invalid at the top level of the document. Error processing resource 'https://[org url]//WebResources/Clien...
document.write('<script type="text/javascript" src="'+'\x26\x2347\x3b_common\x26\x2347\x3bglobal.ashx\x26\x2363\x3bver\x2...
What the heck does that mean?
Hard to tell outside of context (pun not intended) of your code, but why aren't you doing this?
var serverUrl = Xrm.Page.context.getServerUrl();
(Presumably, because you have defined your own context var?)
Also, this method is deprecated as of Rollup 12, see here: http://msdn.microsoft.com/en-us/library/d7d0b052-abca-4f81-9b86-0b9dc5e62a66. You can now use getClientUrl instead.
I now it is late but hope this will be useful for other people who will face this problem.
Until nowadays even with R15 there are two available ClientGlobalContext.js.aspx
https://[org url]/WebResources/ClientGlobalContext.js.aspx (the bad one)
https://[org url]/[organization name]/[publication id]/WebResources/ClientGlobalContext.js.aspx (The good one)
I don't know why exist 1. but it causes many issues like:
It could not be published or hold information (Your case #Steve).
In a deployment with multiple organizations, seems it saves info only for the last organization deployed causing that methods under Xrm.Page.context. will return info from a fixed organization. Actually each method that underground uses these constants included in ClientGlobalContext.js.aspx: USER_GUID, ORG_LANGUAGE_CODE, ORG_UNIQUE_NAME, SERVER_URL, USER_LANGUAGE_CODE, USER_ROLES, CRM2007_WEBSERVICE_NS, CRM2007_CORETYPES_NS, AUTHENTICATION_TYPE, CURRENT_THEME_TYPE, CURRENT_WEB_THEME, IS_OUTLOOK_CLIENT, IS_OUTLOOK_LAPTOP_CLIENT, IS_OUTLOOK_14_CLIENT, IS_ONLINE, LOCID_UNRECOGNIZE_DOTC, EDIT_PRELOAD, WEB_SERVER_HOST, WEB_SERVER_PORT, IS_PATHBASEDURLS, LOCID_UNRECOGNIZE_DOTC, EDIT_PRELOAD, WEB_RESOURCE_ORG_VERSION_NUMBER, YAMMER_IS_INSTALLED, YAMMER_IS_CONFIGURED_FOR_ORG, YAMMER_APP_ID, YAMMER_NETWORK_NAME, YAMMER_GROUP_ID, YAMMER_TOKEN_EXPIRED, YAMMER_IS_CONFIGURED_FOR_USER, YAMMER_HAS_CONFIGURE_PRIVILEGE, YAMMER_POST_METHOD. For instance method Xrm.Page.context.getUserId() is implemented as return window.USER_GUID;
To be sure that your URL is the correct just follow the link posted by #Chris

Uploadify v3 onUploadError howto

Been playing around with Uploadify v3 for few days now and just came to realize some of the codes have been rewritten, for example, onError is no longer existed, I am assuming it's been replaced by onUploadError.
What i am trying to achieve is to be able to return non-compliance error to users either through putting a message in the div (preferred method) or alert.
Looking at the closest solution How to trigger uploadify onError event handler, but it's outdated as it's for v2.
Using the same method as the outdated post up there, I have $("#fileInput").uploadify() with onUploadError added:
'onUploadError' : function(file,errorCode,errorMsg) {
var r = '<br />ERROR: ';
switch(errorMsg) {
case 405:
r += 'Invalid file type.';
break;
case 406:
r += 'Some other error.';
break;
}
alert(r);
setTimeout('$("#fileInput'+ ID + 'span.data").html("'+r+'");',111);
}
The problems I am having right now are:
Alert returns undefined using the codes above
setTimeout doesn't do anything
How can you solve these problems?
Maybe it's a little too late... but anyway I try to answer.
I'm also playing around with v3 of uploadify. onError() does no longer exists, it has been replaced by onUploadError(). The erroror object given by the old onError event does no longer exists. Now to check for the type of error you can switch on the errorCode argument (the second given in the callback), which is numeric. I've not found a table with all possible error codes, but doing some trials I discovered the following three error codes:
-200: HTTP errors (e.g. HTTP 500, 400, 404, etc.)
-220: IO errors (e.g. connection closed without response from the server, or errors while rading the source file from the user's PC)
-280: don't have actually fully understood what kind of errors they are, but is seems to be errors gracefully handled by uploadify. For example, if you try to add to the queue a file that is already in the queue, uploadify ask you whether you want to replace the file that's currently enqueued, or cancel the operation. If you cancel, an error is fired with code -280.
To check for the specific type of error, for example to get the specific HTTP error code (in case the error is an http error), you can check the error message, which is the third argument. This argument is a string, not a number, so you cannot use a switch .. case as in your example (or at least it's not that simple to use a switch .. case with strings). Simply use an if .. else if .. else.
Hope this can help...
I'm still looking for a complete list of the possible error codes given in the errorCode argument of the event handler. If someone knows, please tell me!

Resources