This question already has answers here:
is xss possible without < and >? [closed]
(2 answers)
Closed 9 years ago.
if only < is filtered, is xss possible? In the context that you post a comment on a site and it is then displayed to users. If so, i haven't seen any such vectors and i'd love to see how it's possible.
Sure; while exploits require knowing how the data is used, here is a counter example showing an "XSS attack" that doesn't require using <. In this case the server incorrectly built a JavaScript code block, say with var post = '$foo'; - oops!
<script>
var post = 'Imagine this was set ';HackIt();'on the server';
ShowPost(post);
</script>
(The malicious data was Imagine this was set ';HackIt();'on the server.)
Related
This question already has an answer here:
Karate UI: How to click a specific checkbox with same class name
(1 answer)
Closed 1 year ago.
Could you please help me?
I have a button which I need to click on. Checking it in the console, the XPath of this button returns 2 elements and I need to click on the 2nd one. So, at least these 2 locators are returning correctly my button:
("//a[#href='/organization/createorganization']")[1]
("//*[text()='mybuttonText']")[1]
I´m trying to create an automated test using Karate.
def temp = locateAll("/a[#href='/organization/createorganization']")
match karate.sizeOf(temp) == 2
temp[1].click()
My problem is that the size of temp is always 0.That means it doesn't find the locator?! Why wouldn´t find the locator? I tried also to introduce a delay, sleep time, the result is always the same. I can see visually when running the test that it doesn't click on the button. I´ve tried with both XPaths that I mentioned above and other XPaths that I could have come up with, but I get always the same - 0.
Please, do you have any ideas how to solve this?
Thanks a lot in advance.
Sounds like your locator is wrong. There's no way to tell from the limited amount of info in your question.
But try this:
* def temp = locateAll("//a[#href='/organization/createorganization']")
Or use other options: https://stackoverflow.com/a/63894989/143475
If all else fails, follow this process: https://github.com/intuit/karate/wiki/How-to-Submit-an-Issue
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I know what JSON is and what the advantages over XML. I already read some answer for this , but still i can't get through it.
So i would specifically ask this questions:
1. Is it only useful for API thing? so exchange data without refresh the whole page using AJAX..
2. Is it always used with AJAX?
3. Do people (always/very often) using JSON like this? :: Database/Server - JSON - Client.. what i mean by that is, all our data from database will be put into JSON, so people can use it easily to any other platform/language?
**because from my point of view, if the data, which we need to output not much, why not just directly write on HTML directly, and if it's a lot of data, why not use database? If you don't mind please add an example case to use json
big thanks everyone!
Because JSON is a lightweight data interchange format, it's uses vary widely. You describe using it for an API, which would be an idea situation to use JSON output over something like XML.
To specifically answer your questions:
It's not just useful for an API. It can be used to create configuration (for example, Composer's JSON configuration file). It can also be used for basic output to easily read with languages like JavaScript, since JSON is native to JavaScript as an object. (JavaScript Object Notation).
It's not always used for AJAX. Say you were building a PHP application to convert currency, and you wanted to read from an API that output as JSON, this would always be preferred. Because languages like PHP have the ability to encode and decode JSON, you could read from the API (or other source) and decode it, giving you a PHP object or array of the JSON data.
I think you mean reading from a database, outputting that in JSON format and then allowing clients to read it using an API. In this case, it's not always the way it's used - but if I had to guess, it's the most common way it's used, and probably most useful.
the JSON in my opinion, when you get some data from netWork , you can use the JSON to describe your data . JSON only is a data format. it isn't always used with AJAX . it's only a format. It contains array and dictionary.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am new to Rails and am trying to put together a little app that will read cucumber results from a mongo database. The results stored in the document are parsed into html. In the rails app I am taking those results and displaying them using the raw() method call. The string that I get back is fairly large and as it turns out, the raw() method is truncating the text that I pass into it. When I output the text without raw() I get the entire string as expected (except that it has been escaped and not rendering as html).
My question is, is there any way to get around this? I really don't want to have to do the html conversion in the rails app or on the client. Both seem too costly. Especially when I can do it elsewhere and just store it in monogdb as an html string. Anyone have any ideas?
Thanks,
Jake
It turns out that there was a part of the string that was causing the rendering of the html to choke. Because cucumber syntax pass variables to Scenario steps using < >, there were places that <style> was written. Because is a valid open html tag, the html stopped rendering. I found this out by looking at the page source (where I was using the inspect element on the developer tools before). I saw that the whole html that I was expecting was in the source. I parsed through the text and used gsub to replace the <style> tag and all is working now.
This question already has an answer here:
Which plugins/gems should I use to dynamically generate thumbnails on-the-fly in Rails 3?
(1 answer)
Closed 9 years ago.
Is there any gem that allows you to generate automatic thumbnails with basic info in the frontpage?
Sites like indiegogo and kickstarter have thumbnails in groups of 3 or 4 per row. Each one represent a recent post. I am trying to do something like that.
I am a ruby noobie and would also give it a try if somebody explain me how to get this done with or without a gem. I could work with ruby or javascript.
Basically the point is to create posts and have them displayed as thumbnails in the index, in groups of 3.
Thanks!
Will the content come from your app? If yes, then I reckon you are looking for a way to layout your list of objects like how they did it in kickstarter and indiegogo. There are different libraries that you can use. Here are some of the libraries which you can use:
masonry: http://masonry.desandro.com/
isotope: https://github.com/desandro/isotope
packery: http://packery.metafizzy.co/
These libraries will help you to create brick / grid layouts.
Or, do you want to create previews from links? Then maybe this gem can help you as well: https://github.com/gottfrois/link_thumbnailer
Hope this helps!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 12 months ago.
Improve this question
I've read over the Google specification for crawling AJAX-enabled pages. Since part of Google's indexing method uses the URL itself, will converting to !# negatively effect SEO?
For instance, if I have a page at www.mysite.com/surfing, Google will be likely to rate it highly if a user searches for "surfing" because it has "surfing" in the URL. Would the same be true for www.mysite.com/#!surfing or does it ignore the hash fragments for the purposes of weighting the URL itself?
Perhaps you have already read in the google Ajax-crawling instructions that the !# is actually transformed into ?_escaped_fragment_ by the google crawler. So let's use your example:
www.mysite.com/#!surfing , the google crawler will see the link as www.mysite.com/?_escaped_fragment_=surfing . So it comes to the question : what is better for google SEO a link with a paremeter ?_escaped_fragment_=surfing or without one /surfing ?
Search engineer representatives have confirmed on numerous occasions that URLs with more than 2 dynamic parameters may not be spidered unless they are perceived as significantly important (i.e. have many, many links pointing to them). So unless you're using too many parameters in the url, you don't have much to worry about. If you haven't done it already, you can always read the detailed google documentation https://developers.google.com/webmasters/ajax-crawling/docs/getting-started . Now, just an advice - don't rely on # in your AJAX website. Use history.pushState() to change your url to whatever you wish. I use #! only on browsers that don't support history.pushState() like IE. The problem with the SEO with #! doesn't come form the url but from the difficulties in the Server Side processing of the information needed to provide HTML snapshot for the crawler.
The question is old.
Now Google not supports AJAX-Crawling anymore:
https://webmasters.googleblog.com/2015/10/deprecating-our-ajax-crawling-scheme.html
And this document officially deprecated:
https://developers.google.com/search/docs/ajax-crawling/docs/getting-started
So don't use hashbangs in URLs.
Traditionally, from SEO perspective, hash tag (#) is used to avoid the following issues
-Cannibalization issues
-Affiliate URLs (Here is a good article about how to use hash for tracking purpose instead of using question mark in the URL)
-Show limited content on the page (pagination issues)
The usage you are refering to is what Google recommends on how to make AJAX pages being able to be read by Google - https://support.google.com/webmasters/answer/174992?hl=en
For more info about hash tag and its SEO benefits, check this blog post - https://digitalreadymarketing.com/adding-hash-in-urls-seo-benefits/
In My personal opinion and 8 years in SEO & development It won't harm but it depends more on the site other parameters so adding the !# won't do harm...
Do you have the site URL so I can take a more in-depth Look ?
That could cause a problem if Google's crawler thought that there could be an infinite number of possibilities. Like with a ? in the url. But the answer beyond that is clear.
website.com/oreo-cookies
is more semantic and easier to understand for both people and crawlers than
website.com/#!oreo-cookies
But is this going to have a major impact? If you were a client paying me for SEO, I would tell you that your incoming text links with relevant keyword phrases from relevant related websites is far more important. I would also say that if you are submitting an xml sitemap for google to digest, and lots of popular websites are using the #! google will figure it out and ignore it.
So bottom line, if my content was worth linking to, and I made sure google was finding all my pages and indexing them, I would not worry about it.
I think that it will not harm your SEO in any way I am in SEO for last 5 years and haven't experienced such problem yet so don't worry about it. So my opinion is you can do it by adding the !# no harm !!