Unfortunately IE is not friendly to this idea (addEventListener) and decide to throw a javascript error.
After dig around, I found that we need to use AttachEvent insteead of AddEventListener to support IE.
Here are some of the reference
https://developer.mozilla.org/en/DOM/element.addEventListener
http://msdn.microsoft.com/en-us/library/ms536343(VS.85).aspx
as suggested solution, I did a fix in couple javascript code to fix this issue.
if (el.addEventListener){
el.addEventListener(‘click’, functionText, false);
} else if (el.attachEvent){
el.attachEvent(‘onclick’, functionText);
}
why not using Jquery Bind ?
and here is better solution if you use Event capture in addEventListener
Unfortunately, Event capturing is not supported by jQuery, as event capturing is not supported by IE, which jQuery supports.
if (el.addEventListener){
el.addEventListener(‘click’, functionText
Monday, October 10, 2011
Friday, August 05, 2011
TFS Unshelve to different branch
TFS Unshelve to different branch
For example (Trunk -> Branch)
Prerequisites :
Download and install the latest TFS Power toolshttp://visualstudiogallery.msdn.microsoft.com/c255a1e4-04ba-4f68-8f4e-cd473d6b971f
Steps :
1. Go to Console (cmd.exe)
2. Go to your target folder. otherwise you will get this error “unable to determine the workspace”
cd D:\Source\Branch1
3. execute tfpt.exe
tfpt unshelve ShelveName1 /migrate /source:$/Project/Trunk /target:$/Project/Branches/Branch1”
—
Here is the syntax : tfpt unshelve “MySampleShelveName” /migrate /source:”$/MyTeamProject/TheOrigionalBranch” /target:”TheDestinationBranch”
4. Confirm to unshelve
5. Merge
6. Check your pending changes (DONE)
——
Catches
If you get the error => “unable to determine the workspace”
NOTE: Take the latest from your source control and “cd” to a local path that is mapped to thetarget workspace. Also ensure that the current working directory is mapped, you can run “tf workspace” and see if the target folders are mapped.
For example (Trunk -> Branch)
Prerequisites :
Download and install the latest TFS Power toolshttp://visualstudiogallery.msdn.microsoft.com/c255a1e4-04ba-4f68-8f4e-cd473d6b971f
Steps :
1. Go to Console (cmd.exe)
2. Go to your target folder. otherwise you will get this error “unable to determine the workspace”
cd D:\Source\Branch1
3. execute tfpt.exe
tfpt unshelve ShelveName1 /migrate /source:$/Project/Trunk /target:$/Project/Branches/Branch1”
—
Here is the syntax : tfpt unshelve “MySampleShelveName” /migrate /source:”$/MyTeamProject/TheOrigionalBranch” /target:”TheDestinationBranch”
4. Confirm to unshelve
5. Merge
6. Check your pending changes (DONE)
——
Catches
If you get the error => “unable to determine the workspace”
NOTE: Take the latest from your source control and “cd” to a local path that is mapped to thetarget workspace. Also ensure that the current working directory is mapped, you can run “tf workspace” and see if the target folders are mapped.
Monday, July 25, 2011
implement ssl custom attribute in MVC
Example of how to implement your SSL Custom Attribute in MVC
· If it is login, then we must force it into secure otherwise we need to force to unsecure.
· Ideally in LoginController, we can use this attribute [CustomRequireHttps] which will force to use SSL
· For other controller, we can use this attribute [CustomRequireHttps(false)] which will force not to use SSL
· For other controller which always not required SSL we can create other attribute to force not to use SSL [CustomNotRequireHttps]
///Represents an attribute that forces an unsecured HTTP request to be re-sent over HTTPS.
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
public class CustomRequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
private bool _ForceOnLoggedIn = false;
///
/// Constructor
///
///
public CustomRequireHttpsAttribute() : this(false);
///
/// Constructor
///
///
public CustomRequireHttpsAttribute(bool forceOnLoggedIn)
{
this._ForceOnLoggedIn = forceOnLoggedIn;
}
///Handles unsecured HTTP requests that are sent to the action method.
/// An object that encapsulates information that is required in order to use the
///The HTTP request contains an invalid transfer method override. All GET requests are considered invalid.
protected virtual void ForceSecure(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
//throw error if the request is not get
throw new InvalidOperationException("SeekRequireHttpsAttribute_MustUseSsl");
}
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
///Force unsecure page only deal with get method
/// An object that encapsulates information that is required in order to use the
///The HTTP request contains an invalid transfer method override. All GET requests are considered invalid.
protected virtual void ForceUnsecure(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsSecureConnection)
{
//if it is secure page
if (string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
//only deal with get method
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
}
///Determines whether a request is secured (HTTPS) and, if it is not, calls the
/// An object that encapsulates information that is required in order to use the
///The
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (_ForceOnLoggedIn == false)
{
this.ForceSecure(filterContext);
}
else
{
//check if Login
if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
{
//if login then need to force secure page
this.ForceSecure(filterContext);
}
else
{
//if not login then need to force to unsecure page
this.ForceUnsecure(filterContext);
}
}
}
· If it is login, then we must force it into secure otherwise we need to force to unsecure.
· Ideally in LoginController, we can use this attribute [CustomRequireHttps] which will force to use SSL
· For other controller, we can use this attribute [CustomRequireHttps(false)] which will force not to use SSL
· For other controller which always not required SSL we can create other attribute to force not to use SSL [CustomNotRequireHttps]
///
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
public class CustomRequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
private bool _ForceOnLoggedIn = false;
///
/// Constructor
///
///
public CustomRequireHttpsAttribute() : this(false);
///
/// Constructor
///
///
public CustomRequireHttpsAttribute(bool forceOnLoggedIn)
{
this._ForceOnLoggedIn = forceOnLoggedIn;
}
///
/// An object that encapsulates information that is required in order to use the
///
protected virtual void ForceSecure(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
//throw error if the request is not get
throw new InvalidOperationException("SeekRequireHttpsAttribute_MustUseSsl");
}
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
///
/// An object that encapsulates information that is required in order to use the
///
protected virtual void ForceUnsecure(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsSecureConnection)
{
//if it is secure page
if (string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
//only deal with get method
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
}
///
/// An object that encapsulates information that is required in order to use the
///
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (_ForceOnLoggedIn == false)
{
this.ForceSecure(filterContext);
}
else
{
//check if Login
if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
{
//if login then need to force secure page
this.ForceSecure(filterContext);
}
else
{
//if not login then need to force to unsecure page
this.ForceUnsecure(filterContext);
}
}
}
Thursday, July 21, 2011
anti frogery for mvc and ajax
I just found very good solution to protect our sites from Anti Frogery for ASP.NET MVC and AJAX.
This solution can be easily applied to class controller and ajax.
Here is the article.
http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx
--
This solution can be easily applied to class controller and ajax.
Here is the article.
http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx
--
Wednesday, July 20, 2011
Javascript XSS Attack
Reminder for javascript XSS Attack
For example
var name = "<%= UserInput %>";
If there is a post which submit the username with
" ;alert(document.cookie);//
then this will trigger XSS Attack.
There is simple fix which I have added inside String Extension (available for Support R5)
var currentUsername = "<%= Encoder.JavascriptEncode(UserInput) %>";
Hopefully this post can be a reminder for all of us to protect our site.
For example
var name = "<%= UserInput %>";
If there is a post which submit the username with
" ;alert(document.cookie);//
then this will trigger XSS Attack.
There is simple fix which I have added inside String Extension (available for Support R5)
var currentUsername = "<%= Encoder.JavascriptEncode(UserInput) %>";
Hopefully this post can be a reminder for all of us to protect our site.
Monday, July 11, 2011
Client validation in FF
Recently, I have to fix a bug where client validation doesn’t work in FF.
Finally, i notice that the problem exist in web.config which tells to force xhtmlConformance mode=”legacy”
1:
This will render the validation attribute
1:
2: 3: controltovalidate="text1"
4: id="required1"
5: evaluationfunction="RequiredFieldValidatorEvaluateIsValid"
6: validationgroup="grp1"
7: initialvalue=""
8: style="color:Red;visibility:hidden;">required
Instead of this
1: 2: yle="color:Red;visibility:hidden;">required
3:
4:
The reason why it doesn’t work is EXPANDO.
When tracing in the debugger, you can see that the expando properties are
not recognized, though they do exist in the "attributes" collection.
Expando attributes are fine in Firefox, but cannot be accessed as if they
are a part of the DOM as IE allows. Any attribute that is not part of the
DOM is only accessible via obj.getAttribute('x') or obj.attributes['x'].value.
The ASP.NET 2.0 client script library needs to be updated to avoid the
DOM-like property access to expando attributes. Instead, use getAttribute().
Some links re expandos:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/referen
ce/properties/expando.asp
http://www.xulplanet.com/ndeakin/archive/2004/9/12/
http://www.howtocreate.co.uk/tutorials/javascript/dombasics
Also, all HTML attributes are supposed to be caseless, so
and are identical. However IE 6 treats them as two
different attributes, so be sure that all references are in lowercase!
Finally, i notice that the problem exist in web.config which tells to force xhtmlConformance mode=”legacy”
1:
This will render the validation attribute
1:
2: 3: controltovalidate="text1"
4: id="required1"
5: evaluationfunction="RequiredFieldValidatorEvaluateIsValid"
6: validationgroup="grp1"
7: initialvalue=""
8: style="color:Red;visibility:hidden;">required
Instead of this
1: 2: yle="color:Red;visibility:hidden;">required
3:
4:
The reason why it doesn’t work is EXPANDO.
When tracing in the debugger, you can see that the expando properties are
not recognized, though they do exist in the "attributes" collection.
Expando attributes are fine in Firefox, but cannot be accessed as if they
are a part of the DOM as IE allows. Any attribute that is not part of the
DOM is only accessible via obj.getAttribute('x') or obj.attributes['x'].value.
The ASP.NET 2.0 client script library needs to be updated to avoid the
DOM-like property access to expando attributes. Instead, use getAttribute().
Some links re expandos:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/referen
ce/properties/expando.asp
http://www.xulplanet.com/ndeakin/archive/2004/9/12/
http://www.howtocreate.co.uk/tutorials/javascript/dombasics
Also, all HTML attributes are supposed to be caseless, so
and are identical. However IE 6 treats them as two
different attributes, so be sure that all references are in lowercase!
Wednesday, June 22, 2011
EJB 3.1 Cookbook
Recently I read new release book titled “EJB 3.1 Cookbook” by Richard M.Reese. http://www.packtpub.com/ejb-3-1-cookbook/book
If you wonder why I read this book instead of .NET book, Please find it on this post. =D
This book talks about building real world EJB solutions with a collection of simple but incredibly effective recipes and here a list of the overview of this book.
- Build real world solutions and address many common tasks found in the development of EJB applications
- Manage transactions and secure your EJB applications
- Master EJB Web Services
- Part of Packt's Cookbook series: Comprehensive step-by-step recipes illustrate the use of Java to incorporate EJB 3.1 technologies
Enterprise Java Beans enable rapid and simplified development of secure and portable applications based on Java technology.Creating and using EJBs can be challenging and rewarding. Among the challenges are learning the EJB technology itself, learning how to use the development environment you have chosen for EJB development, and the testing of the EJBs.
This EJB 3.1 Cookbook addresses all these challenges and covers new 3.1 features, along with explanations of useful retained features from earlier versions. It brings the reader quickly up to speed on how to use EJB 3.1 techniques through the use of step-by-step examples without the need to use multiple incompatible resources. The coverage is concise and to the point, and is organized to allow you to quickly find and learn those features of interest to you.
The book starts with coverage of EJB clients. The reader can choose the chapters and recipes which best address his or her specific needs. The newer EJB technologies presented include singleton beans which support application wide needs and interceptors to permit processing before and after a target method is invoked. Asynchronous invocation of methods and enhancements to the timer service are also covered.
The EJB 3.1 CookBook is a very straightforward and rewarding source of techniques supporting Java EE applications.
What you will learn from this book :
- Create and use the different types of EJBs along with the use of the optional session bean business interface
- Create a singleton session bean for application-wide use
- Use declarative and programmatic techniques for security, timer services, and transaction processing
- Use asynchronous session beans to complement message driven beans
- Support aspect oriented features such as logging and data validation using interceptors
- Use EJBs in support of message based applications
- Master the use of deployment descriptors and improved packaging options
- Use EJBs outside of the Java EE environment using the embeddable container
Approach
Each recipe comprises step-by-step instructions followed by an analysis of what was done in each task and other useful information. The book is designed so that you can read it chapter by chapter, or look at the list of recipes and refer to them in no particular order. It is packed with useful screenshots to make your learning even easier.
Who this book is written for
The book is aimed at Java EE and EJB developers and programmers. Readers should be familiar with the use of servlets in the construction of a web application. A working knowledge of XML is also desirable.
After I read this book I am really grateful to take .NET as my favourite framework. Because since in I was uni when I was first learned EJB, The version was not different. There is slightly changes and less improvement. However overall this book is really great. Easy to read and great coverage of knowledge.
Subscribe to:
Posts (Atom)