Fixing Cross-site Scripting In Search Box
Aug 13, 2014
fixing an issue in the search textbox in one of the jsp's. I was informed that cross site scripting can be done in the textbox and I kept the below code in my jsp to fix the issue:
searchTerm = request.getParameter("search");
searchTerm = searchTerm.replaceAll("<", "<").replaceAll(">", ">");
searchTerm = searchTerm.replaceAll("[^A-Za-z0-9 ]", "");
searchTerm = searchTerm.replaceAll("eval((.*))", "");
searchTerm = searchTerm.replaceAll("["'][s]*((?i)javascript):(.*)["']", """");
[code]...
Now, after applying the above code, the cross site scripting can be done and the problem is that the search can't be done using the textbox and all the time will display none results.
View Replies
ADVERTISEMENT
Aug 13, 2014
I need fixing an issue in the search textbox in one of the jsp's. I was informed that cross site scripting can be done in the textbox and I kept the below code in my jsp to fix the issue:
Java Code:
searchTerm = request.getParameter("search");
searchTerm = searchTerm.replaceAll("<", "<").replaceAll(">", ">");
searchTerm = searchTerm.replaceAll("[^A-Za-z0-9 ]", "");
searchTerm = searchTerm.replaceAll("eval((.*))", "");
searchTerm = searchTerm.replaceAll("["'][s]*((?i)javascript):(.*)["']", """");
[Code] ....
Now, after applying the above code, the cross site scripting can be done and the problem is that the search can't be done using the textbox and all the time will display none results.
View Replies
View Related
Jan 12, 2015
If some one add script in my URL, I want the script not pop up, we have tomcat 6 [URL] .....
View Replies
View Related
Sep 22, 2014
Whenever i see online ticket booking site one question arise, How ticket booked in one site reflect in other site.
If i book 2 ticket from PVR online portal that two ticket will be showed as booked in bookmyshow.com, which technology is used for this and how.
View Replies
View Related
May 12, 2014
I was trying to set scripting-invalid true , but even after setting it to true I am able to use scripting. This is the web.xml under WEB-INF
<web-app>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>
true
</scripting-invalid>
</jsp-property-group>
</jsp-config>
</web-app>
And This is the jsp page
<html>
<body>
<!-- Here I am going to use scripting like scriptlet,expression and other element like jsp declaration element -->
<%!int i=0;%>
<%System.out.println("Scriptlet");%>
<%=new String("Expression")%>
</body>
</html>
Why its not working ?
View Replies
View Related
Apr 26, 2014
I have now four types of employees. Managers (who receive a fixed weekly salary), Design workers (who receive a fixed hourly wage for up to the first 40 hours they work and "time-and-a-half," i.e., 1.5 times their hourly wage, for overtime hours worked), Sales workers (who receive a $250 plus 5.7% of their gross weekly sales), and Manufacturing (who receive a fixed amount of money per item for each of the items they produce -- each manufacture in this company works on only one type of item). and here are my classes:
employee class
the problem is i get this output:
You chose to open this file: Employees.txt
John Smith Manufacturing 6.75 120 444
0.0
Betty White Manager 1200.0 0 111
0.0
Stan Slimy Sales 10000.0 0 332
250.0
Betty Boop Design 12.5 50 244
0.0
meaning that it is getting 0 for all my calculations and leading to this weekly report:
WEEKLY PAY REPORT FOR Wacky Widgets COMPANY
Employee
0
WEEKLY PAY
250
Total Payroll: $0.0
Total number of managers paid:1
Total number of Design Employees paid:1
Total number of Sales Employees paid:1
Total number of Manufacturing Employees paid:1
fixing my methods so they can accept the integers of the file and use them in the calculation since all im getting at the moment are 0 values.
here is the abstract class from which all the other employees type are extending from
public abstract class Employee {
public abstract double calculateWeeklyPay();
private String fName;
private String lName;
private int EmpId;
private Position p ;
[code]....
View Replies
View Related
Jan 26, 2014
now i'm working on a program which contain JTable..how i can make the columns fixed in it's place and how i can make them in a fixed length.
View Replies
View Related
Apr 29, 2014
There are few modules in our application whose performance degrade with time when 50-100 simultaneous users are working on them at a given instance.The memory allocations are taken care of to allow maximum data.My issue to where to start finding the root cause.
I am currenlty using JvisualVM for profiling and finding memory leaks..Do i need to Simualte 50-100 virtual users and start finding the memory leaks with JvisualVM or working with a single user would do ?
View Replies
View Related
Oct 3, 2014
I need to create a diagonal cross however I can not figure out how to do the upper left side of it.
Currently I am getting
0*
1--*
2---*
3 *--*
4*-----*
I want to get it to look like
0*------*
1 *--*
2----*
3 *---*
4*------ *
( I replaced spaces with -) So far I have
System.out.println("Input a size(must be larger than 1: )");
size=input.nextInt();
if (size>1) {
for (x=0;x<size;x++){
System.out.println("");
[Code] ....
View Replies
View Related
Dec 8, 2014
The program I'm supposed to create generates a random number between one to ten. Then the program is to ask me if I wish to cross the road.
If you choose to cross, the outcomes for 0-2 are "You crossed safely."
For 3-5, 75% of the time it should say "RIP you got run over", and 35% of the time it should say "You crossed the street."
For 6-8, 60% of the time it should say you made it.", and 40% of the time it should say "You died". For 9-10, it should say "RIP".
So far I have gotten the random number generation part working,
import java.util.Random;
public class test4 {
public static void main(String[] args) {
Random random = new Random();
for(int i =0; i < 1; i++){
int num = random.nextInt(10) + 1;
System.out.println("The number of cars on the street are: " + num + "
Do you wish to cross the road?");
}
}
}
View Replies
View Related
Sep 1, 2014
I'm trying to build a method that can search a binary search tree for a specific target and then return the number of probes it took to get there. It seems to me that the best way to do this would be a recursive search method and a counter that tracks the number of calls. But I'm struggling with how to implement this. Here's the code I have so far. what works/doesn't work with the method.
// Method to search the tree for a specific name and
// return the number of probes
public T search(BTNode<T> btNode) {
[Code]....
View Replies
View Related
Oct 30, 2014
I have to calculate auto and cross-correlation from a file, like this:
Rxx(n)= 1/N* SUM[from k=1 to N-n]((x(k)-x(mean))*x(k+n)-x(mean))
and after
Rxy(n)= 1/N* SUM[from k=1 to N-n]((x(k)-x(mean))*y(k+n)-y(mean))
I've 600 x an y,
k = the numbers of x (N is the last one)
n = 0....N-1
View Replies
View Related
Oct 26, 2014
I have to calculate auto and cross-correlation from a file, like this:
Rxx(n)= 1/N* SUM[from k=1 to N-n]((x(k)-x(mean))*x(k+n)-x(mean))
and after
Rxy(n)= 1/N* SUM[from k=1 to N-n]((x(k)-x(mean))*y(k+n)-y(mean))
I've 600 x an y,
k = the numbers of x (N is the last one)
n = 0....N-1
already calculated mean, and I've tried the following (but it doesnt work):
String sor;
int i=0;
while ((sor = br.readLine()) != null) {
String [] adatok =sor.trim().split(",");
[Code] ....
View Replies
View Related
Jan 11, 2014
So the user is on a website and I want them to go to another site using the same browser and tab.Can this be done in java? And yes the java program is running on the browser .
View Replies
View Related
Apr 22, 2014
I want to create a search method that returns the frequency of a word in the search method.
public class IndexTree {
private class TreeNode {
TreeNode left;
String word;
int frequency;
TreeNode right;
[Code] .....
View Replies
View Related
Apr 9, 2014
I made a small aplication which draws 3 rectangles in different spots(0,0 , 50,50 , 100,100)
Am I used an KeyListener + ActionListener, to make them move in the let's call it box.
How can I do in order that those 3 elements do not cross, so you can always see them, they don't collapse into each other?
Java Code:
package matrixmoveelements;
import java.awt.Color;
import java.awt.Graphics;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.KeyEvent;
[Code] ......
View Replies
View Related
Jun 20, 2014
the prime numbers from 1 to 2500 can be obtained as follows. From a list of the numbers of 1 to 2500,cross out al multiples of 2 (but not 2 itself). Then, find the next number (n, say) that is not crossed out and cross out all multiples of n (but not including n).
Repeat this last step provided that n has not exceeded 50 (the square root of 2500). The numbers remaining in the list (except 1) are prime. Write a program which uses this method to print all primes from 1 to 2500. Store your output in a file called primes.out.
View Replies
View Related
Feb 25, 2015
I have an ecommerce site that has about 100000 SKUs. What is the best practice for handling all the product images as far as where to store them and how to display them on the pages? Should I have a separate HTTP server to serve the images?
View Replies
View Related
Oct 22, 2014
I'm looking for a way to gather data from a site page. all data is shown in the same page... I am trying to get the content and parse it is a bit crazy as data seems to be not organized. Itried to get it as a document but still looks crazy.
As all data is shown very clearly in the page (I would like every row to be an object) I'm sure there is some way to collect this data easily. (the data is from this page: [URL] ....)
I'll attach a snapshot and the content I got from the website.
in-play.jpgall_in-play_page.txtin-play.jpgall_in-play_page.txt
View Replies
View Related
Dec 25, 2011
Is there a way to find how many users are logging on to my site at a specific time?
View Replies
View Related
Feb 10, 2014
I am running a page that launches a Java Webstart app and a Java Applet. I don't have problem launching this page in Firefox, but I have to run it in IE11. The thing is IE11 keep redirecting me to oracle java download site. I have install Java RE like 3 times from IE already. What am I missing?
View Replies
View Related
Apr 2, 2014
When I am watching scjp mock test, I am getting error about security.
I am trying to add www.javaranch.com to site exception list in java control panel. I can see security tab in java control panel, there I find field for Site Exception List. When I am add [URL] .... to this site exception list, list is not getting populated.
Why is that ? Why am I unable to add this site to list ?
I am using 64-bit system and have downloaded and installed 64 bit update patch 51.
View Replies
View Related
Dec 11, 2014
I am using a command button to post a form to backing bean method. At the end of that method I am attempting to redirect to an external site after setting various options in the response. I get an IllegalState Exception because of the redirect.
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendRedirectWithStatusCode
(WebAppDispatcherContext.java:571)
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendRedirect
(WebAppDispatcherContext.java:528)
at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendRedirect(SRTServletResponse.java:1234)
at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:426)
at com.sun.faces.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:181)
here is the problem code from the backing bean method:
if ( redirectPage != null ) {
logger.debug("attempting redirect: " +
View Replies
View Related
Aug 29, 2014
I'm looking for a way to put a tabs on a TabPane starting from both sides on the same edge.
Imagine having 3 or 4 tabs at the top left as in the default behavior, and one at the top right for some "special" features.
Is there a way to do it? Or is something expected to exist in the future? (or not at all?)
View Replies
View Related
Dec 8, 2014
The program I'm supposed to create generates a random number between one to ten. Then the program is to ask me if I wish to cross the road. If you choose to cross, the outcomes for 0-2 are "You crossed safely." For 3-5, 75% of the time it should say "RIP you got run over", and 35% of the time it should say "You crossed the street." For 6-8, 60% of the time it should say you made it.", and 40% of the time it should say "You died". For 9-10, it should say "RIP".
So far I have gotten the random number generation part working. I have up to here:
import java.util.Random;
public class test4 {
public static void main(String[] args) {
Random random = new Random();
for(int i =0; i < 1; i++){
int num = random.nextInt(10) + 1;
System.out.println("The number of cars on the street are: " + num + "Do you wish to cross the road?");
}
}
}
View Replies
View Related
Sep 12, 2014
I have tried running the java application without adding the site to site list in java security tab. But I get a sand box message as APPLICATION BLOCKED BY SECURITY SETTINGS. How to run the java application without adding the site to site list in java security tab.
View Replies
View Related
