YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
HTML input elements have a placeholder attribute which you can use to show a bit of text to prompt the end user. Although you can make an editable div by using the contenteditable attribute, it will not support the placeholder attribute. I needed to do both, so I ended up reinventing the placeholder attribute for [...]
Tagged CSS, div, input, placeholder, WebI think the Web Platform Installer is a great tool, but I have to question the wisdom of its home page:
If you click on these, you see… nothing. A description would be nice. ("Application Request Routing? What’s that? EC-CUBE?")
But that’s not really the problem. The bigger problem is this: A "spotlighted installers" feature probably sounded [...]
The Rails 3.1 Release Candidate announcement contained news of many new and useful features, plus these regretful words:
has_secure_password: Dead-simple BCrypt-based passwords. Now there’s no excuse not to roll your own authentication scheme.
I will briefly provide an excuse.
"Simple BCrypt-based passwords" is a reasonable feature, but shouldn’t be mistaken for end-to-end authentication, or even a substantial subset [...]
I’m writing a grid-independent interface for displaying data in ASP.NET MVC applications, and I would like your feedback on the API design.
In my last post, I discussed some of the problems with existing grid components for ASP.NET MVC. Actually, there are a couple more design issues which I forgot to mention in that post. I’ll [...]
In this post, I will demonstrate how to make your own model validation attributes in order to share common validations throughout an ASP.NET MVC application, and which support MVC 2’s client-side validation feature.
Validating a ZIP Code
As an example, consider a model for an address.
public class EditModel
{
public Guid Id { get; set; [...]
Html helpers for ASP.NET MVC are static extension methods, which frequently reference the ViewContext and HttpContext. Combined, this can make unit testing a bit tricky. Let’s write a new Html helper using a test-first methodology. Let’s start with a prototype function:
public static MvcHtmlString MyTable(this HtmlHelper helper, MyModel model, IDictionary<string, object> htmlAttributes)
{
return MvcHtmlString.Empty;
}
I’ve added just enough code here to get the prototype to compile. Now let’s write [...]
Tagged asp.net mvc, C#, extension methods, html helpers, static methods, unit testingFor a project I’m currently working on, I have a need to add some JavaScript at the end of a page in an ASP.NET MVC application. Since this is part of what Html.EnableClientValidation does, I thought that I would check out that source code to see if there was any kind of generalized mechanism for [...]
Tagged asp.net mvc, javascript, validationApologies to those who tried my grid.history demo page Friday. In the course of updating the integration to support jqGrid 3.7.2 and simultaneously learning GitHub’s pages feature, I killed the demo. It’s fixed now, and I’ve added the ability to run the unit tests directly from that site, making it easier for me to test [...]
Tagged GitHub, Java, javascript, jqGrid, jQuery BBQI recently finished an integration between the open source jqGrid and jQuery BBQ libraries. I have released my integration as open source, as well. As with both projects, it is dual-licensed under the MIT and GPL licenses.
jqGrid is a JavaScript grid component with many useful features. I have previously explained how to use it with [...]
Bad Behavior has blocked 713 access attempts in the last 7 days.