Tuesday, 27 November 2012

Why is Request.UrlReferrer null?

I was looking for a consistent way to know the url a user was coming from when loading a page. I thought I will be able to use Request.UrlReferrer. But it proved otherwise when I did some experiments.

The situations where it does work include the following methods of a browser loading a URL:

  • clicking on a straight HTML @lt;a href> link;
  • submitting a form, using POST or GET, from a submit button, or client-side script (form.submit())

The situations where it doesn't work:

  • using Response.Redirect / Server.Transfer;
  • clicking on a Favorite, History, or the recently-typed URLs list;
  • clicking on 'Home' in IE's toolbar, or an item in IE's 'Links' toolbar;
  • using location.href or location.replace() in client-side JScript/JavaScript/VBScript;
  • typing the URL directly in the browser and hitting Enter or clicking 'Go';
  • launching a clickable URL from an e-mail or MS Office document;
  • using Response.AddHeader or <meta http-equiv=refresh> to redirect;
  • loading the URL with XML
More:
http://forums.asp.net/t/1097333.aspx/1
http://www.kruegerwebdesign.com/blog/request-urlreferrer-is-null-what-gives
http://www.codeproject.com/Questions/104895/Is-there-any-alternative-for-UrlReferrer-and-HTTP_

Monday, 26 November 2012

Validating User Input to Avoid Attacks

To protect against vulnerabilities such as script injection and cross-site scripting, user input can be verified and rejected, or an application can remove harmful characters and continue processing. This topic provides example code that uses regular expressions to verify user input.

Example code

The following examples shows you how to validate a string using a regular expression. The regular expression, ^[\w\.:\?&=/]*$, searches for a complete string (from beginning to end) that contains only the following characters:

  • alphanumeric or underscore (_)
  • periods (.)
  • colons (:)
  • question marks (?)
  • ampersands (&)
  • equal signs (=)
  • forward slashes (/)

The following example shows you how to use the Visual Basic programming language to include a function that returns a Boolean value indicating if the string that it sent to the function is a valid URL, which might contain a query string.

Public Function ValidateInput(ByVal sInput As String) As Boolean 
    Dim reValid As RegExp 
    Set reValid = New RegExp 

    reValid.Pattern = "^[\w\.:\?&=/]*$" 
    reValid.MultiLine = False 
    reValid.Global = True 

    ValidateInput = reValid.Test(sInput) 
End Function 

Public Function RedirectTo() As Boolean 
    If ValidateInput(myURL) Then 
        Dim objContext As ObjectContext 
        Dim objResponse As Response 
        Set objContext = GetObjectContext() 
        Set objResponse = objContext("Response") 
        objResponse.Redirect (myURL) 
        RedirectTo = True 
    Else 
        RedirectTo = False 
    End If 
End Function 
source: http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx

ASP ServerVariables Collection

The ServerVariables collection is used to retrieve the server variable values.

The ServerVariables collection retrieves the values of predetermined environment variables and request header information.

Server variables obtain most of their information from headers. It is wise to not trust the data that is contained in headers, as this information can be falsified by malicious users. For example, do not rely on data such as cookies to securely identify a user.

Below table lists name of few server variable and the value it returns

VariableDescription
ALL_HTTPReturns all HTTP headers sent by the client. Always prefixed with HTTP_ and capitalized
CONTENT_TYPEReturns the data type of the content
HTTP_REFERERReturns a string containing the URL of the page that referred the request to the current page using an <a> tag. If the page is redirected, HTTP_REFERER is empty
REMOTE_ADDRReturns the IP address of the remote host making the request
URLReturns the base portion of the URL

 

Click here for a complete list of Server Variables

Request.ServerVariables Collection

Wednesday, 7 November 2012

Add Remove option to SELECT list jQuery

Add options to the end of select element

$('#elementid').append('<option value="1">UK</option>');

Add options to the start of select element

$('#elementid').prepend('<option value="0">Before UK</option>');

Add options after selected index

$("#elementid option:eq(0)").after("<option value='4'>US</option>);"

Add options before selected index

$("#elementid option:eq(3)").before("<option value='5'>India</option>")

Replace items at a certain index

$("#elementid option:eq(1)").replaceWith("<option value='2'>China</option>")

Remove option at specified index

$("#elementid option:eq(0)").remove()

Remove first option

$("#elementid option:first").remove()

Remove last option

$("#elementid option:last").remove()

Remove option with a specific value

$("#elementid option:[value='UK']").remove()

http://comp345.awardspace.com/select_element_cheatsheet.pdf

How to avoid CVS - Computer Vision Syndrome?

what exactly is CVS?

Pinching headache, redness in the eyes, dryness, persistent pain in the neck, back and shoulder… these are not signs of aging but a common problem that even children and young adults are facing today. You can blame it on the dependency on electronic gadgets like computers and laptops.

We neglect minor pains thinking it is due to stress, migraine or work pressure but the underlying problem which has grown rapidly in metro cities is Computer Vision Syndrome, a complex of eye or vision problems which are experienced during and related to computer use.

What causes it?

Eyes are the most delicate part of the body. Staring at the brightly-lit computer screen for hours at a stretch is adversely affecting the eyesight of people across the globe. This health condition most commonly occurs when the viewing demand of the task exceeds the visual ability of the video display terminal user. CVS is caused by our eyes and brain reacting differently to characters on the screen than they do to printed characters.

Working at a computer requires focus on the computer screen. In this modern age where everything is getting digital you have to sit for hours in front of the computer screen. Prolonged viewing is the most common cause and it has been proven to be unnatural for the human optical system.

How you can avoid contracting CVS

Blinking is very important when working at a computer -- it rewets your eyes to avoid dryness and irritation. When working on a computer, people blink less frequently. The human eye normally blinks approximately 14 times per minute but when we use computer the blinks are limited only 4 to 6 times per minute. Lower blinking rates cause the eye moisture to evaporate and this is generally referred to as dry eye.

Dry eye causes people to arch their foreheads in an effort to see better, thus causing headaches. The awkward, unnatural postures, leads to sore backs, stiff necks and pain in the shoulder.

Aches and pains are often caused by trying to read the screen through the bottom portion of bifocals, or though half-eye reading glasses. You tip your head up or lean forward to see and this unnatural posture makes you sore.

Computer eyeglasses make the screen look clearer because they eliminate the constant refocusing effort that the eyes go through when viewing the screen. It has also been proven clinically that having the correct prescription in computer eyeglasses increases productivity and accuracy.

If you work in a brightly lit office, you may benefit from a light tint applied to your computer lenses. This can cut the amount of light that reaches your eyes and provide relief in some cases. But tints and filters don't address the underlying cause of computer eyestrain.

Tips to safeguard your eyes

Some important steps that you can take to safeguard your eyes from CVS are:

  • use proper lighting
  • minimize the glaze and brightness of the computer
  • the quality of your monitor display etc.

More than 70 percent of computer users need computer eyeglasses according to a study performed by the University of California, Berkeley, 25 per cent -30 per cent of children would benefit from computer eyewear.

Ergonomics is a vital aspect of safeguarding your eyes from CVS. Changing one's computer workstation can certainly help to minimise other physical symptoms. But ergonomics cannot fix a visual problem. The proper prescription computer eyeglass at the proper computer distance (18" to 28") is the most important. This can be done only with the right computer lens prescription.

Place your monitor directly in front of you, not off to one side (it should be about 20 to 26 inches away from you).

Make sure your monitor is NOT too high. CVS expert Dr James Sheedy recommends that the center of the screen be four to nine inches below your straight-ahead gaze.

If you reposition your chair, keep in mind that your arms should be parallel to the floor when you type, and your feet should be flat on the floor (or a footstool).

Keep contrast and brightness at moderate levels and reduce your screen glare, you should it a point to make blink rapidly.

Blink 10 times by closing your eyes as if falling asleep (very slowly). This will help rewet your eyes. Do this after every 30 minutes and take frequent breaks and exercise your eyes whenever possible.

Source: Rediff.com's article on CVS wrritter by Dr Sri Ganesh, the chairman and managing director of Bangalore's Nethradhama Hospital Pvt Ltd.