Tag: dwr
Protecting web requests
by ricardoz on Jul.15, 2011, under JavaScript, Security, Tips, Web related
Afraid of malicious injections in your web app requests, heres a simple way to improve your application security. Push every request parameter through a filtering function before it’s feeded to your application code.
Such a function can be as simple as:
1 2 3 4 5 6 7 8 9 10 | private String cleanParameter(String value) { if (value != null) { value = value.replaceAll("<", "<").replaceAll(">", ">"); value = value.replaceAll("\\(", "(").replaceAll("\\)", ")"); value = value.replaceAll("'", "'"); value = value.replaceAll("eval\\((.*)\\)", ""); value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); } return value; } |
This will escape/remove potentially dangerous Javascript code and HTML/XML tags.
You can implement this on a web filter or a struts interceptor or a DWR filter depending on the technology you use for you app.
Obovweb source code – a Google Appengine sample
by ricardoz on Oct.20, 2009, under Security, Tips, Web related
Someone asked me about the implementation details of the Google Appengine sample I published a few weeks ago (http://obovweb.appspot.com/). Well, you can get a hold of the source code here.
There’s not much to tell, apart from the specific HMAC-SHA1 implementation (which you can check out in Obovs source code) it’s a very simple JSP/DWR application.
Trying out Google Appengine – OTP generation app
by ricardoz on Jul.15, 2009, under Security, Web related
I decided to try out the new Java based version of Google Appengine. So i wrote a very simple web app that allows the user to generate one time passwords (OTP) using the HMAC-SHA1 algortihm (see OATH).
You can check it out at http://obovweb.appspot.com. As the name suggests its based on my obov library.
(continue reading…)
Paginated lists made really easy (part 2 of 2 – back-end)
by ricardoz on Oct.27, 2008, under Articles, JavaScript, Web related
In our first installment we reviewed the front-end part of developing a paginated list using AJAX and Java. Now we will dive into the back-end of our pagination mechanism.
(continue reading…)
Paginated lists made really easy (part 1 of 2 – front-end)
by ricardoz on May.14, 2008, under Articles, JavaScript, Web related
You have to display a list of items in a web application, for each item allowing several operations (ie modification, deletion, etc.). The list can potentially be quite long, so pagination is required.
This scenario is common in backoffice web applications and public web sites, be it for administering information or as search results display, etc.
I’ll describe a simple way to implement a lightweight pagination engine that minimizes load on the server and gives the user the better experience possible. In this first installment I’ll focus on the front-end side, describing how to lay out the HTML, load it using AJAX and implementing the basic operations the user needs to navigate in your paginated list.
(continue reading…)
AJAX autocomplete
by ricardoz on Apr.17, 2008, under JavaScript, Tips, Web related
Using a nice AJAX auto completable input box is much nicer (for the user) than a combo box with 100 options. If you use jQuery, you may use a quite easy yet powerful plug-in called jquery.autocomplete (original, eh?). Grab it at http://www.pengoworks.com/workshop/jquery/autocomplete.htm.
(continue reading…)
