Tag: web
Protecting web requests
by ricardoz on Jul.15, 2011, under JavaScript, Security, Tips, Web related
Afraid of malicious injections in your web app requests, heres a simple way to improve your application security. Push every request parameter through a filtering function before it’s feeded to your application code.
Such a function can be as simple as:
1 2 3 4 5 6 7 8 9 10 | private String cleanParameter(String value) { if (value != null) { value = value.replaceAll("<", "<").replaceAll(">", ">"); value = value.replaceAll("\\(", "(").replaceAll("\\)", ")"); value = value.replaceAll("'", "'"); value = value.replaceAll("eval\\((.*)\\)", ""); value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); } return value; } |
This will escape/remove potentially dangerous Javascript code and HTML/XML tags.
You can implement this on a web filter or a struts interceptor or a DWR filter depending on the technology you use for you app.
Enabling “Enter” in a form without a submit button
by ricardoz on Oct.13, 2009, under JavaScript, Tips
I find it quite annoying when I can’t post/confirm a web form using the Enter key.
Here is a nifty little javascript trick to do it when you do not need/want a submit input in your html.
(continue reading…)
Blocking multiple clicks real easy
by ricardoz on Aug.10, 2009, under JavaScript, Performance, Security, Web related
I’ve faced this problem a few times before, but this time I decided to find a generic solution to it. I needed to prevent users from clicking action links in a web application multiple times and therefore triggering some server side action a lot of times when only one time was enough/needed.
After looking around for a few hours for an elegant solution I just couldn’t find one, all the articles/answers I found required controls on each link and/or special handling on the server side code that reacted to them.
(continue reading…)
Trying out Google Appengine – OTP generation app
by ricardoz on Jul.15, 2009, under Security, Web related
I decided to try out the new Java based version of Google Appengine. So i wrote a very simple web app that allows the user to generate one time passwords (OTP) using the HMAC-SHA1 algortihm (see OATH).
You can check it out at http://obovweb.appspot.com. As the name suggests its based on my obov library.
(continue reading…)
Paginated lists made really easy (part 2 of 2 – back-end)
by ricardoz on Oct.27, 2008, under Articles, JavaScript, Web related
In our first installment we reviewed the front-end part of developing a paginated list using AJAX and Java. Now we will dive into the back-end of our pagination mechanism.
(continue reading…)
Setup your web server to properly serve MS Office 2007 files
by ricardoz on Oct.20, 2008, under Tips, Web related
Most web servers are missing the new MIME types needed for Office 2007 files (docx, xslx, etc.) and when you server one of this files from your web application the users browser typically tries to open them as ZIP files.
(continue reading…)
Download a file using Java
by ricardoz on Oct.10, 2008, under Tips, Web related
Download a file using Java from a URL should be a simple task, well it is :P. If you just don’t want to think too much about it here is a sample method to do it.
(continue reading…)
