Tuesday, June 12, 2007

ASP.NET Html Encoding

So have you ever had an ASP.NET application where you placed a couple of TextBox’s on but soon realized that when you entered in something like ‘1 is < 2’ or even more blunt and to the point “<div> hello </div><script type=’text/javascript’>alert(‘something bad’)</script>” and when you performed a post back you would get a nice little error from the server? Well if you haven’t had this happen you may experience this some time in the future so hopefully you’ll remember this bit of info and you wont be left scratching you head.

So this is actually a feature. I mean if you mistakenly forgot to verify some user input you might end up with some nice html injections on your site, and no-one wants those right. So this will display an error (not just a little ‘hello here I am now you can move on’ error, but an error that you probably don’t want people seeing either). So if you want to handle on your own you can disable the error that gets displayed by adding this little bit of text to your page directive (you can also add a setting to the web.config to make a system wide change, but I don’t think it’s recommended since you may overlook a place where they’re not being handled)


Now you’ll no longer get the errors. But now what? How are you going to handle these potential pests? Another little built in feature is the HTML encode/decode functions of the HttpServerUtility class. You might quickly find out though that this is a sealed class with no available constructors so there’s no making your own instance of this class. This class is however available to your Pages through the Server object (Server.HtmlEncode / Server.HtmlDecode). So now when someone sends in ‘<div>hello’ you can handle this by passing the text into the HtmlEncode(string) method and you’ll get back the encoded text ‘&ltdiv&gthello’ and if you want to update your text-box with the newly added info you can simply make a call to HtmlDecode(string) and get back ‘<div>hello’.

Sunday, June 10, 2007

Fun data retrieval

So I have a cousin who just bought his girlfriend a laptop. Well I guess he had the laptop for a couple weeks when someone gave him a.. well... not so legal copy of Windows and told him that it had everything he needed on it (Office etc). He figured it'd be pretty simple to get it installed and everything..

I got a call from him basically saying that the laptop would no longer boot, and he had installed Windows 3 times and now he just gets a blue screen. He asked if I could take a look at it for him. Well he bought it from HP so it had an XP Home edition license sticker on the bottom so I don't ask me why he was installing this other copy of XP. I figured it'd be pretty easy. I have a little USB adapter that I can plug into laptop hard drives that have the standard pin setup. We'll he brought it over and I took the drive out and it was some other different configuration (go go standards) so my little USB conversion wouldn't work. I needed to get the data he had on there off (didn't want to loose their files etc). I coulda installed Windows on an external drive and then booted from that to get to the files on the drive, but that'd take too long. Then I remembered my good ol' days of tinker-ing with BSD's and Linux and downloaded a Linux 'Live' distro (you know.. the ones that boot completely off of a cd). I decided upon using Ubunto because it's been getting a lot of rave lately. So I popped it in, booted up, and the only thing I had to do was get Nautilus running with super user rights to access the NTFS file system. The rest was down hill. I copied everything over and formatted the drive. Then I installed his original copy of Windows using the license that was issued to the laptop and he was on his way. So the next time I need to get data off of a non-bootable computer that I can't easily just take the HD out and plug it into a functioning computer I'll remember the little trick I did this time.

Need an SSL cert to test your site?

Sometimes when you're developing a website that you know will be served on 'https' it's nice to be able to test using 'https' to make sure things work as expected. You could go the route of creating your own certificate using something like

makecert -r -pe -n "CN="%computername% -b 01/01/2000 -e 01/01/2036 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

but then you have to deal with the pesky messages that let you know that it's NOT a valid certificate, and/or adjust your browsers settings for your site etc. There is an easier approach to this. Many certificate authorities are now offering trial certificates. All you have to do is just give them a little bit of info about yourself (I guess you could use someone elses though) and you're good to go for a period of time.

I recently received a certificate from Thawte that will last me 90 days. This is plenty long enough for dev/testing of our site on SSL and I have a valid certificate that wont cause my browser to yell at me. Thawte was just the one that I happened to go through you can also get a trial from VeriSign although the trial isn't as long.

Saturday, June 02, 2007

Source Code Formatting... ugh

So I started a new blog and do most of the work for that blog on a Mac. I mainly use windows for this blog (since I post mainly about .NET) and have been fairly happy with Windows Live Writer and a code formatting plugin. Well I was looking for a good blogging tool for my Mac to use for my new blog. I looked into Ecto, Qumana, ScribeFire and I wasn't extremely thrilled about any of them. They would screw up my formatting mainly when doing code snippets. Why does it have to be such a pain to simply just post some source code in a blog as it appears in your code editor? Well after an hour of playing around with some of the mentioned blogging tools I finally remembered "Hey you're making this harder than you need to, remember you have a Mac and things are easier". After that little thought it took me a few seconds to get some source code into nice HTML form.

First I just did a simple copy of the source code straight from Eclipse.

Then I loaded up Pages and pasted what I copied.

Then I exported it to HTML and voila! Magic!