Tuesday, March 29, 2011

Javascript: Passing variables with setTimeout and getting it to work

source: http://www.graphic-euphoria.co.uk/javascript-passing-variables-with-settimeout-and-getting-it-to-work-in-internet-explorer


The Problem

If you write any sort of Javascript code then you probably have come across this at some point. Passing a variableto a function triggered from setTimeout doesn’t work in IE. Luckily I stumbled across a widely unknown solution! Normally you would use this:
  1. setTimeout(“myFunction(‘“+variable+”’)”,1000);  
but you are meant to be able to use this:
  1. setTimeout(myFunction,1000,variable);  
but frustratingly it doesn’t work in any version of Internet Explorer.

The Solution

Well, it is surprisingly simple. You just need to encase your function name in a ‘closure’. i.e. a function declaration. This is surprisingly similar to flash actionscript which is of course javascript based. Why didn’t I think of this before?? So you simply put:
view plaincopy to clipboardprint?
  1. setTimeout(function(){myFunction(variable); variable = null},1000);  
the ‘variable = null’ is to stop a memory leak as the variable is not deleted as it should be. (thanksmakemineatriple)
Posted by at No comments:
Labels: , , ,

Monday, March 28, 2011

A potentially dangerous Request.Form ...

source : http://www.cryer.co.uk/brian/mswinswdev/ms_vbnet_server_error_potentially_dangerous.htm

Symptom:

When entering a value with angled brackets into a text box on a .NET application the following error is generated in the browser:
Server Error in '/folder' Application.
A potentially dangerous Request.Form value was detected from the client (TextBoxN="...")

Cause

The .NET framework is throwing up an error because it detected something in the entered text which looks like an HTML statement. The text doesn't need to contain valid HTML, just anything with opening and closing angled brackets ("<...>").
The reason behind the error is as a security precaution. Developers need to be aware that users might try to inject HTML (or even a script) into a text box which may affect how the form is rendered. For further details see www.asp.net/learn/whitepapers/request-validation/.
This checking was not performed in the .NET 1.0 framework and was introduced with the .NET 1.1 framework.

Remedy:

The remedy is in two parts and you MUST action both:
  1. To disable request validation on a page add the following directive to the existing "page" directive in the file (you will need to switch to the HTML view for this):ValidateRequest="false"
    for example if you already have:
    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm"%>
    then this should become:
    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm" ValidateRequest="false"%>
    In later versions of Visual Studio the value of this property is available via the page properties, so simply set "ValidateRequest" to "False". Either method of setting this achieves the same result.
    Note:
    If you are using .NET 4 then you will need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file. For example:
    If you don't already have a httpRuntime section in the web.config file then this goes inside the  section.
    Alternately, instead of turning validation off on a page by page basis you can turn request validation off globally (but in which case be sure to implement item two below). To globally turn request validation off add the following to your web.config file:

    this should go within the  section. This will turn off request validation for every page in your application.

    Warning

    With request validation turned off, users will be able to enter html into text boxes on the page. For example entering:
    < script>
    alert('Oops!')
    < /script>
    will be rendered by the browser (when the form is updated and the contents redisplayed) as JavaScript and a message box will appear with the message "Oops!". This is generally considered to be undesirable!
  2. Unless you actually need users to be able to enter HTML you must convert the string to its HTML encoding equivalent - basically this means that certain characters (like "<") are converted to codes (so "<" is converted to "<", etc). To perform this conversion use HttpUtility.HtmlEncode, for example:MyLabel.Text = HttpUtility.HtmlEncode(MyTextBox.Text)
    You only need to consider this for any text that will be rendered in the browser.
These notes are believed to be correct for .NET 1.1, .NET 2, .NET 3.5 and .NET 4.0, and may apply to other versions as well.
Posted by at No comments:
Labels: , ,

Tuesday, March 1, 2011

#warning directive

Visual Studio .NET 2003

#warning lets you generate a level one warning from a specific location in your code.
Copy
#warning text
where:
text
The text of the warning that should appear in the compiler's output.

Remarks

A common use of #warning is in a conditional directive. It is also possible to generate a user-defined error with #error.

Example

Copy
// preprocessor_warning.cs
// CS1030 expected
#define DEBUG
public class MyClass 
{
   public static void Main() 
   {
      #if DEBUG
      #warning DEBUG is defined
      #endif
   }
}

See Also

C# Preprocessor Directives
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)