private void SaveSettings() { if (!Page.IsValid) { return; } try { int result = ES.Services.ExchangeServer.SetPublicFolderGeneralSettings( PanelRequest.ItemID, PanelRequest.AccountID, txtName.Text, chkHideAddressBook.Checked, authors.GetAccounts()); if (result < 0) { messageBox.ShowResultMessage(result); return; } messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_PFOLDER_SETTINGS"); // folder name string origName = litDisplayName.Text; origName = origName.Substring(0, origName.LastIndexOf("\\")); litDisplayName.Text = AntiXss.HtmlEncode(origName + txtName.Text); } catch (Exception ex) { messageBox.ShowErrorMessage("EXCHANGE_UPDATE_PFOLDER_SETTINGS", ex); } }
protected void Page_Load(object sender, EventArgs e) { //Check if the user is authenticated //Check if session variable Username exists if (this.Page.Session["Username"] != null) { //this.lblUsername.Text = "Welcome, " + Server.HtmlEncode(this.Page.Session["Username"].ToString()) + " | "; this.lblUsername.Text = "Welcome, " + AntiXss.HtmlEncode(this.Page.Session["Username"].ToString(), System.Drawing.KnownColor.Red) + " | "; this.lblUsername.Visible = true; this.btnLogout.Visible = true; } else { this.lblUsername.Visible = false; this.btnLogout.Visible = false; } if (this.Page.IsPostBack == false) { if (Request.QueryString["product"] != null) { //this.txtProduct.Text = Server.HtmlEncode(Request.QueryString["product"].ToString()); this.txtProduct.Text = AntiXss.HtmlEncode(Request.QueryString["product"].ToString()); this.SearchProduct(this.txtProduct.Text); } else { this.ShowAllProducts(); } } }
/// <summary> /// Write a new Column Header /// </summary> /// <param name="writer">HtmlTextWriter to write to </param> /// <param name="cssClass">CssClass</param> /// <param name="columnWidth">Column Width in Units</param> /// <param name="headerText">Header text</param> /// <param name="display">Should the header be displayed</param> /// <param name="columnSpan">Column Span</param> private static void WriteColumnHeader(HtmlTextWriter writer, string cssClass, Unit columnWidth, string headerText, bool display, int columnSpan) { // DrugDetails Column Header writer.WriteBeginTag(HtmlTextWriterTag.Th.ToString()); if (columnSpan > 1) { writer.WriteAttribute("colspan", "3"); } writer.WriteAttribute("class", cssClass); writer.WriteAttribute("nowrap", "nowrap"); writer.Write(" style=\""); writer.WriteStyleAttribute(HtmlTextWriterStyle.Width.ToString(), columnWidth.ToString()); if (!display) { writer.WriteStyleAttribute(HtmlTextWriterStyle.Display.ToString(), "none"); } writer.Write(HtmlTextWriter.DoubleQuoteChar); writer.Write(HtmlTextWriter.TagRightChar); writer.WriteBeginTag(HtmlTextWriterTag.Div.ToString()); writer.Write(" style=\""); writer.WriteStyleAttribute("white-space", "nowrap"); writer.WriteStyleAttribute("word-break", "none"); writer.Write(HtmlTextWriter.DoubleQuoteChar); writer.Write(HtmlTextWriter.TagRightChar); writer.Write(AntiXss.HtmlEncode(headerText)); writer.WriteEndTag(HtmlTextWriterTag.Div.ToString()); writer.WriteEndTag(HtmlTextWriterTag.Th.ToString()); }
private void SaveSettings() { if (!Page.IsValid) { return; } try { int result = ES.Services.ExchangeServer.SetDistributionListGeneralSettings( PanelRequest.ItemID, PanelRequest.AccountID, txtDisplayName.Text, chkHideAddressBook.Checked, manager.GetAccount(), members.GetAccounts(), txtNotes.Text); if (result < 0) { messageBox.ShowResultMessage(result); return; } litDisplayName.Text = AntiXss.HtmlEncode(txtDisplayName.Text); messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_DLIST_SETTINGS"); } catch (Exception ex) { messageBox.ShowErrorMessage("EXCHANGE_UPDATE_DLIST_SETTINGS", ex); } }
protected override string UrlPathEncode(string value) { //AntiXss.UrlEncode is too "pessimistic" for how ASP.NET uses UrlPathEncode //ASP.NET's UrlPathEncode splits the query-string off, and then Url encodes //the Url path portion, encoding any parts that are non-ASCII, or that //are <= 0x20 or >=0x7F. //Additionally, it is expected that: // UrPathEncode(string) == UrlPathEncode(UrlPathEncode(string)) //which is not the case for UrlEncode. //The Url needs to be separated into individual path segments, each of which //can then be Url encoded. string[] parts = value.Split("?".ToCharArray()); string originalPath = parts[0]; string originalQueryString = null; if (parts.Length == 2) { originalQueryString = "?" + parts[1]; } string[] pathSegments = originalPath.Split("/".ToCharArray()); for (int i = 0; i < pathSegments.Length; i++) { pathSegments[i] = AntiXss.UrlEncode(pathSegments[i]); //this step is currently too aggressive } return(String.Join("/", pathSegments) + originalQueryString); }
/// <summary> /// Processes the property. /// </summary> /// <param name="value">The value.</param> /// <param name="property">The property.</param> private static void ProcessProperty(object value, PropertyDescriptor property) { if (property.Attributes.Contains(AntiXssHtmlText)) { property.SetValue(value, AntiXss.GetSafeHtmlFragment((string)property.GetValue(value))); } }
/// <summary> /// Gets the feed items. /// </summary> /// <param name="feed">The feed.</param> /// <returns>Feed items to save.</returns> public static RssItemCRUDModel[] GetFeedItems(RssFeedCRUDModel feed) { List <RssItemCRUDModel> result = new List <RssItemCRUDModel>(); var connectionAction = RepositoryFactory.Action <IRssFeedConnection>(); // get items from remote url var items = connectionAction.GetFeedUrlItems(feed.Url); foreach (var rssItemRawData in items) { // if no author regex or author regex match if (string.IsNullOrEmpty(feed.AuthorRegex) || Regex.IsMatch(rssItemRawData.Author, feed.AuthorRegex, RegexOptions.Singleline)) { var item = new RssItemCRUDModel { FeedItemId = rssItemRawData.Id, Url = rssItemRawData.Url, Published = rssItemRawData.Published, Author = rssItemRawData.Author, Title = AntiXss.GetSafeHtmlFragment(rssItemRawData.Title), FeedId = feed.Id }; string content = rssItemRawData.Text; // if display full content, then get content url if (feed.GetDirectContent) { try { content = connectionAction.GetArticle(item.Url); } catch (Exception ex) { LogManager.GetCurrentClassLogger().ErrorException( string.Format("Unable to get article content for feed '{0}' for item url '{1}'. \nException: {2}", feed.Name, item.Url), ex); } } // apply content regex if (!string.IsNullOrEmpty(feed.ContentParseRegex)) { var match = Regex.Match(content, feed.ContentParseRegex, RegexOptions.Singleline); if (match.Success && match.Groups.Count > 0) { content = match.Groups[1].Value; } item.Text = AntiXss.GetSafeHtmlFragment(content); } item.Text = AntiXss.GetSafeHtmlFragment(content); item.Description = content.RemoveTags().Shorten(ModelConstants.DescriptionMaxLenghtConst); result.Add(item); } } return(result.ToArray()); }
/// <summary> /// Loads control that is intended to provide user ability to configure schedule task. /// </summary> /// <remarks> /// Returns loaded configuration view. /// </remarks> private ISchedulerTaskView LoadScheduleTaskConfigurationView(string taskId, bool visible) { //this.TaskParametersPlaceHolder.Controls.Clear(); string selectedTaskId = taskId; if (!String.IsNullOrEmpty(selectedTaskId)) { // Try to find view configuration ScheduleTaskViewConfiguration aspNetEnvironmentViewConfiguration = ES.Services.Scheduler.GetScheduleTaskViewConfiguration(selectedTaskId, ScheduleViewEnvironment); // If no configuration found ignore view if (aspNetEnvironmentViewConfiguration == null) { return(null); } // Description contains relative path to control to be loaded. Control view = this.LoadControl(aspNetEnvironmentViewConfiguration.Description); if (!(view is ISchedulerTaskView)) { // The view does not provide ability to set and get parameters. return(null); } view.ID = AntiXss.HtmlEncode(taskId); view.Visible = visible; view.EnableTheming = true; this.TaskParametersPlaceHolder.Controls.Add(view); return((ISchedulerTaskView)view); } return(null); }
protected void Button2_Click(object sender, EventArgs e) { MemberBL memBL = new MemberBL(); try { if (memBL.mem_update(Session["mID"].ToString(), name.Text, sex.SelectedValue, phone.Text, cellphone.Text, address.Text, email.Text) > 0) { Session["name"] = AntiXss.HtmlEncode(name.Text); Session["Sex"] = AntiXss.HtmlEncode(sex.SelectedValue); Session["phone"] = AntiXss.HtmlEncode(phone.Text); Session["cellphone"] = AntiXss.HtmlEncode(cellphone.Text); Session["address"] = AntiXss.HtmlEncode(address.Text); Session["email"] = AntiXss.HtmlEncode(email.Text); Response.Redirect("~/member/mem_updateOK.aspx"); } else { Response.Write("<script>alert('會員資料修改失敗!');</script>"); } } catch (Exception ex) { ex.ToString(); } }
protected override bool LoadPostData(string postDataKey, NameValueCollection postCollection) { bool res = base.LoadPostData(postDataKey, postCollection); Value = AntiXss.GetSafeHtmlFragment(Value.Replace("<", "<").Replace(">", ">").Replace("&", "&")); return(res); }
private void BindSummary() { // general litHostname.Text = txtVmName.Text.Trim(); // litHostname.Text = AntiXss.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim())); litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text; litSummaryEmail.Text = AntiXss.HtmlEncode(txtSummaryEmail.Text.Trim()); SummSummaryEmailRow.Visible = chkSendSummary.Checked; // config litCpu.Text = AntiXss.HtmlEncode(ddlCpu.SelectedValue); litRam.Text = AntiXss.HtmlEncode(txtRam.Text.Trim()); litHdd.Text = AntiXss.HtmlEncode(txtHdd.Text.Trim()); litSnapshots.Text = AntiXss.HtmlEncode(txtSnapshots.Text.Trim()); optionDvdInstalled.Value = chkDvdInstalled.Checked; optionBootFromCd.Value = chkBootFromCd.Checked; optionNumLock.Value = chkNumLock.Checked; optionStartShutdown.Value = chkStartShutdown.Checked; optionPauseResume.Value = chkPauseResume.Checked; optionReboot.Value = chkReboot.Checked; optionReset.Value = chkReset.Checked; optionReinstall.Value = chkReinstall.Checked; // external network optionExternalNetwork.Value = chkExternalNetworkEnabled.Checked; // private network optionPrivateNetwork.Value = chkPrivateNetworkEnabled.Checked; litPrivateNetworkVLanID.Text = ddlPrivateVLanID.SelectedValue; }
/// <summary> /// Renders the contents of the control to the specified writer /// </summary> /// <param name="writer">A HtmlTextWriter that represents the output stream to render /// HTML content on the client.</param> protected override void RenderContents(HtmlTextWriter writer) { if (this.LastIdentifierValid) { writer.Write(AntiXss.HtmlEncode(this.Text)); } }
private void SaveAddon() { if (!Page.IsValid) { return; } // gather form data PackageAddonInfo addon = new PackageAddonInfo(); addon.PackageAddonId = PanelRequest.PackageAddonID; addon.PackageId = PanelSecurity.PackageId; addon.Comments = txtComments.Text; addon.PlanId = Utils.ParseInt(ddlPlan.SelectedValue, 0); addon.StatusId = Utils.ParseInt(ddlStatus.SelectedValue, 0); addon.PurchaseDate = PurchaseDate.SelectedDate; addon.Quantity = Utils.ParseInt(txtQuantity.Text, 1); if (PanelRequest.PackageAddonID == 0) { // add a new package addon try { PackageResult result = ES.Services.Packages.AddPackageAddon(addon); if (result.Result < 0) { ShowResultMessage(result.Result); lblMessage.Text = AntiXss.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas)); return; } } catch (Exception ex) { ShowErrorMessage("PACKAGE_ADD_ADDON", ex); return; } } else { // update existing package addon try { PackageResult result = ES.Services.Packages.UpdatePackageAddon(addon); if (result.Result < 0) { ShowResultMessage(result.Result); lblMessage.Text = AntiXss.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas)); return; } } catch (Exception ex) { ShowErrorMessage("PACKAGE_UPDATE_ADDON", ex); return; } } RedirectBack(); }
public ActionResult EditHtmlPage(long portfolioEntryId, string title, string html) { Company.Update_Html_Page(portfolioEntryId, title, AntiXss.GetSafeHtmlFragment(html)); DbContext.SaveChanges(); return(Redirect(string.Format("/{0}/Edit?Message={1}#Portfolio{2}", LoggedInAccount.Username, MessageCodes.PORTFOLIO_ENTRY_SAVED, portfolioEntryId))); }
private void ExportLog() { // build HTML DataTable dtRecords = ES.Services.AuditLog.GetAuditLogRecordsPaged(PanelSecurity.SelectedUserId, PanelSecurity.PackageId, PanelRequest.ItemID, txtItemName.Text.Trim(), DateTime.Parse(litStartDate.Text), DateTime.Parse(litEndDate.Text), Utils.ParseInt(ddlSeverity.SelectedValue, 0), ddlSource.SelectedValue, ddlTask.SelectedValue, "StartDate ASC", 0, Int32.MaxValue).Tables[1]; StringBuilder sb = new StringBuilder(); // header sb.AppendLine("Started,Finished,Severity,User-ID,Username,Source,Task,Item-Name,Execution-Log"); foreach (DataRow dr in dtRecords.Rows) { // Started sb.AppendFormat("\"{0}\",", dr["StartDate"].ToString()); // Finished sb.AppendFormat("\"{0}\",", dr["FinishDate"].ToString()); // Severity sb.AppendFormat("\"{0}\",", GetAuditLogRecordSeverityName((int)dr["SeverityID"])); // User-ID sb.AppendFormat("\"{0}\",", dr["UserID"]); // Username sb.AppendFormat("\"{0}\",", dr["Username"]); // Source sb.AppendFormat("\"{0}\",", GetAuditLogSourceName((string)dr["SourceName"])); // Task sb.AppendFormat("\"{0}\",", AntiXss.HtmlEncode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"]))); // Item-Name sb.AppendFormat("\"{0}\",", AntiXss.HtmlEncode(dr["ItemName"].ToString())); // Execution-Log string executionLog = FormatPlainTextExecutionLog( dr["ExecutionLog"].ToString(), DateTime.Parse(dr["StartDate"].ToString())); // executionLog = executionLog.Replace("\"", "\"\""); // sb.AppendFormat("\"{0}\"", executionLog); sb.AppendLine(); } string cleanedPeriod = litPeriod.Text.Replace(" ", "").Replace("/", "-").Replace(",", "-"); string fileName = "WSP-AuditLog-" + cleanedPeriod + ".csv"; Response.Clear(); Response.AddHeader("Content-Disposition", "attachment; filename=" + fileName); Response.ContentType = "application/ms-excel"; Response.Write(sb.ToString()); Response.End(); }
public void RenderMessage(MessageBoxType messageType, string message, string description, Exception ex, params string[] additionalParameters) { this.Visible = true; // show message // set icon and styles string boxStyle = "MessageBox Green"; if (messageType == MessageBoxType.Warning) { boxStyle = "MessageBox Yellow"; } else if (messageType == MessageBoxType.Error) { boxStyle = "MessageBox Red"; } tblMessageBox.Attributes["class"] = boxStyle; // set texts litMessage.Text = message; litDescription.Text = !String.IsNullOrEmpty(description) ? String.Format("<br/><span class=\"description\">{0}</span>", description) : ""; // show exception if (ex != null) { // show error try { // technical details litPageUrl.Text = AntiXss.HtmlEncode(Request.Url.ToString()); litLoggedUser.Text = PanelSecurity.LoggedUser.Username; litSelectedUser.Text = PanelSecurity.SelectedUser.Username; litPackageName.Text = PanelSecurity.PackageId.ToString(); litStackTrace.Text = ex.ToString().Replace("\n", "<br/>"); // send form litSendFrom.Text = PanelSecurity.LoggedUser.Email; if (!String.IsNullOrEmpty(PortalUtils.FromEmail)) { litSendFrom.Text = PortalUtils.FromEmail; } //litSendTo.Text = this.PortalSettings.Email; litSendTo.Text = PortalUtils.AdminEmail; litSendCC.Text = PanelSecurity.LoggedUser.Email; litSendSubject.Text = GetLocalizedString("Text.Subject"); } catch { /* skip */ } } else { rowTechnicalDetails.Visible = false; } }
public static string CleanText(this string s) { if (s == null) { return(null); } return(AntiXss.HtmlEncode(s)); }
protected void Page_Load(object sender, EventArgs e) { var federatedLoginLink = (HyperLink)LoginViewControl.FindControl("LoginLink"); if (federatedLoginLink != null) { federatedLoginLink.NavigateUrl = "~/login?ReturnUrl=" + AntiXss.UrlEncode(Request.Path); } }
public ActionResult AddHtmlPage(FormCollection coll) { var portfolio = Company.Add_Html_Page(AntiXss.GetSafeHtmlFragment(coll["AddPortfolioHtmlTitle"]), AntiXss.GetSafeHtmlFragment(coll["AddPortfolioHtml"])); DbContext.SaveChanges(); return(Redirect(string.Format("/{0}/Edit?Message={1}#Portfolio{2}", LoggedInAccount.Username, MessageCodes.PORTFOLIO_ENTRY_SAVED, portfolio.Id))); }
public static string CleanHtml(this string s) { //AntiXss library from Microsoft //(http://antixss.codeplex.com) string encodedText = AntiXss.HtmlEncode(s); //convert line breaks into an html break tag return(encodedText.Replace(" ", "<br />")); }
public ActionResult Create(FormViewModel viewModel) { //TODO: With the complexity of what we're sending back in the viewModel, the ModelState.IsValid breaks down ... need to re-evaluate //if (ModelState.IsValid) //{ var user = Membership.GetUser(User.Identity.Name); var newForm = _mvcForms.Forms.CreateObject(); newForm.Uid = Guid.NewGuid(); newForm.UserId = (Guid)user.ProviderUserKey; newForm.ShortPath = RandomString(5); newForm.FormName = viewModel.Form.FormName; newForm.Timestamp = DateTime.Now; _mvcForms.AddToForms(newForm); var sortOrder = 1; foreach (var formField in viewModel.FormFields) { var thisField = formField; var thisFormFieldUid = new Guid(formField.SelectedFormFieldType); var newFormField = _mvcForms.FormFields.CreateObject(); newFormField.FormUid = newForm.Uid; newFormField.Uid = Guid.NewGuid(); newFormField.FormFieldTypeUid = thisFormFieldUid; newFormField.FormFieldName = AntiXss.GetSafeHtmlFragment(thisField.FormFieldName.PreserveBreaks()).KillHtml().RestoreBreaks(); newFormField.FormFieldPrompt = AntiXss.GetSafeHtmlFragment(thisField.FormFieldPrompt.PreserveBreaks()).KillHtml().RestoreBreaks(); newFormField.IsHidden = 0; newFormField.IsRequired = Convert.ToByte(thisField.IsRequired); newFormField.SortOrder = sortOrder++; newFormField.Timestamp = DateTime.Now; //TODO: Not sure if this is per field type, but it shouldn't matter if validation works and nulls don't matter newFormField.Options = AntiXss.GetSafeHtmlFragment(thisField.Options.PreserveBreaks()).KillHtml().RestoreBreaks(); newFormField.Orientation = thisField.Orientation; newFormField.IsMultipleSelect = Convert.ToByte(thisField.IsMultipleSelect); newFormField.ListSize = thisField.ListSize; newFormField.IsEmptyOption = Convert.ToByte(thisField.IsEmptyOption); newFormField.EmptyOption = thisField.EmptyOption; newFormField.Rows = thisField.Rows; newFormField.Cols = thisField.Cols; newFormField.ValidExtensions = AntiXss.GetSafeHtmlFragment(thisField.ValidExtensions.PreserveBreaks()).KillHtml().RestoreBreaks(); newFormField.ErrorExtensions = AntiXss.GetSafeHtmlFragment(thisField.ErrorExtensions.PreserveBreaks()).KillHtml().RestoreBreaks(); newFormField.MaxSizeBytes = thisField.MaxSizeBytes; newFormField.LiteralText = AntiXss.GetSafeHtml(thisField.LiteralText); _mvcForms.AddToFormFields(newFormField); } _mvcForms.SaveChanges(); return(RedirectToAction("List", new { Message = "created" })); //} //Rebuild the select lists then return on invalid model state foreach (var formField in viewModel.FormFields) { formField.FormFieldTypes = GetFormFieldTypes(); } return(View(viewModel)); }
private void SaveSettings() { if (!Page.IsValid) { return; } try { int result = ES.Services.ExchangeServer.SetMailboxGeneralSettings( PanelRequest.ItemID, PanelRequest.AccountID, txtDisplayName.Text, password.Password, chkHideAddressBook.Checked, chkDisable.Checked, txtFirstName.Text, txtInitials.Text, txtLastName.Text, txtAddress.Text, txtCity.Text, txtState.Text, txtZip.Text, country.Country, txtJobTitle.Text, txtCompany.Text, txtDepartment.Text, txtOffice.Text, manager.GetAccount(), txtBusinessPhone.Text, txtFax.Text, txtHomePhone.Text, txtMobilePhone.Text, txtPager.Text, txtWebPage.Text, txtNotes.Text); if (result < 0) { messageBox.ShowResultMessage(result); return; } // update title litDisplayName.Text = AntiXss.HtmlEncode(txtDisplayName.Text); messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_MAILBOX_SETTINGS"); } catch (Exception ex) { messageBox.ShowErrorMessage("EXCHANGE_UPDATE_MAILBOX_SETTINGS", ex); } }
private void SaveSettings() { if (!Page.IsValid) { return; } try { int result = ES.Services.ExchangeServer.SetContactGeneralSettings( PanelRequest.ItemID, PanelRequest.AccountID, txtDisplayName.Text, txtEmail.Text, chkHideAddressBook.Checked, txtFirstName.Text, txtInitials.Text, txtLastName.Text, txtAddress.Text, txtCity.Text, txtState.Text, txtZip.Text, country.Country, txtJobTitle.Text, txtCompany.Text, txtDepartment.Text, txtOffice.Text, manager.GetAccount(), txtBusinessPhone.Text, txtFax.Text, txtHomePhone.Text, txtMobilePhone.Text, txtPager.Text, txtWebPage.Text, txtNotes.Text, Utils.ParseInt(ddlMAPIRichTextFormat.SelectedValue, 2 /* UseDefaultSettings */)); if (result < 0) { messageBox.ShowResultMessage(result); return; } litDisplayName.Text = AntiXss.HtmlEncode(txtDisplayName.Text); messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_CONTACT_SETTINGS"); } catch (Exception ex) { messageBox.ShowErrorMessage("EXCHANGE_UPDATE_CONTACT_SETTINGS", ex); } }
private void BindGroupings() { DataSet dsSpaces = ES.Services.Packages.GetNestedPackagesSummary(PanelSecurity.PackageId); // all customers lnkAllSpaces.Text = AntiXss.HtmlEncode(String.Format("All Spaces ({0})", dsSpaces.Tables[0].Rows[0]["PackagesNumber"])); // by status repSpaceStatuses.DataSource = dsSpaces.Tables[1]; repSpaceStatuses.DataBind(); }
protected void ShowAllProducts() { string connectionString = ConfigurationManager.ConnectionStrings["localConnection"].ConnectionString; string queryString = "select * from Products;"; //Response.Write(queryString); //this.lblProductResult.Visible = true; this.lblProductResult.Text = "Showing all products..."; this.literalResults.Text = ""; try { using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand command = new SqlCommand(queryString, connection); command.Connection.Open(); SqlDataReader dataReader = command.ExecuteReader(); if (dataReader.HasRows) { string data = "<table border=\"1\" style=\"width:100%;\">"; data += "<tr bgcolor=\"#0066CC\" style=\"color: #FFFFFF\"><td>ID</td><td>Name</td><td>Description</td><td>Price</td></tr>"; //Response.Write(table); while (dataReader.Read()) { data += "<tr>"; data += "<td>" + dataReader["ID"].ToString() + "</td>"; //data += "<td>" + Server.HtmlEncode(dataReader["Name"].ToString()) + "</td>"; data += "<td>" + AntiXss.HtmlEncode(dataReader["Name"].ToString()) + "</td>"; //data += "<td>" + Server.HtmlEncode(dataReader["Description"].ToString()) + "</td>"; data += "<td>" + AntiXss.HtmlEncode(dataReader["Description"].ToString()) + "</td>"; data += "<td>" + dataReader["Price"].ToString() + "</td></tr>"; //Response.Write(data); } //Response.Write("</table>"); data += "</table>"; //Response.Write(data); this.literalResults.Text = data; } else { this.lblProductResult.Text = "No product found!"; } dataReader.Close(); command.Connection.Close(); } } catch (Exception ex) { Response.Write(ex.ToString()); this.lblProductResult.Text = "No product found;"; } }
public void AlertAndRedirect2(string msg, string url) { string script = string.Format(@" <SCRIPT LANGUAGE='javascript'><!-- alert({0}); top.location.href=""{1}""; //--></SCRIPT> ", AntiXss.JavaScriptEncode(msg), url); this.ClientScript.RegisterStartupScript(this.GetType(), "AlertAndRedirect2", script); }
private void ShowError(Control placeholder, string message) { Label lbl = new Label(); lbl.Text = AntiXss.HtmlEncode("<div style=\"height:300px;overflow:auto;\">" + message.Replace("\n", "<br>") + "</div>"); lbl.ForeColor = Color.Red; lbl.Font.Bold = true; lbl.Font.Size = FontUnit.Point(8); placeholder.Controls.Add(lbl); }
/// <summary> /// Renders the contents of the control to the specified writer /// </summary> /// <param name="writer">A HtmlTextWriter that represents the output stream to render /// HTML content on the client. </param> protected override void RenderContents(HtmlTextWriter writer) { string displayValue = this.DisplayValue; if (displayValue.Length > 0) { writer.Write(AntiXss.HtmlEncode(this.DisplayValue)); } else { writer.Write(" "); } }
private void BindSummary() { // general litHostname.Text = AntiXss.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim())); litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text; litSummaryEmail.Text = AntiXss.HtmlEncode(txtSummaryEmail.Text.Trim()); SummSummaryEmailRow.Visible = chkSendSummary.Checked; // config litCpu.Text = AntiXss.HtmlEncode(ddlCpu.SelectedValue); litRam.Text = AntiXss.HtmlEncode(txtRam.Text.Trim()); litHdd.Text = AntiXss.HtmlEncode(txtHdd.Text.Trim()); litSnapshots.Text = AntiXss.HtmlEncode(txtSnapshots.Text.Trim()); optionDvdInstalled.Value = chkDvdInstalled.Checked; optionBootFromCd.Value = chkBootFromCd.Checked; optionNumLock.Value = chkNumLock.Checked; optionStartShutdown.Value = chkStartShutdown.Checked; optionPauseResume.Value = chkPauseResume.Checked; optionReboot.Value = chkReboot.Checked; optionReset.Value = chkReset.Checked; optionReinstall.Value = chkReinstall.Checked; // external network optionExternalNetwork.Value = chkExternalNetworkEnabled.Checked; SummExternalAddressesNumberRow.Visible = radioExternalRandom.Checked && chkExternalNetworkEnabled.Checked; litExternalAddressesNumber.Text = AntiXss.HtmlEncode(txtExternalAddressesNumber.Text.Trim()); SummExternalAddressesListRow.Visible = radioExternalSelected.Checked && chkExternalNetworkEnabled.Checked; List <string> ipAddresses = new List <string>(); foreach (ListItem li in listExternalAddresses.Items) { if (li.Selected) { ipAddresses.Add(li.Text); } } litExternalAddresses.Text = AntiXss.HtmlEncode(String.Join(", ", ipAddresses.ToArray())); // private network optionPrivateNetwork.Value = chkPrivateNetworkEnabled.Checked; SummPrivateAddressesNumberRow.Visible = radioPrivateRandom.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null); litPrivateAddressesNumber.Text = AntiXss.HtmlEncode(txtPrivateAddressesNumber.Text.Trim()); SummPrivateAddressesListRow.Visible = radioPrivateSelected.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null); string[] privIps = Utils.ParseDelimitedString(txtPrivateAddressesList.Text, '\n', '\r', ' ', '\t'); litPrivateAddressesList.Text = AntiXss.HtmlEncode(String.Join(", ", privIps)); }
private void SaveSpace() { if (!Page.IsValid) { return; } // gather form data PackageInfo package = new PackageInfo(); // load package for update if (PanelSecurity.PackageId > 0) { package = ES.Services.Packages.GetPackage(PanelSecurity.PackageId); } package.PackageId = PanelSecurity.PackageId; package.PackageName = Server.HtmlEncode(txtName.Text); package.PackageComments = Server.HtmlEncode(txtComments.Text); package.PlanId = Utils.ParseInt(ddlPlan.SelectedValue, 0); package.PurchaseDate = PurchaseDate.SelectedDate; package.OverrideQuotas = rbPackageQuotas.Checked; if (package.OverrideQuotas) { package.Groups = editPackageQuotas.Groups; package.Quotas = editPackageQuotas.Quotas; } try { // update existing package PackageResult result = ES.Services.Packages.UpdatePackage(package); if (result.Result < 0) { ShowResultMessage(result.Result); lblMessage.Text = AntiXss.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas)); return; } } catch (Exception ex) { ShowErrorMessage("PACKAGE_UPDATE_PACKAGE", ex); return; } // return RedirectSpaceHomePage(); }