Like the title, when user input the password, I want to change the input method to English status automatically.
There is a bug in the picture, when user input the password, and the input method is not English status, it may expose user password.
Related
I am trying to input email and password into PayPal (sandbox mode) using my Robot Framework script. This is a snippet of my code:
input text login_email ${email}
input text login_password ${password}
login_email is the name of the input field for the email and login_password is for the password.
I am passing the email in the ${email} argument and the password in the ${password} argument.
This doesn't seem to work for some reason. I keep getting this error:
InvalidElementStateException: Message: Element is not currently interactable and may not be manipulated
The email and password field for PayPal are generated upon the loading of the page. Can that be a reason why they are not accessible? Can anybody help me identify what am I doing wrong here?
As Correctly said by Ofer Steinberg , try to find the XPATH manually
Also, add a wait point until that item is visible and the enter name and password
as many times item is present and hidden due to which it says item not interactable.
It seems you have there a 'not constant' id (or similar..).
I had this problem, and the solution was to change the input path from id to xpath.
Moreover, try to inspect the paths manually in 'guest mode' (I guess you using chrome), it should show that page source more accurately since the selenium running by it.
I have a form in Application Express where I let the user edit their details, update their password etc.
I would like to use the usual method of having the user type in their password twice and make sure the two passwords are typed identically so I can be sure they have have not made a mistake typing.
However, since both elements are form fields on the same page I can't see a way to compare them. Any direction would be appreciated.
If you are okay with checking they are identical during the submit you can simply do this in a page validation.
Let's say you have P1_NEW_PASSWORD and P1_NEW_PASSWORD_CONFIRM.
Then in the page processing box expand 'Validating', right click 'Validations' and choose 'Create'.
Choose 'Page Item', P1_NEW_PASSWORD, choose a name and as validation type choose 'PL/SQL', then 'PL/SQL Expression'. Enter :P1_NEW_PASSWORD = :P1_NEW_PASSWORD_CONFIRM as Validation Code, and choose an error message. Now create your validation.
Now when you try to submit the page and the passwords don't match, you will get an error message.
I have read this: https://developer.apple.com/library/mac/documentation/security/conceptual/SecureCodingGuide/Articles/ValidatingInput.html
However, I am unclear on how to avoid format String attacks with user entered data when using NSString +stringWithFormat:.
The way this vulnerability is exploited is by accepting a format string from a user.
For example, take this code. You have a simple view with a button and a text field, allowing user input to be NSLogged.
- (void)buttonTouchUpInside:(UIButton *)button
{
NSLog(#"User says:");
NSLog(self.userInputTextField);
}
What will happen if the user types crash! %# into the box and and taps the button? Well, they'll probably get a crash. But as the linked article explains, the user can use this attack vector to manipulate the stack and cause your application to execute arbitrary code. What if this string came in from an internet-based attacker?
You should never allow user input to be used as a format string. The secure way to write this code is as follows.
- (void)buttonTouchUpInside:(UIButton *)button
{
NSLog(#"User says: %#", self.userInputTextField);
}
This way, if the user types crash! %#, you'll see this printed:
User says: crash! %#
My website has automatic email to users and there is some dynamic fields in email text. I mean, it automatically extract name family and prefix of each user and send it them.
for example:
dear prefix name family: ->
dear Dr John Smith:
you account is active.
Now i want to add the capability of editing this email context to admin part. The problem is some fields are dynamic. my code is like this:
bodyMsg.Append( " Dear "+prefix+name+family+", thank you for accepting our request.Your username is your email and here is your Password :" + password);
As you see, name, family, prefix and password are dynamically change. Now admin needs to edit email context. He should do that from his control panel in a Rad Editor. For example change the place of name or family in email context.
What i need is when admin used key words such as prefix, name or family the system detect the dynamic fields. and the email edited with dynamic fields place.
can any body help me?
thanks
Last time I had to do something similar, I let them use predefined template-words in their text.
"Dear {prefix} {name} {family}, thank you for accepting....".
Afterwards I replaced the template-words in the text with the values.
EDIT
We do this stuff with mailtemplates that needs to be sent by an app.
The templates are created by someone and stored in the database.
They've got documentation with a list of dynamic fields they can use in the mailtemplate, like in the example below: {ReplaceWithName}.
In my app I'll replace those dynamic fields with the appropriate data:
Person person = GetPersonInfo(); //Gets the information of the person
string body = GetBodyFromDatabase(); //Retreives the created mailtemplate
body = body.Replace("{ReplaceWithName}", (person.Firstname + " " + person.Lastname)); //Do this for each dynamic field
mailMessage.Body = body;
This will of course put some responsibility to the user that creates those templates.
I am still searching StackOverFlow as well as the innertubes but have not found an example of what I need to do.
If an user has forgotten their password and they correctly answer their reminder question, the user is shown two form fields for entering a new password; Not Emailing or displaying a random generated password.
If the user calls the support center, an admin can change the password, the reminder question and the answer.
Thanks,
James
just use this code:
var user = Membership.GetUser(username);
user.ChangePassword(user.ResetPassword(), newPassword);
this simply first resets the password and then changes it to the new password, you don't need to know the reseted intermediate password