.HTA file source code displayed - hta

I have written the script in a .hta file and saved it on an apache server.
Then I hit the appropriate url stating the hta file.
In IE8 the file is executed and prompts for open, save, saveas.
But in Mozilla and chrome the content of the hta file is displayed in the browser

Have you configured the mime type for HTA correctly in Apache (it ought to be application/hta)?
IE 8 is probably compensating, but, Chrome and Firefox probably have no idea what it is. With the correct mime type being set in Apache, then, Chrome and Firefox will more likely react in the way you expect it to.

Related

Icons/images not loaded in IE after adding “X-Content-Type-Options: nosniff” in web.config file

I am using ASP.NET platform to create a web page. Inside the page i have used some images/icons. For security purpose i have used “X-Content-Type-Options: nosniff” in web.config file. When i deploy the web page in IE, some of the images/icons isn't rendered. But, the same page working fine in Firefox and Chrome.
When i remove the statement “X-Content-Type-Options: nosniff” from web.config everything is working fine in IE. But, for security purpose i must use that statement. At the same time the missing images/icons need to be rendered in IE.
So, can anyone help me how to fix the issue with the statement “X-Content-Type-Options: nosniff".
Thanks in advance,
The nosniff only applies to "script" and "style" types. Also applying nosniff to images turned out to be incompatible with existing web sites.
So "X-Content-Type-Options nosniff" would bypass the problem for images and here comes the browser role which fail to render the image if the type mentioned by the server is not matching the real file extension.
Refer to:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options.
and this:
https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx
IE uses MIME information to determine how to handle files sent by a Web server. For example, when Windows Internet Explorer receives a .jpg file, the user sees the file in an Windows Internet Explorer window. The MIME Handling Restrictions feature helps prevent script injection attacks against Web servers by ensuring that any content delivered with an IMAGE MIME is not treated as HTML or XML.
https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/dd565640(v=vs.85)
Add following line before saving bitmap
Response.ContentType = "image/gif";

Chrome and Firefox displaying different stylesheets

When I make an edit to the stylesheet of my site, the change appears in Chrome (I load the CSS file in the browser, so I can see the edit is there). When I open the CSS file in Firefox, the edit is not there. I understand browsers will render code differently, but how is it possible that two browsers can open the same CSS file and display two different sets of code?
I tried:
deleting Firefox's cache and restarting the program
deleting the old stylesheet via FTP and uploading an edited one
I checked if the site had a CDN that was perhaps serving the old
file, but the site has no CDN.

CSS changes automatically applied on local IIS pages

I'm hosting an ASP.NET website on Local IIS (not IIS Express), and as soon as I save a change to a .css file in Visual Studio, the change immediately appears in browser windows that use that file (or after mousing over the window in Chrome), without clearing caches and refreshing.
Why do the changes appear immediately?
Opening the .css file itself (not a page using the file) in the browser shows a more expected result: saving the file in Visual Studio does not change what I see in the browser until I refresh the .css file.
As it turns out, I had Browser Link enabled in Visual Studio, and with it, CSS Auto-Sync. This opens up a port on the local machine and uses SignalR to communicate with the browser window about 400 times per second, including any CSS changes needed.
For more information, see these topics:
.net localhost website consistently making get arterySignalR/poll?transport=longPolling&connectionToken= calls
How can I disable __vwd/js/artery in VS.NET 2013?
This probably happens due to caching. when you open the css itself, it retrieves a new copy from the server, but when you open a page that uses the css file, the css file is being cached as the page's resource and the browser just shows the cached resources until you force it to reload them.
a trick i learned to fix the issue, is to link the css file to the aspx page and include a random query string to the linking, that way it tricks the browser to think that its a new resource and reload it from the server anyway.
like this:
<link href="../stylesheets/MyCSS.css?<%=DateTime.Now%>"
rel="stylesheet" type="text/css" />
we use the aspx preprocessor directive <%=DateTime.Now%> to append the current time as a query string, to ensure the link is always different.
Dont forget the question mark between the css filename and the preprocessor directive

Style rule in chrome debugger

Here is picture in chrome:
I just woder what does user stylesheet mean here. The case is that I am 100% sure that these classes does not exists in my stylesheets (it was before). I thought It comes from cache but it remains even after cache is cleared. Any ideas? Thanks.
First of all, read this definition of what a user style sheet is. It is an extra stylesheet to help you (the user) browse the web. Hence if you prefer certain CSS settings over what the web page designer intended, you can overrule those settings with your own.
This user stylesheet that you found, may therefore just be a local CSS file on your pc.
Therefore we need to know: where did you find that .CSS file?
If the same file is in this location:
PC: C:UsersYourUsernameAppDataLocalGoogleChromeUser DataDefaultUser StyleSheetsCustom.css
MAC: ~/Library/Application Support/Google/Chrome/Default/User StyleSheets/Custom.css
Then the answer is:
The file above is, as it sounds, a CSS file that you can modify and add your own custom styles to, to change the look and feel of your Google Chrome Web Inspector.
Which means that with that specific stylesheet you can change the look of your Google Chrome Web Inspector.
So it has nothing to do with the website you are inspecting, only with how your web inspector looks (it is built with HTML, CSS and JavaScript).
You can read about it here. (Google Chrome version 33 does not feature custom stylesheets)
It could also very well be the case that Google Chrome implements some other user stylesheet that is stored somewhere else on your pc (but I wouldn't know where exactly).
Note that the inspector also shows user agent stylesheets which is the default stylesheet that your browser implements. You can read about those in this question: What is user agent stylesheet
It is possible that the http server itself has cached the previous version of the file and is serving it.
Reload and check the headers in the Network tab, so you can get the full picture. Or if you are using development environment, you can restart the server - just to be sure.

PNG, Why is visual studio making me download PNG files?

i write and my page loads it find. When i click on the link instead of having the image show on screen it promps me to download it. Why? How can i make it display in the browser? gif and jpg both display in the browser.
-edit- i am using FireFox 3.5 there is no code that serves it, its just a link and the file exist in my folder. The link is like http://localhost:1737/a/b/file.png. IE 8 displays the png w/o making me download. I havent tried with other browsers but surely i click on direct png link in firefox on every site mine (in VS) should act the same.
If you're fetching it with HTTP, then there is a web server serving it. Look at the MIME-type when its returned, is that set correctly?
Telnet to localhost on port 1737 (not sure the syntax on Windows but IIRC try telnet localhost 1737) and type:
GET /a/b/file.png HTTP/1.0
Followed by two returns. Look at the Content-Type: field in the header. If it's not something like image/png you have a problem serving it. Firefox may have been guessing from the file name.

Resources