Is it posible to convert an ASP app to ASP.NET? I prefer to work with Visual Studio, in ASP.NET rather than just ASP. I need to do this because I'm stuck trying to watch an ASP page, as I don´t know how to work with ASP, I'm trying to see the code of ASP (classic ASP) in Visual Studio, maybe I need to make some changes, but I don´t know what the changes are. I did several changes in my app, like put a button to select and unselect checkboxes, but I can´t see any change or image, this way to works is different that the way I'm use to it, well,it's supossed this code works, (the problem is I can´t see any change):
<td align="center" colspan="3">
<input type="button" name="btn_seleccionar_todo" value="Seleccionar todo" onclick="javascript:marcar(this.form);">
</td>
<td align="center" colspan="3">
<input type="button" name="btn_desseleccionar_todo" value="Seleccionar todo" onclick="javascript:desmarcar(this.form);">
</td>
function marcar()
{
for (i=0;i<form.usuarios.options.length;i++)
{
form.usuarios.options[i].checked=true;
}
}
function desmarcar()
{
for(i=0;i<form.usuarios.options.length;i++)
{
form.usuarios.options[i].checked=false;
}
}
Switching fundamental technologies is a huge undertaking and not to be taken lightly. You definitely shouldn't approach it as a simple translation of VBScript into C#... you need to rewrite the entire thing using the newly selected technology idiomatically. Its like using Google translate to communicate via email or chat with someone who speaks a different language - it could work, but not really very well.
Related
Should I use ASP elements with a runat="server" attribute or an HTML form?
It seems like using ASP tags such as <asp:TextBox> is much more comfortable since I don't have to redirect the user to another page on a form submition, but also from what I've seen, it seemed like HTML forms are the more accepted way. I was starting to wonder if using ASP elements increases server load or has any other disadvantage?
In case I should use ASP elements, how do I validate the input with Javascript before sending it to the server?
In case I should use HTML forms, how do I not redirect the user on submition and also not run the server code on page load?
You can easily use the HTML5 input type in Web Forms by adding the runat="server" attribute, so that it can be accessed on the server-side:
<label for="name">Name:</label>
<input type="text" id="name" name="name" required
minlength="4" maxlength="8" size="10" runat="server">
Note, on the server-side you will access it via the Value property of the input element, not with the Text property of a typical ASP.NET textbox control.
Contrary to what a lot of people think, ViewState only ever becomes a problem when people do silly things like nesting data-bound controls, in which case it can become bloated very quickly.
Not sure what you're asking regarding validation... but you still have options like this on both client and server. If you're working with an existing Web Forms project, I would stick with regular ASP.NET controls and keep it simple. This way, you can have out-of-the-box validation on both client and server.
In VS 2013 have opened an asp classic project and for example here is a source code from it:
CASE "WSF_LAST"
call lastname()
I have always clicked F12 on the method name and it goes to the source code of that method but I have never seen or worked on asp classic project and it does nothing when I F12 it.
If I do a search-all on lastname() the other thing I find is this:
<%sub LastName()%>
<tr>
<td width="1%" align="right" class="inputboxeslabel" nowrap> Last/Inst Name </td>
<td width="99%"><input type="text" name="PhysicianName" size="20" maxlength="35" value="<%=PN%>"></td>
</tr>
<%END Sub
So where is finally the code is coming from?
You've found it... that right there is the Subroutine definition. It's not recommended practice to do it quite like this, but it is what it is. More appropriate to define a function and either Response.Write or return the HTML you see above. Jumping in and out of ASP in the middle of a Sub is difficult to read.
I'm making a web app using ASP.NET MVC 4.
It lets people upload files.
I want to list all the files from a user with a link to open/download each file.
I have the virtual path to each file (e.g. :~/Folder/file.txt), how can I generate the link with razor?
I tried with #Href but it doesn't render anything, same thing with #Url.Content.
I tried also without using razor but I don't think it's a good way...
Your help would be welcome! Thanks!
I don't know why #Href didn't work but it's the way to do it!
Here is a sample code:
#foreach (var s in Model)
{
<tr>
<td>#s.Id.ToString()</td>
<td>#s.Title</td>
<td>
#if (s.FilePath!= null && s.FilePath!= "")
{
link
}
</td>
</tr>
}
I have been told to find a fix to Cross Site Scripting (XSS) in some of my bank old .asp pages.
I did some research on the subject, but I didn't find an answer to my problem. It's the first time I heard about XSS and the first time I am looking at ASP (although the page has nothing but HTML) and I haven't been into web design for about 2 years now, so I am very very rusty.
So for example, I have this form
<form method="POST" id="CH" name="CH" action="http://some_url/some.asp">
<input type="hidden" name="srv" value="1" ID="srv"/>
<TABLE border="0" cellpadding="0" cellspacing="0" width="100%" align="center">
<TR valign="top">
<TR>
<TD align="center">Input something here
<input name="input_something" type="text" class="field-no-fit" maxlength="12" value="">
</TD>
</TR>
</TR>
</TABLE>
</form>
If I manually input the URL (which contains this form) as
http://this_url/this.asp?1=%22%3E%3Cscript%3Ealert%28HelloWorld%29%3C/script%3E%3Cimg%20alt=%22%22%20src=%22
the page will load and then it will throw a javascript alert and display an error image.
My goal is to stop scripts from running when opening the page.
I read about Server.HTMLEncode but can't find a way to use it to stop the script from running at page load.
Thanks in advance!
EDIT: Will I be able, at least partially, to work around it if I replace the input's value with:
"<%= Server.HTMLEncode(Request("input_something"))%>"
I cannot test it, since, currently, I have no access to IE6, and all the other browsers (including IE>6 versions) avoid the error (already disabled XSS Filter in the Security tab, but it does not work)
i do not think that has anything to do with the browser?
you obviously write the content of a querystring parameter directly on your page like so:
<%=Request.QueryString("1")%>
that is bad.
as you already have found out you should use
server.htmlencode( Request.QueryString("1") )
everywhere on your pages where you write user input directly on the page.
that should do the trick
also have a look here
(I do not know much about ASP) You may be able get an easy fix by enabling ASP request validation. As with any behaviour changes, a number of things can break on other pages (although this would be surprising), so test the the change first. See Step 1 in http://msdn.microsoft.com/en-us/library/bb355989.aspx
Your server is filling in all tags on the page, including the hidden "srv" input, from URL parameters, with no filtering for HTML tags, which then get pasted into the page. You can limit this form to respond to POST only, not GET method, then your example attack will not work. This is probably the easiest and most harmless fix.
Finally, look if you can set cookie attribute for whatever cookie is used to track sessions to HTTPOnly.
A very long read on all possible measures you can use is at http://msdn.microsoft.com/en-us/library/ms998274.aspx
I'm stumped by a seemingly simple problem. In my ASP.NET page, I have a table which has a few rows that need to be shown or hidden conditionally from the back end. Sounds simple, right?
What I tried is something like this in the front-end code:
<table>
<tr>
<td id="demorow1">
<p>This row always shows up!</p>
</td>
</tr>
<tr id="conditionalrow" runat="server">
<td id="formoptionsrow">
<!-- This row contains a number of form elements that should only SOMETIMES be shown, as determined by the back-end code. -->
</td>
</tr>
</table>
And in the code-behind file I just do this to hide the code:
conditionalrow.Style["display"] = "none";
This makes the row disappear as intended. I don't mind that it's just invisible, it won't hurt anything. However, this has the side-effect of making several HTML form elements inside of conditionalrow gain ASP.NET's convoluted IDs and NAMEs. This throws off a lot of Javascript functions related to the form that I don't have time to change or rework right now. I need to be able to hide the form (or remove it from the code entirely) from the code behind file, but without changing the IDs and NAMEs of child elements.
I know there's some kind of setting in the newer versions of ASP.NET that allows you to override ASP.NET's ID reassignment. Unfortunately, I'm stuck with ASP.NET 2.0 and don't have the option of using anything newer for this project. What do you recommend?
Instead of making the row a server side control, use a code block to give it an appropriate CSS class.
<tr class="<%:VisibilityClass%>">
Where, in your code behind you have a VisibilityClass string property that return the CSS class name:
public string VisibilityClass
{
get
{
if(shouldBeVisible)
return "visible";
return "hidden";
}
}
You can also use functions if a property is not appropriate.
can you not do a conditionalrow.Visible = false;