I'd like to use Elmah on my website except I'm concerned that if I get an exception on a page that accepts credit card numbers then people's credit card numbers will end up in the error log. Of course, I don't want a copy of them anywhere on my server.
So is it possible to hide the value of a form field on a particular page? For example, it would appear as txtBxCCNumber=xxxxxxxxxxxx in the Server Variable section.
First of all make sure you secure your Elmah logs from anonymous access.
Then, read the section on Error Filtering and the provided examples. You should be able to adapt an example on the page to filter out errors on your credit card form page.
Related
My intention is to embed Google results in my website. I don't want to customise the domain/s on which the search is performed or anything, just a 'bog standard' Google search based on search parameters I pass it.
2 questions:
How do I display google results on my website as a response to search criteria entered into a textbox I have?
Is there any legislation I need to take into account?
I know my second question sounds rather strange but I'm aware that what I'm appearing to do here is present content driven by Google as though it's my own so want to avoid breaching any copyright or 'same-origin policy' type thing.
What I've Tried/Ways I Know I Could Achieve This
Screen scraping Google's response to a simple web request with the necessary query parameters (but seems a bit excessive)
Google's custom search (but I don't want to customise anything)
I've tagged this question for some more context.
As it is mentioned here
you can use your own XML parser to customize the display for your
search users.
with an http request like this:
GET /search?q=bill+material&output=xml&client=test&site=operations
But it has a limitation on number of requests per day, 500 or 1000 I guess.
Custom Search can be configured to include the entire Web in its results:
From the Google Custom Search homepage, click New search engine.
In the Sites to Search box, enter at least one valid URL (e.g. www.google.com).
Click Create.
On the next page, under Optional next steps, click Edit.
On the Basics tab, under Search Preferences, select Search the entire web but emphasize included sites.
Click Save Changes.
In the left-hand menu, under Control Panel, click Sites.
Delete the site you entered during the initial setup process.
I have a Plone site configured with PloneFormGen. I'm using a save-data-to-content adapter to create a page for each submission, with a unique number for title/id. I have content rules set up so that various roles will be notified when a submitted form transitions along the workflow.
Is there any way to include the content of the submitted in these emails? I know PloneFormGen can send the content of the form in an initial email at submit time, but I need to send this same information later. I'm pretty good at figuring things out, but I'm no Plone expert so any help would be appreciated.
Additional info:
I'm using the uwosh.pfg.d2c adapter to perform the PFG -> Contenttype conversion, which works well. The content type is set to 'page' in the settings for the uwosh.pfg.d2c plugin. Content rules then will send emails to various groups or roles based on a state transition of the resulting content, which works in the normal way - when a transition occurs, the rule executes.
Effectively, what we have is pages that are being generated by the form when the user clicks submit. This is done through a plugin in PloneFormGen. This may provide some extra info: http://pythonhosted.org/uwosh.pfg.d2c/ - I'm not, admittedly, much of a developer.
Ideally, reviewers would get body-text of the created page when the form is submitted: this is done through a content rule that when a page is added to a folder, it sends the email. The page is added to the folder when the plugin in PloneFormGen creates the page.
When we have these pages, other users can come in and review and change the state of them - just as you can with any other page in Plone. PloneFormGen should have no further use once it's been converted to a page. Hope that helps.
The bad news is that this will require programming; the good news is that it won't take much. There are two reasonable approaches to solving the problem:
Have your content rule action run a script that handles the mailing itself. You can use the site's mailhost to send scripted mail; or,
In a Python package (no way to do this in a through-the-web script), provide a named adapter implementing plone.stringinterp.interfaces.IStringSubstitution for your context's text attribute. That will give you a $ substitution for the body. This would probably require less than 10 lines of total code.
You might want to have a look a collective.contentrules.mailtogroup, the newest version is capable to send the body-text as mail (use the '${text}'-variable), triggered on one of the convenient content-rules-events, in your case 'Object added'.
You can assign your roles to a group and use it for your case.
i have a usecase where i want to personalize the content, that a visitor see based on his
information saved in Audience Manager.(i have added a keyword "personalize" for one of the contact "x").For this
I have created a a target group, defined its characteristics and tracking keys(defined personalize > 0).
After this, i associated the Target group with a component presentation and Published the Page
When i logged in with "x" credentials i was unable to see that component presentation on the Page.
Please Help!
First steps:
Validate the user has the value for personalize in the Broker DB
Check you have the WAI module in your web app
Look at the published page, and validate the conditions are in the output
Check your target type is set to an appropriate language (not none)
Check your storage bindings are correct in Deployer and web app
If that reveals nothing, please update your post with more info.
Finally, consider posting this at: https://tridion.stackexchange.com/grant-beta-access?key=63880f9cbf452c62f726770209533893
I am using tinymce editor in asp.net page. It was configured fine but when I tried to write soem text in editor it raised error "A potentially dangerous Request.Form value was detected from the client with timymce" I searched and came to know it was bascailly scan of input message form script and sql injection attaks.
To remove this error I put ValidateRequest=fasle in page heade in aspx page. Now I am sure input is not beign validated but is it unsecue now ?
Please guide me what type of threat it has now and what safty measure I can take to prevent it. The editor is being used for compose and store emails. I just read on some sites that client side script attaks are possible from input. Please guide and help.
I believe this answer is along the lines of what you are looking for.
Basically, you have to make sure you html encode/decode all the input fields where applicable. In reality, you cannot completely avoid it, unless you disable the validation. But if you are, make sure you take steps to avoid direct use of the input.
i want to carry a message from asp.net application to another social networking website through href html element and i need to display that message when i loggs into that website(into To textBox).
Please provide the answer .
You could add the data directly to the url like:
http://new.site/?data=data
or if the two sites can share a database you can insert that data into the database assigned with a hash, and you only pass the hash to the new site.
If I understand your question correctly (I'm almost sure I don't), it sounds like you can use a querystring value.
Your href attribute in an anchor tag would be like:
Link
"message" could also be a numerical value or another identifier that both the application and the website share information about.
The destination site reads the message value from the querystring, performs any necessary lookup, and presents the result message to the user.