|
The original statement reads the user put input in description and appears... one input... is a XSS ... fix please
Sorry, but even accepting that OP's first language is not English I could not see what the message was trying to say. However, I guess that's just another fail on my part, so I'll move on.
The best things in life are not things.
|
|
|
|
|
Richard MacCutchan wrote: The original statement reads the user put input in description and appears...
one input... is a XSS ... fix please
Well, that's what a telegram would have looked like 50 years ago. I don't get why Nagy and you did not understand him, it seems so obvious to me. Maybe I'm just good at this stuff
|
|
|
|
|
Nishant Sivakumar wrote: Maybe I'm just good at this stuff
One point in my favor is that I am a little more used to non-native English (than most people), so maybe that helps.
|
|
|
|
|
Nishant Sivakumar wrote: I don't get why Nagy and you did not understand him, it seems so obvious to me.
OK let's break it down:
1. the user put input in description : the problem description contains the word 'input' ?
2. and appears... : and appears what ?
3. one input... : ??
4. is a XSS ... : ?? or is this part of 3, in either case I don't see what it is supposed to mean
5. fix please : that I do understand
I am still not convinced it has anything to do with the OP's use of English, more the over liberal ellipses. I spent the last 15 years of my working life supporting users across Europe, Africa, the Middle East and India, so am fairly comfortable with non-English speakers.
The best things in life are not things.
|
|
|
|
|
Richard MacCutchan wrote: 1. the user put input in description : the problem description contains the word
'input' ?
The article description contains the text "input". Maybe it's because you are not a regular author, but as someone who has written quite a few articles here, I am quite conscious of how an article has a title and a description. And considering his thread subject mentions XSS, I automatically assumed (rightly so) that input referred to the html tag.
Richard MacCutchan wrote: 2. and appears... : and appears what ?
He means that the INPUT control renders (or appears on screen). Again from (1) I already know he's talking about the INPUT-tag so I know that when he says appears, he means the control appears within the description.
Richard MacCutchan wrote: 3. one input... : ??
One INPUT-control appears (is rendered). he's re-stressing on how the control is showing up (when it shouldn't).
Richard MacCutchan wrote: 4. is a XSS ... : ?? or is this part of 3, in either case I don't see what it is
supposed to mean
What he means is that this is XSS in action here. No actual script in the example but it's trivial to add inline script to one of the control's events.
Richard MacCutchan wrote: 5. fix please : that I do understand
Wow, ok, I am surprised!
Once again I am not saying you or Nagy were being naive here, just that I was surprised at how something that was so obvious to me was so cryptic to you guys (and I know both of you are smart people).
Maybe I am just that good.
|
|
|
|
|
Nishant Sivakumar wrote: Maybe I am just that good.
Probably true ... I know I'm not.
The best things in life are not things.
|
|
|
|
|
i dont try, use alert('hello')</scrip> in subject but, if <input> work... I guess not check some html tags
|
|
|
|
|
soupuse that...
onfocus...
|
|
|
|
|
Yeah, there are potential risks there. Anyway Chris has fixed it, he loves fixing bugs before he had his morning coffee!
|
|
|
|
|
Thanks, fixed. I'll upload the change in a few hours.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
i love codeproject
|
|
|
|
|
help - advertise with us[^]
The member count is a few years old, I assume the rest of the stats are equally dated but don't have any way to check. I'd hope that the contact info for your marketing people is at least all current.
The Code Project delivers more, higher-quality viewers than any other developer-focused site. For example:
Over 5.3 million registered members
20,316,881 average page views per month*
677,229 average daily page requests*
8,657,893 visits per month*
4,073,243 unique visitors per month*
The Code Project is the only major developer-focused Web community built on high-quality, user-contributed content (over 15,800 articles so far).
3x12=36
2x12=24
1x12=12
0x12=18
|
|
|
|
|
I'm missing this[^] vote in my reputation history.
Cheers, Jani Giannoudis
|
|
|
|
|
Sometimes people write that they have voted 5, and in writing about it, convince themselves that they have already done it, and then forget to do the actual vote.
Seriously, it happens.
I think he has meant to vote, wrote about doing so, in the past tense you will note, and not realised that the vote was never cast.
Remind him.
------------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
Trolls[ ^]
|
|
|
|
|
There is no vote registered by that user. I think he missed...
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I said that would be what it was.
------------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
Trolls[ ^]
|
|
|
|
|
And you were right.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Woo Hoo!
------------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
Trolls[ ^]
|
|
|
|
|
It was a good idea to have somewhere to put these, but I'm not sure it works in it's current form. Perhaps what we need is less a forum and more a list, broken down into categories? As it stands, it is very difficult to work out what tool does what - or even find an appropriate tool unles you know it's name, which kinda defeats the whole idea.
If we had a list of categories, each tool could have a vote against it (controlling the display order). Click on the tool to get a description from the OP, and a list of comments hanging from that. Just a thought...
We also appear to be getting non-tools related questions, which further muddies the waters...
Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together.
Manfred R. Bihy: "Looks as if OP is learning resistant."
|
|
|
|
|
I understand what you're saying. I agree it would definitely help to have more structure, to make it easier to find things. Maybe use tags?
I don't think it would be good to have an 'approval' cycle like we do for articles. That would increase the barrier for people to add entries. I like the current format, because people get to comment on tools, what they like/dislike about it. It would be nice to be able to post screenshots of tools, but I don't think it should go too much further than that; again, let's keep it simple, and not increase the barrier.
I do like your suggestion about categories. I think there already is a form set up to handle stuff for the old products list (I think that is now defunct), so maybe that could be used as a start. Hopefully, the form can be kept to one page:
- name
- url
- category and/or tags
- short description
- long description
- screenshots to upload
The random questions bit is noise-level, solved very simply by adding a few moderators to the forum.
|
|
|
|
|
I'm think more along the lines of:
Regular expressions:
Expresso ***** Edits, creates, tests and explains regexes. Link to fuller description and comments
Another **** Edits and tests regexes Link to fuller description and comments
Text Editors:
... So you can see the various tools in a list by category, ordered by what people think of them, with the description and comments in a separate page. If possible the name should link to a download site?
This would also make it more obvious that a tool has been recommended already.
Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together.
Manfred R. Bihy: "Looks as if OP is learning resistant."
|
|
|
|
|
Yes, this is what I was (unclearly) getting at when I was talking about filling in a form. Once the member fills in a form for a tool, it would appear in the table you show.
|
|
|
|
|
|
I've already voted to remove him. Feel free to do the same.
I also thought that my new icon meant I'd be able to delete his posts, but I can't so I'm not sure why I have the icon.
|
|
|
|
|
Actually it's a very very old icon, at least according to CM it is : http://www.codeproject.com/Messages/3919694/Re-What-is-a-Code-Project-Protector-and-How-do-I-b.aspx[^]
My guess is CM is planning to give you those rights but is still in the process of implementing them.
According to the description you should be able to edit / remove / ... articles tho
http://www.codeproject.com/script/Membership/Types.aspx?#protector[^]
Explantion wrote:
The Code Project Protector
These dedicated members help ensure that a million members sending hundreds of articles each week do the right thing. They can moderate and remove inappropriate articles, edit eye-straining formatting and move under-performing (or recovering) articles to and from Purgatory. If you see an article that needs attention then let these guys know. Spot them in the forums by their protectors icon .
|
|
|
|