2017年6月26日 星期一

[研究] [C#] [ASP.NET] [JavaScript] 彈出視窗

[研究] [C#] [ASP.NET] [JavaScript] 彈出視窗

2017-06-13

********************************************************************************
alert 警報對話盒視窗 

C#  + ASP.NET + JavaScript

alert 是 JavaScript 的指令

        protected void Button1_Click(object sender, EventArgs e)
        {
            Response.Write(@"<script language='javascript'>alert('Update is successful.')</script>");
        }

HTML + JavaScript

<form>
<input type="button" value="Pop-up an alert box" onClick="alert('Hi, I am alert box.')">
</form>




********************************************************************************

confirm 確認對話盒視窗

C#  + ASP.NET + JavaScript


        protected void Button2_Click(object sender, EventArgs e)
        {
            Response.Write(@"<script language='javascript'>confirm('Are you sure?'); alert(reply)</script>");
        }

HTML + JavaScript

<form>
<input type="button" value="Pop-up an confirm box"
onClick="var reply = confirm('Are you sure?') ; alert(reply)">
</form>


********************************************************************************

prompt 提示輸入對話盒視窗

C#  + ASP.NET + JavaScript


        protected void Button3_Click(object sender, EventArgs e)
        {
            Response.Write(@"<script language='javascript'>prompt('What is your name?.', 'You name here')</script>");
        }


********************************************************************************

Window.open 開新網頁

C#  + ASP.NET + JavaScript


protected void Button4_Click(object sender, EventArgs e)
        {
            Response.Write(@"<script language='javascript'>window.open('http://www.yahoo.com', 'winname','location,menubar=1 status,toolbar,scrollbars=0')</script>");
            //window.open("http://www.yahoo.com", "winname","location,menubar=1 status,toolbar,scrollbars=0");
        }





********************************************************************************

Sweet Alert With asp.net C#
https://forums.asp.net/t/2079785.aspx?Sweet+Alert+With+asp+net+C+

********************************************************************************

【JS套件】將傳統window.alert 取代override成sweetalert 教學


<script type="text/javascript">
(function() {
  window.alert = function() {
    return swal.apply(this, arguments);
  };
})(window.alert);
</script>

http://loveplay6688.pixnet.net/blog/post/104687290-%E3%80%90js%E5%A5%97%E4%BB%B6%E3%80%91%E5%B0%87%E5%82%B3%E7%B5%B1window.alert-%E5%8F%96%E4%BB%A3override%E6%88%90sweetal

********************************************************************************

(待續)

相關

[研究] [C#] [ASP.NET] [JavaScript] 彈出視窗
http://shaurong.blogspot.com/2017/06/c-aspnet.html

[研究] ASP.NET + SweetAlert 安裝 (NuGet)與試用
http://shaurong.blogspot.com/2017/06/aspnet-sweetalert-nuget.html

[研究] [C#] [ASP.NET] 用 SweetAlert + Button 作 送出確認 提示對話盒
http://shaurong.blogspot.com/2017/06/c-aspnet-sweetalert_23.html

[研究] [C#] [ASP.NET] 用 SweetAlert + LinkButton 作 刪除確認 提示對話盒
http://shaurong.blogspot.tw/2017/06/c-aspnet-sweetalert.html

JavaScruot - 視窗 (Window)
http://taiwantc.com/js/js_tut_b_window0.htm

ASP.NET 開新視窗四部曲
https://dotblogs.com.tw/hatelove/archive/2009/10/28/11325.aspx

http://lanfar.pixnet.net/blog/post/40706881

LinkButton 另開新視窗的方法
http://jimmy0222.pixnet.net/blog/post/36045311-linkbutton-%E5%8F%A6%E9%96%8B%E6%96%B0%E8%A6%96%E7%AA%97%E7%9A%84%E6%96%B9%E6%B3%95

showModalDialog與IE快顯封鎖
http://blog.darkthread.net/post-2011-07-12-showmodaldialog-and-popup-blocker.aspx

About the Pop-up Blocker
https://msdn.microsoft.com/en-us/library/ms537632(v=vs.85).aspx

<asp:LinkButton ID="LinkButton_View" runat="server" CausesValidation="False" Text="檢視" CssClass="btn btn-primary btn-xs" OnClientClick="<script>window.open('<%# String.Format(&quot;~/ManageJA/JAView.aspx?id={0}&quot;, Eval(&quot;Id&quot;)) %>','_blank','height=700,width=1000,status=yes,toolbar=no,menubar=no,location=no');</script>"></asp:LinkButton>

解決開視窗會變開在頁籤
https://dotblogs.com.tw/kim/2011/07/11/_blank

[C#]在 .Net 上實現 Win Form 中 MessageBox 的確認視窗
2009-10-09
https://dotblogs.com.tw/willy0080/2009/10/09/10984

[研究] X-XSS Protection

[研究] X-XSS Protection

2017-06-24

<add name="X-XSS-Protection" value="1; mode=block" />

Controlling the XSS Filter
https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/

IE8 Security Part IV: The XSS Filter
https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/

利用瀏覽器XSS跨站攻擊腳本篩選過濾特性(X-XSS-Protection)
http://doc.5lsoft.com/help/content.aspx?itemno=000067&_rnd=635900856594128005

IBM AppScan 安全漏洞問題修復(.net)
http://www.cnblogs.com/anngeiBKY/p/4952269.html

網站程式開發的注意事項,關於資訊安全與修補方式....陸續補充 (ASP.Net)
http://sweeteason.pixnet.net/blog/post/41779906-%E7%B6%B2%E7%AB%99%E7%A8%8B%E5%BC%8F%E9%96%8B%E7%99%BC%E7%9A%84%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A0%85%EF%BC%8C%E9%97%9C%E6%96%BC%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E8%88%87%E4%BF%AE

Config your IIS server to use the “Content-Security-Policy” header
https://stackoverflow.com/questions/37992225/config-your-iis-server-to-use-the-content-security-policy-header

X-XSS-Protection – Preventing Cross-Site Scripting Attacks

(待續)

2017年6月23日 星期五

[研究] Microsoft Anti-XSS Library V4.3 (Anti-Cross Site Scripting Library)

[研究] Microsoft Anti-XSS Library V4.3 (Microsoft Anti-Cross Site Scripting Library V4.3)

2017-06-23 更新
2016-11-17

Microsoft Anti-XSS Library V4.3 (Microsoft Anti-Cross Site Scripting Library V4.3)
https://www.microsoft.com/en-us/download/details.aspx?id=43126

NuGet - AntiXss
https://www.nuget.org/packages/AntiXss/

****************************************

.NET Framework 4.6 and 4.5 .NET Framework 類別庫  System.Web 命名空間
System.Web.Security.AntiXss 命名空間
https://msdn.microsoft.com/zh-tw/library/system.web.security.antixss.aspx

****************************************

ASP.NET 4.5改良
已內建Anti-Cross Site Scripting Library,AntiXssEncoder.HtmlEncode,或用懶人法<%#: Eval(“PropName”) %>
http://blog.darkthread.net/post-2012-04-25-vs11-and-aspnet-45-beta-seminar.aspx

****************************************

AntiXSS 成為內建功能
AntiXSS 這個強大的 XSS 攻擊保護函式庫,在 ASP.NET 上一直屬於外掛的功能,但到了 ASP.NET 4.5,它變成了內建的功能,ASP.NET 4.5 內建的是 AntiXSS 4.0,命名空間是 System.Web.Security.AntiXSS,內含了 AntiXSSEncoder 類別,但是它預設並不會啟用,必須要開發人員在 Web.config 中加入這一段:


<httpRuntime ...
  encoderType="System.Web.Security.AntiXss.AntiXssEncoder,
                          System.Web,
                         Version=4.0.0.0,
                         Culture=neutral,
                         PublicKeyToken=b03f5f7f11d50a3a" />


而像是 HtmlEncode, HtmlFormUrlEncode, XmlEncode, UrlEncode, UrlPathEncode, CssEncode 等也都成為了內建功能,為防護 XSS 攻擊做了更完善的保護。
https://dotblogs.com.tw/regionbbs/2012/03/01/asp_net_4_5_new_feature_in_core_services


****************************************

AntiXss 功能被內建至 .NET Framework 4.5 :
http://msdn.microsoft.com/zh-tw/library/system.web.security.antixss.aspx
如果要啟用,請參考
http://msdn.microsoft.com/zh-tw/library/system.web.security.antixss.antixssencoder.aspx
下方說明。

****************************************

Html Editor vs HtmlEncode/Sanitizer.GetSafeHtmlFragment
https://social.msdn.microsoft.com/Forums/zh-TW/2abfcce7-a8fe-4c4f-ba2d-2ed275685bdc/html-editor-vs-htmlencodesanitizergetsafehtmlfragment?forum=236

****************************************
Why not Anti-XSS Library is built in .NET Framework ?
https://social.msdn.microsoft.com/Forums/en-US/44ed592f-dc64-43c1-9211-6877b8b32a50/why-not-antixss-library-is-built-in-net-framework-?forum=netfxbcl

(待續)

[研究] [C#] [ASP.NET] 用 SweetAlert + Button 作 送出確認 提示對話盒

[研究] [C#] [ASP.NET] 用 SweetAlert + Button 作 送出確認 提示對話盒

2017-06-23

Visual Studio 2017
請用 Nuget 安裝 SweetAlert.Base 和 jQuery

[研究] ASP.NET + SweetAlert 安裝 (NuGet)與試用
http://shaurong.blogspot.com/2017/06/aspnet-sweetalert-nuget.html

[研究][C#][ASP.NET] jQuery 3.1.1 安裝(NuGet)
http://shaurong.blogspot.com/2017/01/caspnet-jquery-311-nuget.html

參考這篇

SweetAlert confirmation dialog with asp.net listview delete?
https://stackoverflow.com/questions/33522843/sweetalert-confirmation-dialog-with-asp-net-listview-delete

下面 LinkButton1 會跳出傳統的對話盒視窗,LinkButton2 跳出 SweetAlert 版的。


<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="SweetAlertTest.Default" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title></title>
    <script src="Scripts/jquery-3.1.1.min.js"></script>
    <script src="Scripts/sweetalert.min.js"></script>
    <link href="Styles/sweetalert.css" rel="stylesheet" />
     <script type="text/javascript">
        function deletealert(ctl) {
            // STORE HREF ATTRIBUTE OF LINK CTL (THIS) BUTTON
            var defaultAction = $(ctl).prop("href");
            // CANCEL DEFAULT LINK BEHAVIOUR
            event.preventDefault();
            swal({
                title: "警告",
                text: "刪除確認?",
                type: "warning",
                showCancelButton: true,
                confirmButtonColor: "#DD6B55",
                confirmButtonText: "Yes, delete it!",
                cancelButtonText: "No, cancel plx!",
                closeOnConfirm: false,
                closeOnCancel: false
            }, function (isConfirm) {
                if (isConfirm) {
                    swal("Deleted!", "Your imaginary file has been deleted.", "success");
                    // RESUME THE DEFAULT LINK ACTION
                    eval(defaultAction);
                    return true;
                } else {
                    swal("Cancelled", "Your imaginary file is safe :)", "error");
                    return false;
                }
            });
        }
    </script>
    <script type="text/javascript">
        function sendalert(ctl) {
            // STORE HREF ATTRIBUTE OF LINK CTL (THIS) BUTTON
            //var defaultAction = $(ctl).prop("href");
            //var defaultAction = $(ctl).click();
            // CANCEL DEFAULT LINK BEHAVIOUR
            event.preventDefault();
            swal({
                title: "警告",
                text: "確認送出?",
                type: "warning",
                showCancelButton: true,
                confirmButtonColor: "#DD6B55",
                confirmButtonText: "是",
                cancelButtonText: "否",
                closeOnConfirm: true,
                closeOnCancel: true
            }, function (isConfirm) {
                if (isConfirm) {
                    //swal("Deleted!", "Your imaginary file has been deleted.", "success");
                    // RESUME THE DEFAULT LINK ACTION
                    //eval(defaultAction);
                    $(ctl).click();
                    return true;
                } else {
                    //swal("Cancelled", "Your imaginary file is safe :)", "error");
                    return false;
                }
            });
        }
    </script>
</head>
<body>
    <form id="form1" runat="server">
        <div>
             <asp:LinkButton ID="LinkButton2"  runat="server" OnClientClick='return deletealert(this, event);' OnClick="LinkButton1_Click" PostBackUrl="~/WebForm1.aspx">LinkButton</asp:LinkButton><br />
            <asp:LinkButton ID="LinkButton3"  runat="server" OnClientClick='return deletealert(this, event);' OnClick="LinkButton1_Click" >LinkButton</asp:LinkButton><br />
            <asp:Button ID="Button1" runat="server"  OnClientClick='return sendalert(this, event);' Text="Button" OnClick="Button1_Click" />
             <br />
             <br />
             <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </div>
    </form>
</body>
</html>



(完)

相關

How to call sever side methods on click of confirm button using Sweet Alert in ASP.Net
http://www.aspforums.net/Threads/483692/How-to-call-sever-side-methods-on-click-of-confirm-button-using-Sweet-Alert-in-ASPNet/

相關

[研究] [C#] [ASP.NET] [JavaScript] 彈出視窗
http://shaurong.blogspot.com/2017/06/c-aspnet.html

[研究] ASP.NET + SweetAlert 安裝 (NuGet)與試用
http://shaurong.blogspot.com/2017/06/aspnet-sweetalert-nuget.html

[研究] [C#] [ASP.NET] 用 SweetAlert + Button 作 送出確認 提示對話盒
http://shaurong.blogspot.com/2017/06/c-aspnet-sweetalert_23.html

[研究] [C#] [ASP.NET] 用 SweetAlert + LinkButton 作 刪除確認 提示對話盒
http://shaurong.blogspot.tw/2017/06/c-aspnet-sweetalert.html

[研究] [C#] [ASP.NET] 用 SweetAlert + LinkButton 作 刪除確認 提示對話盒

[研究] [C#] [ASP.NET] 用 SweetAlert + LinkButton 作 刪除確認 提示對話盒

2017-06-128

Visual Studio 2017
請用 Nuget 安裝 SweetAlert.Base 和 jQuery

[研究] ASP.NET + SweetAlert 安裝 (NuGet)與試用
http://shaurong.blogspot.com/2017/06/aspnet-sweetalert-nuget.html

[研究][C#][ASP.NET] jQuery 3.1.1 安裝(NuGet)
http://shaurong.blogspot.com/2017/01/caspnet-jquery-311-nuget.html

參考這篇

SweetAlert confirmation dialog with asp.net listview delete?
https://stackoverflow.com/questions/33522843/sweetalert-confirmation-dialog-with-asp-net-listview-delete

下面 LinkButton1 會跳出傳統的對話盒視窗,LinkButton2 跳出 SweetAlert 版的。

<%@ page language="C#" autoeventwireup="true" codebehind="Default.aspx.cs" inherits="WebApplication1.Default" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <script src="Scripts/sweetalert.min.js"></script>
    <link href="Styles/sweetalert.css" rel="stylesheet" />
    <script src="Scripts/jquery-3.1.1.js"></script>

    <script type="text/javascript">
        function deletealert(ctl) {
            // STORE HREF ATTRIBUTE OF LINK CTL (THIS) BUTTON
            var defaultAction = $(ctl).prop("href");
            // CANCEL DEFAULT LINK BEHAVIOUR
            event.preventDefault();
            swal({
                title: "警告",
                text: "刪除確認?",
                type: "warning",
                showCancelButton: true,
                confirmButtonColor: "#DD6B55",
                confirmButtonText: "Yes, delete it!",
                cancelButtonText: "No, cancel plx!",
                closeOnConfirm: false,
                closeOnCancel: false
            }, function (isConfirm) {
                if (isConfirm) {
                    swal("Deleted!", "Your imaginary file has been deleted.", "success");
                    // RESUME THE DEFAULT LINK ACTION
                    eval(defaultAction);
                    return true;
                } else {
                    swal("Cancelled", "Your imaginary file is safe :)", "error");
                    return false;
                }
            });
        }
    </script>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <asp:LinkButton ID="LinkButton1"  runat="server" OnClientClick='return confirm("確定刪除?")' OnClick="LinkButton1_Click" PostBackUrl="~/WebForm1.aspx">LinkButton</asp:LinkButton><br />
            <asp:LinkButton ID="LinkButton2"  runat="server" OnClientClick='return deletealert(this, event);' OnClick="LinkButton1_Click" PostBackUrl="~/WebForm1.aspx">LinkButton</asp:LinkButton><br />
            <asp:LinkButton ID="LinkButton3"  runat="server" OnClientClick='return deletealert(this, event);' OnClick="LinkButton1_Click" >LinkButton</asp:LinkButton><br />
        </div>
    </form>
</body>
</html>


(完)

相關

[研究] [C#] [ASP.NET] [JavaScript] 彈出視窗
http://shaurong.blogspot.com/2017/06/c-aspnet.html

[研究] ASP.NET + SweetAlert 安裝 (NuGet)與試用
http://shaurong.blogspot.com/2017/06/aspnet-sweetalert-nuget.html

[研究] [C#] [ASP.NET] 用 SweetAlert + Button 作 送出確認 提示對話盒
http://shaurong.blogspot.com/2017/06/c-aspnet-sweetalert_23.html

[研究] [C#] [ASP.NET] 用 SweetAlert + LinkButton 作 刪除確認 提示對話盒
http://shaurong.blogspot.tw/2017/06/c-aspnet-sweetalert.html

How to call sever side methods on click of confirm button using Sweet Alert in ASP.Net
http://www.aspforums.net/Threads/483692/How-to-call-sever-side-methods-on-click-of-confirm-button-using-Sweet-Alert-in-ASPNet/


2017年6月22日 星期四

[研究] [ASP.NET] e.NewValues 與 並未將物件參考設定為物件的執行個體。

[研究] [ASP.NET] e.NewValues 與 並未將物件參考設定為物件的執行個體。

2017-06-22

Visual Studio 2017 + C# + ASP.NET + WebForm

e.NewValues["ContextResponse"] 的 ContextResponse 是 Bind 的欄位值,不是 TextBox 或 Label 的 ID 值。

如果 ContextResponse 欄位沒填寫內容,是不能作 ToString() 的,因為 e.NewValues["ContextResponse"] 會是 null,null 不能作 ToString()。

      protected void DetailsView2_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
        {
            string errMessage = "";

            //TextBox TextBox_ContextResponse = (TextBox)DetailsView2.FindControl("TextBox_ContextResponse");
            //string ContextResponse = TextBox_ContextResponse.Text;
            //if (TextBox_ContextResponse.Text == "")
            //    errMessage = errMessage + "「XX欄位」必填。";

            // 如果 ContextResponse 欄位沒填寫內容,是不能作 ToString() 的
            //if (e.NewValues["ContextResponse"].ToString().Trim() == "")    // 並未將物件參考設定為物件的執行個體。
            //if (e.NewValues["ContextResponse"].ToString() == "")           // 並未將物件參考設定為物件的執行個體。
            //string ContextResponse = e.NewValues["ContextResponse"].ToString().Trim();    // 並未將物件參考設定為物件的執行個體。
            //string ContextResponse = e.NewValues["ContextResponse"].ToString();    // 並未將物件參考設定為物件的執行個體。
            //string ContextResponse = ((String)e.NewValues["ContextResponse"]);        // 並未將物件參考設定為物件的執行個體。
            //if (e.NewValues["ContextResponse"].ToString() == "")
            if (e.NewValues["JiguanResponse"] == null)
            {
                errMessage = errMessage + "「XX欄位」必填。";
            }
            else
            {
                if (e.NewValues["JiguanResponse"].ToString().Trim() == "")
                    errMessage = errMessage + "「XX欄位」請勿只填寫空白。";
            }
         }

(完)

2017年6月17日 星期六

[研究] OpenVAS 9 安裝

[研究] OpenVAS 9 安裝

2017-06-17

OpenVAS 是很有名的 開放原始碼弱點掃描和管理工具 ( Open Source vulnerability scanner and manager )。

下載網址
http://www.openvas.org/vm.html

OpenVAS 4.0.5 (corresponds to OpenVAS-9)
gsm_ce_4.0.5.iso
339 MB (355,794,944 位元組)

需求
Type: Linux
Version: Other Linux (64bit) => 敝人用 VMware Workstation,選 Debain 64-bits
Memory: 2048M
Harddisk: 9G
CPUs: 2
Create a new hard disk for the virtual machine.

























(完)

[研究] OpenVAS 9 安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html

[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html

[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html

[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html

[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html