similar to: XSS (was Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....)

This is not CentOS specific but I hope someone here knows so I do not have to subscribe to another list. I'm using php DOMDocument to create an XSL that needs a non-breaking space between two values. Basically: $xslvalueof = $dom->createElement('xsl:value-of'); $xslvalueof->setAttribute('select', '../@month'); $caption->appendChild($xslvalueof);

Hi, The animation package 2.0-0 is on CRAN now. This version is a milestone of the animation package. It includes a new function saveHTML() which uses a much more elegant interface and is consistent in syntax with other save*() functions such as saveMovie(), saveSWF() and saveLatex(). Lots of demos have been added to demonstrate the flexibility of this package, e.g. now we can get the snapshots

Hi, The animation package 2.0-0 is on CRAN now. This version is a milestone of the animation package. It includes a new function saveHTML() which uses a much more elegant interface and is consistent in syntax with other save*() functions such as saveMovie(), saveSWF() and saveLatex(). Lots of demos have been added to demonstrate the flexibility of this package, e.g. now we can get the snapshots

Hi, The package animation 2.0-1 is on CRAN now (http://cran.r-project.org/package=animation). ? ? ? ? ? ? ? ? ?CHANGES IN animation VERSION 2.0-1 NEW FEATURES ? ?o demo('Xmas_card') contributed by Yuan Huang ? ?o demo('flowers') to show how to download images from the Internet ?and create an animation ? ?o a new function pdftk() as a wrapper to call the Pdftk toolkit

Hi, The package animation 2.0-1 is on CRAN now (http://cran.r-project.org/package=animation). ? ? ? ? ? ? ? ? ?CHANGES IN animation VERSION 2.0-1 NEW FEATURES ? ?o demo('Xmas_card') contributed by Yuan Huang ? ?o demo('flowers') to show how to download images from the Internet ?and create an animation ? ?o a new function pdftk() as a wrapper to call the Pdftk toolkit

Hi! I wanna take a stab at implementing better XSS prevention for Rails. This time for real =) I''m wondering what would be the better way, clean everything up with tidy first and then do the rest with regexp or regexp all the way? Anybody done this before? Thanks! Ciao! Florian

Cross-Site scripting (XSS) attacks have been appearing lately, so I wrote up an article about one way to protect yourself. It''s pretty easy to use and, for those who care, I go into some of metaprogramming techniques I used to create it. Check it out at http://blog.explorationage.com/articles/2006/01/25/how-to-protect-your-rails-apps-against-cross-site-scripting-attacks Justin p.s. My

The rubyonrails-security announcement for CVE-2012-3465 "XSS Vulnerability in strip_tags" mentions that a work around for earlier versions should be attached, but there''s none, only patches for 3.0 series and up. Is the work around available? If so, where can I get hold of it? Thanks in advance, Peter -- Posted via http://www.ruby-forum.com/. -- You received this message

Synopsis ---------- Loofah::HTML::Document#text emits unencoded HTML entities prior to 0.4.6. This was originally by design, since the output of #text is intended to be used in a non-HTML context (such as generation of human-readable text documents). However, Loofah::XssFoliate''s default behavior and Loofah::Helpers#strip_tags both use #text to strip tags out of the output, meaning that

After reading this security bulletin: http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?pli=1 I am a bit confused as to which patch I should apply. My application is currently running on a frozen copy of Rails 2.2.2. Reading the bulletin it appears that I should instead the 2-2-CVE-2009-3009.patch for the "2.2 series" of Rails. However, the patch introduces a

Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or

Hello, I'm doing the following: library(ncdf) library(fields) library(animation) saline <- open.ncdf("salinity_1990.nc") salt = get.var.ncdf(nc=saline, varid="Salinity") # create an animation of the complete temporal domain in the ncdf file. saveHTML({ for (i in 1:364) { image.plot(salt[, , i]) } }, img.name = "salinity.img",

I'm working on setting up an e-mail service. I've got the e-mail servers working beautifully and am presently working on re-writing the parts of Roundcube I don't like (e.g. it uses inline JavaScript in a few places so CSP breaks it) but - Is there any advice on characters to allow in usernames? I know there are some wacky characters that are legal in e-mail addresses but are

configure.ac | 20 +++ libswfdec/Makefile.am | 10 + libswfdec/swfdec_codec.c | 9 + libswfdec/swfdec_codec_gst.c | 260 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 294 insertions(+), 5 deletions(-) New commits: diff-tree 9367afafdc43e320b2689237f9f302e52d8fac0e (from 1906bf5a380edbbb4b808543cf3da0e9e836dbf4) Author: Benjamin Otte

Please help i can''t return xml data using prototype. If i use data from direct xml file then it works fine but when i use ajax request with header content xml it''s not working My code just work on IE but in FF it does not working. My code sample are given below If any one already done this kinds of job Please help me as soon as possible. var xmlDoc; function Claulate() { var

Dear All, I like to simulate a physiologically based pharmacokinetics model using R but am having a problem with the daspk routine. The same problem has been implemented in Berkeley madonna and Winbugs so that I know that it is working. However, with daspk it is not, and the numbers are everywhere! Please see the following and let me know if I am missing something... Thanks a lot in advance,

R 2.8.1 Windows XP I am trying to plot the results of a coxph using plot(survfit()). The plot should, I believe, show two lines one for survival in each of two treatment (Drug) groups, however my plot shows only one line. What am I doing wrong? My code is reproduced below, my figure is attached to this EMail message. John > #Create simple survival object >

On Wed, 2007-03-28 at 11:46 -0400, Ed wrote: > I am not experienced in programing or wine, maybe the drinking > version. Anyway I have attached the program. Unless you are a ham > operator you might have a problem setting the program up. Let me know > if you need any more information. The file is amhc33081.exe I tried this as WINEDEBUG=+richedit wine amhc33081.exe >

Hello, I was wondering if there is a function in R that imports tables directly from a HTML document. I know there are functions (say, getURL() from {RCurl} ) that download the entire page source, but here I refer to something like google document's function importHTML() (if you don't know this function, go check it, it's very useful). Anyway, if someone of something that does this

libswfdec-gtk/swfdec_gtk_loader.c | 10 -- libswfdec/Makefile.am | 2 libswfdec/swfdec_codec.c | 39 -------- libswfdec/swfdec_codec.h | 26 ----- libswfdec/swfdec_codec_ffmpeg.c | 98 ++++++++------------- libswfdec/swfdec_codec_gst.c | 174 +++++++++++++++++++------------------- libswfdec/swfdec_codec_screen.c | 60 +++++--------