I have a problem in a Ruby on Rails app that I am working on. I have been working on the app for months and I have never had this problem before and after a bit of Google searches I think that somehow someone is trying to steal cookies with javascript.
When I click on the link I get an alert box titled "the page at www.napkinboard.com says:" and contains the following message:
__utmz=217223433.1270652009.59.3.utmcsr=localhost:3000|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=217223433.2133018314.1265749085.1271097412.1271125626.63; __utmc=217223433; __utmb=217223433.11.10.1271125626
I checked the database and all data associated with this 'food_item' looks completely normal and does not contain any javascript at all.
How did this suddenly happen and how can I stop it? I appreciate any help. Thanks.
EDIT: Can't believe I forgot the URL: http://www.napkinboard.com/food_items/413
It sounds like you've found a link that exploits an XSS vulnerability using the query string.
Make sure to properly escape all of your output.
load up firefox and firebug, and see what the javascript and network stack trace show. That should give you an idea of where it's coming from, etc.
Related
Alright, kinda a weird question. But I'm gettis some random errors after I call a Ruby Api using AngularJs, as a response I get a big error in the console. Looks like the regular Ruby error screen but I would like to know if there is a better way to look at it.
Example>
Sorry if this is not the way to ask.
Thanks in advance.
Redo the request while the Network tab is open in Developers Tool. Click this request, i.e http://localhost:3000/users/sign_in.json,and then you can preview it on the right.
trying to create a pinterest link with javascript. It opens up pinterest, shows the correct images and description but when i click PIN IN it just refreshes and doesn't pin it.
Creating a custom link and heres a URL created that i think should be working -
http://pinterest.com/pin/create/button/?url=http%3A%2F%2Fsandbox.modernactivity.co.uk%2Findependent_02%2F%3Fattachment_id%3D743&media=http%3A%2F%2Fsandbox.modernactivity.co.uk%2Findependent_02%2Fwp-content%2Fuploads%2F2012%2F06%2FBBC%20-%20MEAT-NEW%20WEBSITE%20TEST%204%3A3%20to%2016%3A9%20cropping-743-still-150x84.jpg&description=Independent%20Films%2C%20%E2%80%98Meat%E2%80%99&ref=http%3A%2F%2Fsandbox.modernactivity.co.uk%2Findependent_02%2Fdirectors%2Fdaniel-levi%2Fshowreels%2Flive-action%2Fvideo%2F743%2F%23
Anyone know what might be wrong?
best, Dan.
Okay.. Let me start with a disclaimer. This answer might not even be right, but it did work for me. I had the same problem and my URL has lots of '+' in it.. which the URL encoded equivalent for a ' '. So, essentially pinterest seems to have a problem "pinning" them, although there seems to be no problem in rendering them...
Your URI seems to have a lot of spaces too..
so, if the URI is in your control, you may
Create the uri after URLEncoding them
Make sure that spaces and such like dont appear on the URI.
Looking through my IIS Logs I noticed that Pinterest was redirecting users to my website without a leading http:// even if specified in the address, this seems to be causing the error for me. Unsure how to fix this in IIS, but thought I'd throw you a clue I found.
Wikipedia's URLs recently started adding #_ (appended or embedded) to the mobile version of the website.
What does this mean?
Why did Wikipedia start using this new convention?
I knew about shebang/hashbang (#!) but I am not sure I understand the purpose of Wikipedia's new #_.
Is this also related to AJAX?
How does it work?
BTW, typing the URL into the browser's address without the #_, results in auto-redirect to the #_-appended URL, which results in significant performance hit on my browser. There must be a good reason to use this new #_ scheme. I just don't know (yet) what it is.
It's just a dummy value used as a kluge. The code that sets it was introduced on May 1 in a commit titled "fix jump to top", with the following commit message:
"currently clicking on the jump to top link has no effect. This is
because opening a section sets the hash to the same as the jump to
top link. By resetting it first we can get back the behaviour we want"
If it's really causing a performance issue in your browser, you should probably report it as a bug in MediaWiki. Actually, you should probably report it as a bug in your browser too.
I'm developing a web app, using Play framework and javascript, but exactly I don't know how to print a form (i.e. an invoice). I thought it has to be implemented on Javascript. but reading on web, I didn't find anything. I´m searching now if the implementation is on Server side (Java), but i dont have any idea.
That's a very weird question that you have here, I probably don't get it right..
What do you mean "Print a form" ?!
What about print page from your favorite browser ?
Must be missing something.
What about render the invoice in pdf format?If you are interested in doing something like that check this module:
http://www.playframework.org/modules/pdf
I think it is the best solution and that's what most companies do.Hope that helped
I'm having the most peculiar problem, and I was hoping I someone could point me in the right direction on how to address it (or even locate it...). I'm working on a rails site, and the pages display in most browsers without any issues. In others (AOL, IE 6 - 7, and some of the other lesser used ones) the page will load, with all of the correct formatting, but completely missing the inside content.
For example, the site uses a traditional online store format, but will load the name of the site, the name of the product, and the page footer, but not the description or images. This issue has been reproduced on several computers, but I can't figure it out at ALL.
Thanks for any help!
My approach to this sort of problem would be to use the browser to get the html you are trying to render (in firefox, View>>Page Source), and saving it as a static html file. Then you can fiddle with this file one piece at a time until you figure out what's throwing IE for a loop.
If you view the page source is the data you are looking for included? This can help you figure out if you have a formatting issue on the client side or a data generation issue on the server side.