Jump to content

midnite

Members
  • Content Count

    179
  • Joined

  • Last visited

Community Reputation

1 Neutral

About midnite

  • Rank
    Member
  • Birthday 06/16/1986

Contact Methods

  • Website URL
    http://andy.hopto.org
  • ICQ
    71000333

Profile Information

  • Location
    Fairyland
  • Interests
    a perfectionist<br />still finding the meaning of life
  1. In the image attached below, in the (3) light blue content assist box, on the left there are 5 Firefox browser icons. What do they mean? Seemingly they mean those methods are only supported in Firefox. But of what versions? And if a certain element is supported in both Firefox and Chrome, but not IE, how will it show (as there is only 1 column space for 1 icon)? (image from http://www.jetbrains.com/phpstorm/webhelp/familiarize-yourself-with-phpstorm-editor.html) On the other hand, in Aptana, there are different columns of browser icons, showing levels of support by light up or
  2. Thanks DaveJ. Yes it is tricky for both PHP and JS, as the classes are not really related to the files. I have tested for a few versions of Eclipse. Most of them can cross-files reference PHP. But when it comes to JS, it depends (will be explained later). While testing different IDEs, i particular like the Aptana or the Eclipse with the Aptana plugin, which it provides "level of support for each element in the major web browsers" in its content assist (works for both PHP & JS): (Does Netbeans have this?) Let me sidetrack a bit. As fas as i know, there are 3 ways to define classes
  3. Thanks DaveJ. What am I looking for is exactly the feature you mentioned in your first paragraph. Yes it seems to be a must-have feature for every Java IDE. But for PHP and JS, some IDE cannot do this. They can only look up the class definition within the same file.
  4. Thanks DaveJ for reply. What do you mean? In fact I can code well in Notepad++ or even Notepad. But as I would like to make my JS and PHP go OO, build some objects like i did in Java, an IDE with cross-files referencing would be very very handy (esp eliminate many misspells).
  5. dsonesuk, thanks for reply! Do you think using position: relative; and overflow: auto; can effectively restrict all the elements visually inside div#jail?
  6. dsonesuk, i used overflow: hidden; to visually hide elements going outside the #jail. In your examples, you used overflow: auto; (which i found it is even better as it adds the scroll bars if necessary) that can also prevent HTML goes visually outside the #jail. Do you think it is enough?
  7. Thanks again for your reply. Do you think if i use a position: relative; div#jail, and ban the use of position: fixed, I can visually keep everything inside the div#jail?
  8. Thanks dsonesuk for explaining about the governing elements. I have a question. In my simple test below, for a position: absolute; inner element, in addition to being governed by a position: relative; outer element, it can also be governed by a position: absolute; outer element. Isn't it? <html><head><style>#outer { position: absolute; overflow: auto; border: 1px dotted red; height: 200%; width: 50%; left: 25%; top: 25%;}#inner { position: absolute; top: -10px; right: -10px;}</style></head><body><div id="outer"> <div id="inner">
  9. Thanks @justsomeguy for providing this reminder that XSLT will cause DoS and XSS. In addition, some others also say that XSL is Turing Complete that can do anything to harm the server and scripts. In addition, I would have to avoid the Billion Laughs attack in XML too. I guess I have to modify my step (1) to: [*]User submits a piece of XSL code XHTML code with my special tags - for example, I allow [for-each], [choose], [when], etc.[*]As they are in fact a white-list of XSLT tags, then i validate and replace those tags with actual XSLT tags.[*]In the server, there are some sample data (sample
  10. I am going to design a webpage, which contains <div>(s) that allow users to submit their (X)HTML with CSS, and being inserted into those <div>(s). I understand it will suffer from XSS seriously, so I will use HTML Purifier to sanitise the (X)HTML and CSS. For instance, I will definitely not allow <script>, <iframe>, and external resources. But I wish to allow almost all other tags and CSS attributes. Here comes the question. I wish to keep client elements (visually) inside the <div>(s). I have tried a partial solution, by using position: absolute; and overflow: hi
  11. Thanks DaveJ, i know XSS would be a serious problem. That's why i will use HTML Purifier to sanitise the user-codes. Do you think it will be safe enough?
  12. Thanks MarkT for willing to help. Here are the screenshots for the design illustration. Firstly, the red dotted line is the "Jail". The purpose is to make any HTML codes with any CSS (prefixed with div#jail) to visually keep inside the box. As shown above, the line of text tried to move out of the box. However, because of overflow: hidden, it is just clipped. So nothing could escape the "Jail". This is good. Secondly, if the position: fixed CSS is applied to the jailed elements, the result is that it can be shown outside the box - i call it a breakthrough of the jail. This is
  13. Thanks very much for reply. You may just cut and paste the codes above into the W3schools try it editors, you will understand it ;-)
  14. I am going to design a webpage, which contains <div>(s) that allow users to submit their (X)HTML with CSS, and being inserted into those <div>(s). I understand it will suffer from XSS seriously, so I will use HTML Purifier to sanitise the (X)HTML and CSS. For instance, I will definitely not allow <script>, <iframe>, and external resources. But I wish to allow almost all other tags and CSS attributes. Here comes the question. I wish to keep client elements (visually) inside the <div>(s). I have tried a partial solution, by using position: absolute; and overflow: hi
  15. In my webpage, I am going allow clients (X)HTML. To avoid XSS, I will use HTML Purifier, and disable the <script> tag (and some other dangerous tags). Yet I would like to enable designers of those (X)HTML to use certain programming-like features, for example displaying a list of items, which would need a for-loop. Then I came up with the idea that : users submit the XSL code, I provide the XML with the data required by the users. As HTML Purifier cannot sanitise XSL code (can it?), my proposed flow would be: [*]User submits a piece of XSL code.[*]In the server, there are som
×
×
  • Create New...