Group items tagged

"Calling Cross Domain Web Services in AJAX"

"Cross-Domain Proxy"

Is HTML5 video ready for prime time? I can't give a definite answer to that question - but I can say that getting it to work cross browser, and that includes the iPad can be annoying.

"How To: Prevent Cross-Site Scripting in ASP.NET"

"ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter"

"Cross-domain communications with JSONP"

"JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls"

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

"Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "

" Cross-architecture in-place upgrades (for example, x86 to x64) are not supported."

CLEditor is an open source jQuery plugin which provides a lightweight, full featured, cross browser, extensible, WYSIWYG HTML editor that can be easily added into any web site.

- A Pretty UI Widget Framework with a side of DOM, event and data stuff - Open Source under a friendly OpenBSD License - Cross Platform webOS, iOS, Android, Symbian, Safari, Chrome, Dashboard Widgets (wait, what?) - Light and Efficient Minified JavaScript is just over 8K with no dependancies - Compatible with PhoneGap plus most other JavaScript frameworks

GMap.NET is a powerful, Free, cross platform, open source .NET control. Enable use routing, geocoding and maps from Google, Yahoo!, Bing, OpenStreetMap, ArcGIS, Pergo, SigPac in Windows Forms & Presentation, supports caching and runs on windows mobile!