Group items tagged

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

load(): Load a piece of html into a container DOM. $.getJSON(): Load a JSON with GET method. $.getScript(): Load a JavaScript. $.get(): Use this if you want to make a GET call and play extensively with the response. $.post(): Use this if you want to make a POST call and don't want to load the response to some container DOM. $.ajax(): Use this if you need to do something when XHR fails, or you need to specify ajax options (e.g. cache: true) on the fly.

In this post I will show you how to troubleshoot Web Resource related problems and how to deal with them.

This blog post describes how you can validate that users do not create internal links to items with no layout details

The Sitecore Social Connected module contains several independent tools: Social Connector allows website visitors to log in your website using credentials from their social network accounts. Your website receives more information about the visitor from the social network profile. You can use it to personalize the website. Social Publishing allows posting automatic updates to the social networks along with publishing Sitecore items. Putting Like and Tweet buttons on the webpage. You can put the buttons as Sitecore controls and track users' activity using Sitecore analytics.

In this post I want to show how to address a missing feature that was a part of "old" lucene index implementation. This article will provide an example how one can customize Lucene search configuration so that it's possible to add custom fields to the index.

oEmbed is a format for allowing an embedded representation of a URL on third party sites. The simple API allows a website to display embedded content (such as photos or videos) when a user posts a link to that resource, without having to parse the resource directly.

How to implement custom "code transformers" to inject custom rendered code into a blog post

Blog post possibly related to recent app pool crashes

Sometimes Sitecore events can conflict with RadGrid events.  This blog post explains how to make them play nicely together.

Implement your slideshow with the Agile Carousel JQuery plugin. Highly customizable so you can build according to your requirements. JSON data format is used to provide easier integration with external data or data from your CMS. Use it for agile web development. This is an all new version written from scratch. JQuery UI effects and the ability to read files on the server are no longer included. New features are added, such as "Control Sets" which allow for a more customizable setup. Now posted on Github for faster development.

FlyJSONP is a small JavaScript library, 2.38KB (1.13KB gzipped), that allows you to do cross-domain GET and POST requests with remote services that support JSONP, and get a JSON response

Every once in a while our customers ask if it's possible to terminate a publishing job. A demand for this functionality increased as our customers started pouring more and more content into their Sitecore implementations. Sometimes an innocent publishing job could become vicious and freeze other publications. In this blog post I'm going to present an approach that allows a user to cancel a triggered publishing job. This became possible as new publishing pipelines were introduced in Sitecore 6.

Here's a PDF from MySpace for developers that provides examples of how to post to MySpace.

Here's how to add a "Post to Facebook" link on your site.