Hi all,
I'm trying to find a way to prevent XSS, for example if an user try to write some script in URL of the application.
There is a way to sanitize the input of the value of parameter, removing special characters like ', <, >, ( etc?
For example typing the URL followed by a code (http://127.0.0.1:88/$/StartCheck?<svg/onload=alert(1)>) someone can redirect or execute script in our application.
I'm using 14.2.12 Intraweb version and I tryied to do it in many ways but noone works.
Thanks in advance!
Sorry for posting this here as I can't post on IW17 forums. The last update I see was from 2021. Is IW17 still active? if yes, what is the current ETA?
In TIWFileUploader, is there any way I can read the file created date and file modified date after selection or successful upload of the file. Or is there a way to create the uploaded file with the same dates of the file that was selected for upload?
When using the "IWDBAdvWebGrid" component and setting "MouseSelect = msMove", so that the dataset is repositioned to the matching grid row,...
one of my columns suddenly loses the values from the database and shows the first value from the list instead. I should also point out that the '1st' row in the grid is always colored grey, whether it's selected or not ( regardless of whatever row i click on. another issue ).
That specific column settings are:
ColumnType = ctDynCombo
ComboItems = User, Manager (stored in one value per line)
ComboBalues = U, M (stored in one value per line)
Editor = edCombo
DataSource = qUsers ( MySQLDac query component used for all columns in this grid. )
All other columns work fine, it just appears to be the ctDynCombo that has the issue.
When I click a row or cell, the "MouseMove.mtMove" setting takes affect and then ALL rows with the ctDynCombo suddenly have the same value.
I've spent 2 days on this, and am completely stumped. I've even seen this behavior using your demo apps and using the ctMove setting - so I know it's not my code or project that is at fault - and I seriously need ctMove feature to work correctly.
I have created some TIWButtons that also demonstrate something interesting. ( Add, Edit, Delete, Save, Cancel ).
1. I click on any row and the column's combobox suddenly loses it's original display values and all become the same.
2. This combo values remain the same no matter what other columns or rows I click on.
3. I click my own TIWButton that calls "dataset.Edit" and the selected row goes into edit mode AND all original combo box values are restored.
4. I click 'save' or 'cancel' and the values are fine.
5. I click onto a different row and the combo values in that column are lost again.
I am on Delphi 10.4 and the latest IW 15.2.50.
Please advise. I'm seriously out of ideas on how to make this work, and as I said, I can get it to break on your demos as well by choosing the "MouseMove = msMove" property.
I have a valid subscription for IW Ultimate. When I look for the latest source code, ther last zip file version available is 15.2.27. There is no source code for lastest 15.2.50?
Delphi 11.1 (was working with 11.0)
15.2.50
Build or Compile fail:
A) App1:
"[dcc64 Fatal Error] ServerController.pas(44): F2051 Unit IWInit was compiled with a different version of IWGlobal.gServerControllerClass'"
B) App2:
"[dcc64 Fatal Error] IWMain.pas(8): F2051 Unit IWStandAloneServer was compiled with a different version of IWURL.TURL"
Since I migrated to IW15, something I was doing previously does not work anymore. In the WebApp main form (which is a login page), I was reading parameters from the URL in order to bypass the login view if the correct "auth_token" is provided trough the URL parameters. This detection was done directly in the login form constructor :
Code:
constructor TLoginView.Create(AOwner: TComponent);
var
...
begin
if WebApplication.RunParams.Values['username'] <> '' then
begin
txtUserName.Text := WebApplication.RunParams.Values['username'];
LUserCredentials := True;
end;
if WebApplication.RunParams.Values['auth_token'] <> '' then
begin
txtPassword.Text := AuthTokenToPassword(WebApplication.RunParams.Values['auth_token']);
LPwdCredentials := True;
end
...
if tryLogin then
with TMainView.Create(WebApplication) do Show;
This code does not work anymore in IW15.
I tried using a timer and executing this code inside it, and it works. I suppose it is because the timer code is executed after the form is rendered and not in the form constructor. But is it the best way to handle a such redirection, or is there another recommended method ?
I'm debugging an application that has an unhandled exception stemming from InternalInitInheritedComponent in IWBaseForm, I can see that it raises an exception within CreateComponent proc witihin System.Classes. Is there anything I can do on my end to circumvent, or could this be a bug? I tried IW 15.2.50 but the problem persists. This issues was not noted in version 15.2.24, attached is the stack trace.