How to validate javascript and html code? [closed] - javascript

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
In our application end users are provided with a textbox where they can paste their html or javascript code to create advertisement much like Google advertisement , so I need to validate these html and js source code against malicious code and also proper syntax .
So are there any API's available in java to do the same ?
Thanks in advance
Ali.

Validating JS client-side is only useful to your nice users - since malicious users can bypass any client-side validation code anyway (by messing with the JS that is supposed to do the validation).
Validating JS server-side to look for "maliciousness" is, in the general sense, impossible unless you have a very restrictive white-list to check against. It is better to execute things in a sandbox that protects against bad things, and avoid validation (= checking for validity in advance of execution) altogether.
So, JavaScript Sandboxes. The most used is probably Google Caja - also protects against bad html/css. Sandboxing is not easy - in particular, Caja needs a server-side part to "cajole" the files and protect the host page; and any parts of the host-page outside the cajoled div need to be identified up-front.
See also some alternatives from another SO question. Note that many of them do not allow DOM access from protected code, and therefore not useful for JS that actually has to show things on screen.

You can find a lot of sources on the Internet if you search it. Here are a few: Java Encoder Project and Java HTML Sanitizer. I've never used them, but it's a starting point. You can learn a lot if you do the research yourself.
Edit: It's unclear if you're looking for a Java API or a JavaScript API. They're quite different.

Related

WordPress for java developer, is this possible? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I am a Java developer and I know Rest APIs. But what if I want to make great webpages using website building tools like WordPress and then with Rest API I can connect with my backend server.
Will that be a viable solution or I should look for something else?
On a very basic research I got to know that wordpress runs on PHP, but I am not looking to learn PHP at this point of time.
I am looking for the below things :
1 - Some tool which helps in building rich HTML page, that has drag
and drop options.
2 - I am thinking to use Spring boot for
configuring Rest API.
Basically I am looking for some suggestions in building good websites having knowledge of Java. (And yes I still need to learn Ajax and Javascript.)
I might be absolutely wrong on what I am looking, but any suggestion will be of great help.
A REST client (in your case a website) doesn't care what programming languages/technologies were used to create the server. You can have a server hosting a WordPress website (PHP) and have another server for your REST API created in Java or whatever other language you might want to use. If you want to make REST calls from your WordPress server (e.g. for server-side rendering), you'll need to use PHP. The more likely scenario is that the website makes REST requests from the browser, in which case you'll need to use JavaScript.

JavaScript equivalent to Smalltalk development cycle [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Recently I started reading about Smalltalk and its way of development and I was quite impressed. I was wondering whether there is some sort of library that makes possible the same way of development in JavaScript. I found some libraries but they just reload the page or restarts a running node.js server. I'm interested in both client side and server side JavaScript libraries. Amber Smalltalk is nice but I'm looking for a way to do the same in JS.
Edit: I'm looking for some sort of live editing of objects and prototypes and saving the changes to a file, or changing the contents of a file and the added methods are propagated to a running page or server. All this placed in an IDE similar to that of Pharo. What I found is that Meteor and Brackets support some kind of this functionality (live editing going from a source file to a browser).
You should have a look at "Lively", a project providing a Smalltalk-like environment in JavaScript:
http://lively-web.org/
It was initiated by Dan Ingalls, implementor of the original and later Smalltalks.
You can find an earlier version and some additional resources at http://lively-kernel.org/
There is also morphic.js, by Jens Mönig, which is the engine powering the Snap! graphical language/environment:
https://github.com/jmoenig/morphic.js
It is not client+server, but it is really easily portable to NodeJS.
Checkout LiveReload.js. Allows you to write javascript and changes are updated in realtime without refreshing the page using the LiveReload protocol.
Take a look at SqueakJS:
SqueakJS executes Squeak in a web page without a plugin. It is a fully
capable virtual machine implemented in pure JavaScript running
unmodified Squeak images. Squeak is a modern implementation of
Smalltalk, the original dynamic object-oriented programming
environment. It runs bit-identically on virtually any platform, and
now in the web browser, too.
https://bertfreudenberg.github.io/SqueakJS/

Detecting Javascript as Part of Validation? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Like everyone else who develops forms, I worry about validation and preventing users from entering malicious data. Javascript validation is so much more immediate and neat, but of course there is the issue that someone can just turn off Javascript.
What I've wondering, is it a legitimate option to disable forms for users who have Javascript disabled? Does it work, or can malicious visitors get around it anyway? Is it a bad idea for other reasons?
I've seen older discussions on this general topic:
How to detect if JavaScript is disabled?
How do I know if Javascript has been turned off inside browser?
What are the current methods and thinking on this?
What I've wondering, is it a legitimate option to disable forms for users who have Javascript disabled?
It's anti-social at best. Be progressive.
Does it work, or can malicious visitors get around it anyway? Is it a bad idea for other reasons?
Attackers can get around any defences implemented on the client. Your public interface is HTTP. You need to implement any security checks behind it (i.e. server side).
You can verify the informations that visitors write on your form in PHP. It's more safer.
The best way I have found to detect Javascript is to add a class to of 'no-js'.
Then if you use Modernizr it will replace the 'no-js' class with 'js'
Or if you don't want to use Modernizr you can remove the code yourself through Javascript very easily.

Looking for Documentation Pointers/Tutorials For Adding Javascript To Django application [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I would appreciate documentation and/or tutorial links to help me with the following.
I maintain a traditional web application, implemented in html, javascript, and Perl. The web site uses a third-party open source library that implements buttons. If you wave the mouse over the buttons, they indent and put up a tool tip. The site looks very professional.
I've implemented a very simplistic Django application. It does the job, but uses hyperlinks. I'd like to dress up my Django application, and make it look more professional `a la the traditional web site.
I tried this before with some simple javascript, checking fields to see if they contained a valid answer, and this did not work. As it was explained to me, it had to do with the server side processing.
Given there is no javascript already, I have no problem using a different library (JQuery) than my traditional web site.
I have no problem if someone thinks implement in html, javascript, and php, because I've got one of those applications, too. However, I'd like to continue with Django, if possible.
Javascript and Django are independent. I use Django with jQuery UI to get nice buttons but you could use any javascript library, including the one you are using in the original site.
Your existing site is either using hyperlinks, the same as Django, that are modified in the browser to be buttons (this is what jQuery UI can do as well). This is the simple case you just need to put your javascript in the templates.
If it is a complete ajax application you'll need to write Django web services to handle those.
Your best bet is to find a tutorial for the particular javascript library you are using because Django is pretty much javascript agnostic. For instance the jQuery getting started page is a good place to start.

Any good javascript BBCode parser? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
Currently i'm parsing bbcode server side but i'd like to show a preview just like this site does.
If I process the bbcode serverside using ajax it's a bit laggy, so i thought doing it client side, to just show the preview.
Do you guys know any bbcode parser written in javascript?
It is a bit late, and the question has certainly been answered. However if you are still open to suggestions, and have not yet spent your time converting the indicated parser from C# to JavaScript, I have written a parser (originally in PHP) which I converted myself[2] to JavaScript. It is available at bitbucket under the 3-clause BSD license. The parser seems to be reasonably fast, but I haven't performed any analysis on its speed.
It may not be as flexible in some ways as other possible projects out there, but it does allow defining your own codes ("bb-code" or not, with quite a few properties), and is also all contained within the one file. This is not a simple find-and-replace parser, and is not based on regex.
If this is of any interest to you, it might save you from having to convert that other library. Technically, I'm a relative "unknown", but that's the great things about JS/OSS: you can check out the source to see what I've done.
[2] As a result, there are a few remaining "compatibility functions", but I rewrote things which had native equivalents available.
I haven't personally used any Javascript BBcode parsers, but the top two Google results (bbcodejs and this blog post) seem pretty weak. The former only seems to support simple find-and-replace, and the latter seems to have pre-set BBcode built in, so you'd probably have to hack it a bit if you chose that solution.
Your best options are probably to roll your own solution (possibly basing your work off one of the two links here), or just use AJAX and move on. That's probably the best way to ensure that previews are accurate, and previewing doesn't have to be real-time on every keypress, anyway; a delay before even sending the request is acceptable.
I encountered the same problem, so I wrote my own. That supports BBCode -> AST Array -> any kind of markup, now supports HTML and React. And has plugins and presets support
https://github.com/JiLiZART/bbob

Categories

Resources