I am currently developing an Office add-in for Outlook.
If you use the following method to get the sender's email address when composing a mail, in rare cases the emailAddress property will be set to the value of LegacyExchangeDN instead of the email address.
Office.From interface
The following is an example of an object when it becomes a LegacyExchangeDN (some parts are hidden).
{displayName: "XXXXXXXX", emailAddress:"/O=EXCHANGELABS/OU=EXCHANGE ADMINISTRATIVE GROUP (XXXXXXXXXXXXXXXX)/CN=RECIPIENTS/CN=XXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXX"}
We do not know the conditions under which this happens.
Can you please tell me the cause of this problem and how to solve it?
We're using Office 365(Microsoft 365).
This is very similar to office-js issue # 1250. This behavior can be reproduced by re-sending a previously sent message and then calling Office.context.mailbox.item.from.getAsync. There may be other ways to reproduce this behavior. We have an internal work item tracking this issue, however, we don't have any timelines about it at the moment.
Is it possible to create an input field where you can paste a Wikipedia page link and it will get all the text contents from that page?
I'm trying to integrate a feature on my web application where people can paste their Wikipedia page link/URL they want to analyze on the input field. And the application will use that URL to get all the text content from that page.
Suppose the user inputs this link: https://en.wikipedia.org/wiki/Taylor_Swift
The application will return the text content of that page, like this:
Taylor Alison Swift (born December 13, 1989) is an American singer-songwriter. Her narrative songwriting, which often centers around her personal life, has received widespread media coverage. Born in West Reading, Pennsylvania, Swift relocated to Nashville, Tennessee in 2004 to pursue a career in country music. At age 14, she became the youngest artist signed by the Sony/ATV Music publishing house, and at age 15, she signed her first record deal. Her 2006 eponymous debut studio album was the longest-charting album of the 2000s on the Billboard 200. Its third single, "Our Song", made her the youngest .......
Also, I've tried this api, which works, but it just returns the header content, not the whole page content
I've gone through Wikipedia API and found none (yet). Any suggestions on how I do this?
Since you tagged node.js in your question, I'm assuming you are using Javascript. You could use an npm library called wikijs
An example from wikijs page
wiki({ apiUrl: 'https://es.wikipedia.org/w/api.php' })
.page('Cristiano Ronaldo')
.then(page => page.info())
.then(console.log);
Hope this works for you
You can use this API from Mediawiki to get the text of the article without any format:
https://en.wikipedia.org/w/api.php?format=json&action=query&prop=extracts&exlimit=max&explaintext&titles=Taylor_Swift
It's actually the same API you mentioned in your question, but the only difference that you should remove &exintro parameter, and add these two parameters instead &exlimit=max&explaintext
Doing some research on Shopify, to determine if I want to use it.
So, I bought something from a site that uses it, and looked at the view source at each step
I was horrified to see that in the Javascript returned with the checkout receipt, their is a horrifying amount of credit card info easily viewed and therefore easily captured by a hacker.
Here is a sample with all my data changed
<script>
Shopify.checkout = {"created_at":"2019-11-13T19:57:17- 05:00","currency":"USD","customer_id":1234566541236,"customer_locale":"en","email":"zippy#hotmail.com"," location_id":null,"order_id":1870404943944,"payment_due":"114.33","payment_url":"https:\/\/elb.deposit.s hopifycs.com\/sessions","phone":null,"presentment_currency":"USD","reservation_time":null,"reservation_time_left":0,"requires_shipping":true,"source_name":"checkout_next","source_identifier":null,"source_url":null,"subtotal_price":"99.00","taxes_included":false,"tax_exempt":false,"tax_lines": [{"price":"6.41","rate":0.06,"title":"OR State Tax"},
{"price":"1.07","rate":0.01,"title":"Oregon Tax"}],
"token":"4c9d55f9bb8898e40fe36e1e75988070",
"total_price":"114.33",
"total_tax":"7.48",
"updated_at":"2019-11-13T19:57:40-05:00",
"line_items": [{"id":"0d2b6dd0ad0186984480fb36817f9ed8","key":"0d2b6dd0ad0186984480fb36817f9ed8","product_id":15925165 42536,"variant_id":15850525491272,"sku":"ESI 071252","vendor":"My Shopify Store","title":" Euro High Flow S1 Male Coupler","variant_title":"3\/8\" Male","image_url":"https:\/\/cdn.shopify.com\/s\/files\/1\/1239\/9256\/products\/DSC01397.jpg? v=1549034841","taxable":true,"requires_shipping":true,"gift_card":false,"price":"24.75","compare_at_pric e":null,"line_price":"49.50","properties": {},
"quantity":2,"grams":85,"fulfillment_service":"manual","applied_discounts":[]},
{"id":"062af9384331b020660f9a021afb55ed","key":"062af9384331b020660f9a021afb55ed","product_id":142986457 9144,"variant_id":12867363536968,"sku":"ESI 071202","vendor":"My Shopify Store","title":" Euro High Flow S1 Female Coupler","variant_title":"3\/8\" Female","image_url":"https:\/\/cdn.shopify.com\/s\/files\/1\/1239\/9256\/products\/0U9A6198.jpg? v=1568991566","taxable":true,"requires_shipping":true,"gift_card":false,"price":"24.75","compare_at_pric e":null,"line_price":"49.50","properties":{},
"quantity":2,"grams":85,"fulfillment_service":"manual","applied_discounts":[]}],
"gift_cards":[],
"shipping_rate":{"handle":"BOXIFY (2.0)-USPS%20Priority%20Mail%7CC7739467-7.85","price":"7.85","title":"USPS Priority Mail"},
"shipping_address": {"id":1234566543458,"first_name":"Tim","last_name":"Simmons","phone":"+15555555555","company":"","address1":"123 Main Street","address2":"","city":"Juxnus","province":"Oregon","province_code":"OR","country":"United States","country_code":"US","zip":"12345"},
**"credit_card": {"first_name":"Tim","last_name":"Simmons","first_digits":"123456","last_digits":"9876","brand":"american_express","expiry_month":1,"expiry_year":2085,
"customer_id":1234566541236},
"billing_address": {"id":1234566543458,"first_name":"Tim","last_name":"Simmons","phone":"+19148260061","company":"","address1":"123 Main Street","address2":"","city":"Juxnus","province":"Oregon","province_code":"OR","country":"United States","country_code":"US","zip":"12345"},**
"discount":null};
</script>
Is this standard behavior? Showing 10 digits of the CC, mobile number, the expiration info and billing address?
If someone from Shopify monitors SO
PLEASE respond if this is standard behavior or a developer error, I certainly hope its the latter!
A hacker can steal any information if the site has a security hole like some sort of XSS attack.
But the same applies for your online banking, so that's why there are security measures to prevent that.
That said Shopify has a very secure checkout flow, since it's redirecting to a new checkout every time and it's very hard to create a working XSS or CSRF attack. ( not impossible, but a lot harder then a WooCommerce checkout for example )
In addition the Checkout is a closed platform, no APPs ( they will have support for this soon ) are allowed there and only Shopify Plus members can actually edit the checkout.liquid file.
There is no difference if the card details are stored in a input field or in a JS object, if a hacker can get to the object he will be able to get to the inputs as well.
In addition Shopify is very active in the Whitehat Hacker Community any reported bug is paid for https://hackerone.com/shopify and they are quick to fix them.
There is a reason why Shopify is the preferred E-Commerce solution. From security point of view it's a lot safer then a lot of other self hosted services like Magento/WooCommerce.
My CRM team is running into problems when attempting to personalize SMS using AMPScript. The syntax used is as follows:
%%[
Var #subscriberKey
Set #subscriberKey = _subscriberKey
]%%
%%= v(#subscriberKey) =%%
Thank you for signing up for a 45 day risk-free hearing aid trial! One of our expert hearing consultants will call you soon to discuss next steps. During this call, we'll discuss your hearing loss situation and go over the details of the 45 day risk-free trial. We look forward to speaking with you shortly!
I have created a data extension in Marketing Cloud with just me in it, and used it on a journey that sends a text message with this content to my phone. The text message delivers, however the personalization content is not in there, just the plain text is shown. Of course, once the personalization works, we will change it so that other information is in there and not subscriberKey, but for now it would be a ton of help to know why the syntax is not working when it should.
Kind regards,
Michael
you will need to add the personalized field i.e. First Name/ Subscriber Key/etc in the following format %%FirstName%% . This field is actually picked up from the Attributed which are linked in your Contact Builder. Look for Mobile Connect Demographics, make sure these attributes which are trying to add in personalization are present there.
Now next step is how to link your information from your Master DE to the MobileConnect Demographics, for that u need to create an Import Activity from Contact Builder, and Import these details in a Mobile Connect List.
Hope this helps.
Mobile Connect Lists are different from Emails Studio Lists - Keep this in mind.
I'm producing an event registration website. When someone click on a link:
Reserve id=10 event
The system is doing a "lock" on this event for ten minutes for this visitor. In that case no one else can reserve this event in next ten minutes. If the payment is done in that time, everything is OK, else the event is unlocked again. I hope the idea is clear.
PROBLEM: When bot (google bot, malicious bot, or angry customer script :P) visits this page, he see this link. Then he enters the page. Then the lock is done...
Also if someone visit recursive: /reserve/1, /reserve/2, /reserve/3, ... He can lock all the events.
I thought about creating a random md5 string for each event. In that case, every event has (next to id) unique code, for example: 1987fjskdfh938hfsdvpowefjosidjf8243
Next, I can translate libraries, to work like this:
<a href="/reserve/1987fjskdfh938hfsdvpowefjosidjf8243" rel="nofollow">
Reserve
</a>
In that case I can prevent the "bruteforce" lock. But the link is still visible for bots.
Then I thought about entering the captcha. And that is the solution. But captchas are... not so great in case of usability and user experience.
I saw few websites with reservation engine working like this. Are they protected? Maybe there is a simple ajax / javascript solution to prevent the bots from reading this as a pure text? I thought about:
Reserve
<script type="text/javascript">
$('#reserve').click(function(e) {
e.preventDefault();
var address = ...;
// something not so obvious to follow?
// for example: md5(ajaxget(some_php_file.php?salt=1029301))
window.location('/reserve/' + address);
});
</script>
But I'm not sure what shall I do there to prevent bots form calculating it. I mean stupid bots will not be able even to follow javascript or jquery stuff, but sometimes, someone wants to destroy something, and if the source is obvious, it can be broken in few lines of code. And whole database of events will be locked down with no reservation option for noone.
CRFS + AJAX POST + EVENT TOKEN generated on each load.
Summary: don't rely on GET requests especially through a elements.
And better if you add some event block rate limits (by IP for instance).
EDIT: (this is a basic sketch)
replace all the href="..." with data-reservation-id=ID
delegate click on the parent element for a[data-reservation-id]
in the callback, simply make a POST ajax call to the API
in the API's endpoint check rate limits using IP for instance
if OK, block the event and return OK, if not return error.
IP-Specific maximum simultaneous reservations
Summary: Depend on the fact that many simple bots operate from one host. Limit the number of simultaneous reservations for a host.
Basic scetch:
Store the requesting IP alongside the reservation
On reservation request count the IP's which have a non-completed reservation.
SELECT Count(ip) FROM reservations WHERE ip=:request_ip AND status=open;
If the number is above a certain threshold, block the reservation.
(this is mostly an expansion of point 4 given in avetist's excellent answer)