January 2010 - Posts

Vulnerable Cookies

I’ve Found a Great PDF about XSS Attack , and how the Middle Layer man can hijack your session and cookies. and also how to encounter it

https://www.isecpartners.com/files/web-session-management.pdf

You should always set your Domain, HttpOnly Attribute(not writeable from js) on your Cookies and use the HTTPS so the middle layer man can’t see it in plain text.

Share this post: | | | |
Posted by cipto with no comments

Merge JS into 1 Large File

Yet i come across this scenario again. After Merging all my js into 1, i found out it can’t run. this usually happens when the whole js is merge into 1 , Because Browser Lack Capability in  handling the errors when in one large file compare to one by one.

After looking 1 by 1. and using jslint. i found that Facebox.js again is not properly written. there are lot of no semicolon in the end. after adding semi colon in many lines, it runs. After that i use the JSMin to minimize it.

But what about the Server Control? Server control usually use the scriptResource.Axd .it’s a handler for the Java script for the control.

If you include many Ajaxtoolkit control,3rd Party Control which integrate with ASP.NET Ajax ex:telerik,etc.

You can see that each of that control is adding a seperate call of Scriptresource.axd.

How can we merge it?

Well first download the Helper which can detect our Asp.net ajax related Javascript References. ScriptReferenceProfiler

add to your bin. Reference on your toolbox. Put that on your page.

When you run your page, the dll will output all the Reference needed for your page .

For example:

15 References Found:

   1:  <asp:ScriptReference name="MicrosoftAjax.js"/>
   2:      <asp:ScriptReference name="MicrosoftAjaxWebForms.js"/>
   3:      <asp:ScriptReference name="Telerik.Web.UI.Common.Core.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   4:      <asp:ScriptReference name="Telerik.Web.UI.Common.jQuery.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   5:      <asp:ScriptReference name="Telerik.Web.UI.Common.jQueryPlugins.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   6:      <asp:ScriptReference name="Telerik.Web.UI.Common.Navigation.NavigationScripts.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   7:      <asp:ScriptReference name="Telerik.Web.UI.ComboBox.RadComboBoxScripts.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   8:      <asp:ScriptReference name="Telerik.Web.UI.Ajax.Ajax.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   9:      <asp:ScriptReference name="AjaxControlToolkit.Common.Common.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  10:      <asp:ScriptReference name="AjaxControlToolkit.Compat.Timer.Timer.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  11:      <asp:ScriptReference name="AjaxControlToolkit.Animation.Animations.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  12:      <asp:ScriptReference name="AjaxControlToolkit.ExtenderBase.BaseScripts.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  13:      <asp:ScriptReference name="AjaxControlToolkit.AlwaysVisibleControl.AlwaysVisibleControlBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  14:      <asp:ScriptReference name="AjaxControlToolkit.RoundedCorners.RoundedCornersBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  15:      <asp:ScriptReference name="AjaxControlToolkit.DropShadow.DropShadowBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>

Then on Your Script Manager add all that references Under CompositeScripts->scripts Tag

   1:  <asp:ScriptManager ID="ScriptManager1" runat="server" EnablePartialRendering="true">
   2:  <CompositeScript ScriptMode="Release">
   3:  <Scripts>
   4:  <asp:ScriptReference name="MicrosoftAjax.js"/>
   5:      <asp:ScriptReference name="MicrosoftAjaxWebForms.js"/>
   6:      <asp:ScriptReference name="Telerik.Web.UI.Common.Core.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   7:      <asp:ScriptReference name="Telerik.Web.UI.Common.jQuery.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   8:      <asp:ScriptReference name="Telerik.Web.UI.Common.jQueryPlugins.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
   9:      <asp:ScriptReference name="Telerik.Web.UI.Common.Navigation.NavigationScripts.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
  10:      <asp:ScriptReference name="Telerik.Web.UI.ComboBox.RadComboBoxScripts.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
  11:      <asp:ScriptReference name="Telerik.Web.UI.Ajax.Ajax.js" assembly="Telerik.Web.UI, Version=2009.2.701.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4"/>
  12:      <asp:ScriptReference name="AjaxControlToolkit.Common.Common.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  13:      <asp:ScriptReference name="AjaxControlToolkit.Compat.Timer.Timer.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  14:      <asp:ScriptReference name="AjaxControlToolkit.Animation.Animations.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
  15:  </Scripts>
  16:  </CompositeScript>
  17:  </asp:ScriptManager>

If You reference Too many Script Reference it will throws Error . like “too many script references , can’t exceed 1024 Characters”

Well You have to split it on another one using The scriptmanagerProxy. you can also you scriptmanager proxy on your Sub COntrol(Ascx)

Actually What you will have now is 2 ScriptResource.axd. So each scriptmanagerproxy will result in new ScriptResource.axd Group

For Example:

   1:  <asp:ScriptManagerProxy runat="server">
   2:  <CompositeScript ScriptMode="Release">
   3:  <Scripts>
   4:      <asp:ScriptReference name="AjaxControlToolkit.ExtenderBase.BaseScripts.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
   5:      <asp:ScriptReference name="AjaxControlToolkit.AlwaysVisibleControl.AlwaysVisibleControlBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
   6:      <asp:ScriptReference name="AjaxControlToolkit.RoundedCorners.RoundedCornersBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
   7:      <asp:ScriptReference name="AjaxControlToolkit.DropShadow.DropShadowBehavior.js" assembly="AjaxControlToolkit, Version=3.0.30512.17815, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e"/>
   8:   
   9:  </Scripts>
  10:  </CompositeScript>
  11:  </asp:ScriptManagerProxy>

The Less HttpRequest there are, the faster the Page will load,Especially JS.

Because Browser Behavior Tend to  Block Other Downloads Until the JS is finished Downloaded

And As usual you should put the JS before the Body End Tag

 

Share this post: | | | |
Posted by cipto with no comments

Usage of FLVTOOL

You can download flvtool from official website

FLVTool set meta information that is used by flash player to properly stream flv videos.

If FLVTool proper set meta information, then original flv file size increase about 1kb.

It is useful when you implement partial streaming like youtube does.

In partial streaming user can stream video from any location. from start, middle or end of video.

Also if meta information not set for flv videos most of desktop flash players like http://download.cnet.com/FLV-Player/3000-2139_4-10505954.html showing Shows bitrate as 0kb/s.

Share this post: | | | |
Posted by cipto with no comments

My Summary of Composite WPF&Silverlight, a.k.a Prism

After finding Quite a number of screen cast, It's quite hard to understand at first. the starting Comprehensive Video that i found are the Videos from the silverlightBayLabs,it's very nice and simple Anyway for Our application which use many controls in 1 xaml and have many interaction with each other it is a Very nice If Our Silverlight App can be Tested And Become Modular

This can be done by composite Application Block. Similar To other Type of application ,Composite Block for web it's WCSF and SCSF for the Windows Form.

What it does is almost the same. Shell is the end point. shell does not know anything. It only job is to Register Which Modules for this application We than separate our concern into separate module , seperate project. On Module which inherit from IModule , which has 1 method ->Initialize We register our Type And View and region .As for other Type of Work/Behaviour we add on this Module project. After A couple of this screen cast i finally grasp the idea. Especially MVVM

Shell.Xaml is our master page we register our View Using RegionManager. We seperate our View From it's Logic and Event. Model - ViewModel. ViewModel will consist of our logic , it's an island of it self. he does not know about the view at all. We can seperate /loosely coupled this Class Using depedency Injection. You just called the IUnityContainer. UnityContainer is like a Holder for your type. and it can initiate what Type you need.

EventAggregator work for use to publish event to subscriber. it acts like a mediator for you.So your Cross module can just register to it.

DelegateCommand is the One who can pass the Click Event from the Xaml to View Model. default is click only but can be extended.

To Make a Silverlight app Test project just reference 2 dll: Microsoft.Silverlight.testing ,Microsoft.VisualStudio.QualityTools.UnitTesting.Silverlight

To Make Blend Work And can Search for our Behaviour reference 1 dll on the project: Microsoft.Expression.Interactiviy

The Composite Block use weak reference on binding. we have to make our eventhandler method Public so that can be Unsubscribe from the event All the bold ones are the helper for us to use to implement MVVM/MVP

07/02/2010

There are discussion over MVVM , that it is lack of template , OverHead when used on Large application.it lack of pattern like wheter we put this on view model or the behind code view it self

http://en.wikipedia.org/wiki/MVVM

Share this post: | | | |
Posted by cipto with no comments