Scenario
If you a have some javascript code that needs to be executed on the onLoad event of a page in SharePoint.
Solution
SharePoint provides a JavaScript array "_spBodyOnLoadFunctionNames", any function to be executed onLoad needs to be added to this array e.g.
Sharing knowledge does not lessen your store, often it gets you more.
Success doesn't happen overnight and patience is key to living your dream life.
Success is a journey not a destination
Friday, October 08, 2010
Monday, September 20, 2010
Important: ASP.NET Security Vulnerability
ASP.Net uses encryption to hide sensitive data and protect it from tampering by the client. However, a vulnerability in the ASP.Net encryption implementation can allow an attacker to decrypt and tamper with this data.
But what can the attacker do with this capability? Part of the answer depends on the ASP.Net application being attacked. For example, if the ASP.Net application stores sensitive information, such as passwords or database connection strings, in the ViewState object this data could be compromised. The ViewState object is encrypted and sent to the client in a hidden form variable, so it is a possible target of this attack.
If the ASP.Net application is using ASP.Net 3.5 SP1 or above, the attacker could use this encryption vulnerability to request the contents of an arbitrary file within the ASP.Net application. The public disclosure demonstrated using this technique to retrieve the contents of web.config. Any file in the ASP.Net application which the worker process has access to will be returned to the attacker.
Workaround
The workaround for this vulnerability is to use the customErrors feature of ASP.NET to configure applications to return the same error page regardless of the error encountered on the server.
By following the steps in the advisory to map all error messages to a single error page, you make it difficult for the attacker to distinguish between the different types of errors, effectively limiting access to the oracle.
But what can the attacker do with this capability? Part of the answer depends on the ASP.Net application being attacked. For example, if the ASP.Net application stores sensitive information, such as passwords or database connection strings, in the ViewState object this data could be compromised. The ViewState object is encrypted and sent to the client in a hidden form variable, so it is a possible target of this attack.
If the ASP.Net application is using ASP.Net 3.5 SP1 or above, the attacker could use this encryption vulnerability to request the contents of an arbitrary file within the ASP.Net application. The public disclosure demonstrated using this technique to retrieve the contents of web.config. Any file in the ASP.Net application which the worker process has access to will be returned to the attacker.
Workaround
The workaround for this vulnerability is to use the customErrors feature of ASP.NET to configure applications to return the same error page regardless of the error encountered on the server.
By following the steps in the advisory to map all error messages to a single error page, you make it difficult for the attacker to distinguish between the different types of errors, effectively limiting access to the oracle.
Monday, August 16, 2010
Ajax second postback not working in Sharepoint in UpdatePanel
Scenario
I had an update panel within the Sharepoint where the trigger is set to PostBackTrigger. Any button within the update panel triggered the click event only the first time. After that the click event never got fired until the whole page is refreshed.
This scenario was working in our test environment but doesn't work in our client's test environment. The difference is somewhere with the sharepoint setup.
Solution
Windows SharePoint Services JavaScript has a "form onSubmit wrapper" which is used to override the default form action. This work is put in place to ensure that certain types of URLs, which may contain double byte characters, will fully work across most postback and asynchronous callback scenarios. However, if your scenarios do not involve double byte character URLs, you may successful disable this workaround and gain the ability to use ASP.NET AJAX UpdatePanels.
To do this, you may need to register a client startup script which disables this workaround, in addition to resetting the default form action:
I had an update panel within the Sharepoint where the trigger is set to PostBackTrigger. Any button within the update panel triggered the click event only the first time. After that the click event never got fired until the whole page is refreshed.
This scenario was working in our test environment but doesn't work in our client's test environment. The difference is somewhere with the sharepoint setup.
Solution
Windows SharePoint Services JavaScript has a "form onSubmit wrapper" which is used to override the default form action. This work is put in place to ensure that certain types of URLs, which may contain double byte characters, will fully work across most postback and asynchronous callback scenarios. However, if your scenarios do not involve double byte character URLs, you may successful disable this workaround and gain the ability to use ASP.NET AJAX UpdatePanels.
To do this, you may need to register a client startup script which disables this workaround, in addition to resetting the default form action:
Sunday, August 15, 2010
DataTips in VS2010
While debugging we can mouse over on an variable to look at the value or to explore further and we call this as DataTip. In Visual Studio 2010, we can stick DataTips to our code window and drag & drop to any location and the DataTip will hang there. This really facilitates the debugging process.
Run your application in debug mode and mouse over on the variable to pin and click the pin icon. To unpin, just click the unpin icon again in the debug mode.
Run your application in debug mode and mouse over on the variable to pin and click the pin icon. To unpin, just click the unpin icon again in the debug mode.
Google maps - Part 6 - How to get driving directions?
The driving directions can be calculated directions using the DirectionsService object. This object communicates with the Google Maps API Directions Service which receives direction requests and returns computed results. The results can be displayed using the DirectionsRenderer object to render these results.