.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Work around cross scripting issue (iframe)

Posted By:      Posted Date: August 28, 2010    Points: 0   Category :ASP.Net
I want to know how I can get the button in the iframe to send the selected item in the dropdown box to a text box that is out side of the iframe. The setup is as follows This is the source of the Php page. The iframe receives the controls from the aspx page on another website. 2 separate websites. The asp.net site sends a dropdown box a label and a button to the page below (php page):<iframe id="hdnFrm" name="hdnFrm" src="" scrolling="no" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0" style="width:90%; height:50px"></iframe> <form action='http://www.link-exchangers.com/adv_links_addbycustomer.aspx' target='hdnFrm' method='post'> <table width=90% align=center cellpadding=2 cellspacing=0 border=0> <tr><td valign=top>Contact email: </td><td><input type=text name=web_email value="" style='width:250px'></td></tr> <tr><td valign=top>Web site title: </td><td><input type=text name=web_title value="" style='width:250px'></td></tr> <tr><td valign=top>Your url: </td><td><input type=text name=web_url value="http://" style='width:

View Complete Post

More Related Resource Links

JavaScript iframe resezing issue



I have an iframe that is supplied by another application, inside the iframe I have my .Net application. However, I am having sizing issues, where one minute that pages in the .Net fit the frame perfectly and the next minute they don't, with a vertical and horizontal scroll bars appearing. All the .Net Pages use a Master Page and I have also fixed the size of the pages, but with no luck. What I would was thinking if possible is to pass some javascript between the .Net application and the iframe which will make the pages and the iframe resize themselves. Has anyone done this before and have some code that I could use?

Form in iframe doesn't work.

I have put a form into an iframe. It is sent from another website to the php page on the site which has the iframe. Upon clicking the submit button nothing happens. Just a quick flash of the green page load bar. Why is this happening? I have spend hours on this...<%@ Page Language="VB" AutoEventWireup="false" EnableEventValidation="true" CodeFile="adv_links_addbycustomer.aspx.vb" Inherits="users_adv_links_addbycustomer" title="" %> <html> <head runat="server"> <title></title> <script type="text/javascript"> function copy() { var sel = document.getElementById("DropDownList1"); var text = sel.options[sel.selectedIndex].value; // Assigning selected value of DropDownList to a hidden TextArea holdtext.innerText = text; // Creating text range from hidden TextArea's content CopiedTxt = holdtext.createTextRange(); // Copying the text range to clipboard CopiedTxt.execCommand("Copy"); // out = parent.document.getElementById("web_recip"); out = document.getElementById("Textbox6"); out.value = text + "

CROSS APPLY doesn't work in some databases

I've run across a weird error trying to use CROSS APPLY. Running SQL2005SP2 developer edition on XP2 (but same error occurs on Enterprise running on W2K3).A simple CROSS APPLY always works when run from master, but doesn't work when run from most (but not all) of my other user databases. I can't figure out what could be causing the error, or is there some reason it would only work when the current database is master?Here is the simplest testcase I can come up with:select a.spid,b.text from master..sysprocesses a cross apply ::fn_get_sql(a.sql_handle) bIf this is run while the current database is master, it returns spid and SQL without a problem. If it's run in the other SQL-delivered databases (model, msdb, tempb), it also works fine. However, if it's run in all but one of the user databases, I get back an error:Msg 102, Level 15, State 1, Line 1Incorrect syntax near 'a'.I'm stumped on how to troubleshoot this. There is no difference in the query; the only difference is the current database. The databases are all owned by sa. I get the same results with sys.sysprocesses instead of master..sysprocesses.As another datapoint, the employee/department example in the BOL for CROSS APPLY exhibits the same behavior; it works fine if run with master as the current database (regardless of where the tables are created), it fails withMsg 102, Level 15, State 1, Line 3Incorrect synt

Iframe doesn't work with url?

I want to show books scroll bar in a iframe because it's just a part of the web page. However I coould't get it work using iframe. But the interesting thing, if if i open the url directly in the browser, i see the scroll bar. Url:http://books.google.com/books?id=qswDAAAAMBAJ&dq=ebony%2Bissn:0012-9011&printsec=frontcover&output=embed&allissues=1   1) Why below Code doesn't work?: <iframe src="http://books.google.com/books?id=qswDAAAAMBAJ&dq=ebony%2Bissn:0012-9011&printsec=frontcover&output=embed&allissues=1">        </iframe>  

Preventing cross-site scripting and encoding a single quote


I'm trying to prevent possible cross-site scripting attacks for our internal use app (but available publicly outside the firewall).

One feature of our app is a javascript based breadcrumb that keeps track of prior urls (via nice titles). Everytime, a new page is loaded in the current workflow, when that page renders as the browser, it includes some javascript (generated server side in C# and put into the page) to add itself to the breadcrumb trail. Currently, the url that is launched is given directly to that javascript function. However, if that url contains a single quote it is possible to inject some custom javascript, ie, one would just need to append    ');alert('yeah!');       to their url.

I tried encoding/escaping but they skip the single quote. This is a case where I'm just passing the url through. But theoretically, if an attacker tricked somebody into launching his site when they are in ours, then I guess he could get script to execute in our page.

I don't see any method that takes a COMPLETE url and encodes/escapes JUST the parameters. So for now, I'm tearing down the url, and rebuilding it from the ground up, but encoding the parameter names and values.  This basically prevents the script from running, but I do still end up with at least a javascript error because of

Iframe issue


Hi all,

I have page "Default1.aspx" It has various controls including one iframe (iframe1)

iframe1 has scr = default2.aspx

default2.aspx has asp button (button1). on server click event of this buttom i am redirecting it to default3.aspx

When i browse Default1.aspx, default2.aspx loads in iframe.
onclick of button1 default3.aspx loads in iframe.

I want default3.aspx to load in parent window and not in iframe.

Please advice.


Asp.net Cross Page Post Back issue


Dear All,

I have two web pages, say SourceWebPage and TargetWebPage, on the TargetWebpage I have a directive like:
&lt;%@ PreviousPageType VirtualPath = "~/SourceWebPage.aspx" %&gt;

These are the code behand on TargetWebPage Page_Load Event:

if (!Page.IsPostBack)
                if (Page.PreviousPage != null &amp;&amp; Page.PreviousPage.IsCrossPagePostBack)
                    DateTime reportDate = PreviousPage.DTReportDate;
                    string serialNo = PreviousPage.SerialNo;

Prevent from Cross-Site Scripting Attack


Hi All

I am really facing a major problem from Cross-Site Scripting Attack, Could anybody help me it would be really grateful. Below is sample script which automatically gets inserted into my HTML and ASPX Pages.

"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"

Thanks in Advance


HttpRequestValidationException, handling Cross Site Scripting (XSS)


First of all, this exception is caused by entering scripts or disallowed text as "<script>", "<h1>" by the user. This exception will be thrown while processing the request.

After searching and trying, most of the solutions were to:

1- disable request validation in the page header (validateRequest="false") or in the pages section in web.config.

I dont see this is a solution, the XSS problem is still there, it just does not throw the exception.

2- To encode the text and decode it using Server.HtmlEncode and Server.HtmlDecode.

This is a good one, but have to go every single textbox and call this method (Server.Encode(txtAddress.Text)), but this require alot of effort to change the whole site, and some of them may be forgotten.

I was thinking of creating a new TextBox control (MyTextBox) to inherit from System.Web.UI.WebControls.TextBox and override the Text property, then Encode base.Text in the get accessor, and Decode base.Text in the set accessor.

This will also require to change the whole site, to use MyTextBox instead of TextBox.

Any suggestions?

RadioButton inside GridView, How to get it work as normal

Did you tried before to drag a RadioButton control inside a Gridivew templatefield, and then you attempt to select these RadioButtons , you will notice that the behavior of RadioButton control will be changed and it will work just like the behavior of checkbox control! the user will be able to select more than one radiobutton in the grid!

IsapiModule Error 500 Issue


I am about exhausted trying to figure out this error:

HTTP Error 500.0 - Internal Server Error

Description: The page cannot be displayed because an internal server error has occurred.

Error Code: 0x8007007b

Notification: ExecuteRequestHandler

Module: IsapiModule

Requested URL: http://localhost:80/ReportServer

Physical Path: c:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer

When I enable Failed Request Tracing Rules and view the log output I am supposing that the actual problem is in the 2nd call where there are 2 backslashes before the actual filename in the specified path:


CALL_ISAPI_EXTENSION DllName="C:\Windows\Microsoft.NET\Framework\v2.0.50727\\aspnet_isapi.dll"


MVC2 issue - Stuck. Trying to create a cms with nested partials


I am currently trying to display multiple items on a single page. I am not sure as to how to tackle this. What I have is a database table that has all the page data in. I have this run as a PagesController and this works fine. However what I would like to do is, if say the Products page is selected via the menu, I want to pull back not only the Products page html but also get all the products, and even be able to pull them through via category. I was trying to use a partial view, but I can't get it to work. The same would be for other pages, having partial views to display the other content, ie if Gallery is selected, the page html for Gallery shows and it then can push to a partial view that pulls all the gallery images from the gallery db table and so on. 

Maybe I am tackling this the wrong way. I have the pages stored in the db to allow for a CMS system I have setup. Maybe I need to use models for all the other items(Products, Gallery, Videos and such) and use the partial for the page html?

Any help would be greatly appreciated as I am confused.

Looking for guidance: wanting to work with AJAX architecture



I'm starting a small website that will be backed by a database, and will allow a small number of users to authenticate and select an entry in the database, and then view (and optionally update) a corresponding entry (think master-detail).

I have some flexibility in how I'll do this, but I'd really like to incorperate some newer AJAX style coding, eliminating some page postbacks. I think this is a great opportunity to learn the concepts well.

I'll probably go with an ASP.NET 4.0 site. From what I've seen there are MANY ways to go about this:

-WCF Data Services to expose the data, and consume in ASP.NET

-Page methods to expose the data, separate method to update the data

-I'd rather avoid the UpdatePanel because I'm really looking for a full hands-on approach, with learning client side scripting being an objective as well.

Beyond that, it seems that one can use jQuery to build clientside templates, but also one can use the ASP.NET AJAX template engine (in ASP.NET 4.0 I believe).

A concern I have: users should only be able to work with the data exposed via these endpoints if they are logged into the website. Hopefully I can somehow reuse the ASP.NET forms authentication cookie for this purpose. 

Well, I hope I've posted enough to a

animate effect work but the render items are messed up.


Hi all,

     I have a very unique problem, humm i think. I am using a jquery effect that animate bounce effect, i have a line in my javascript pageLoad function $("#UserBrowserInfoDIV").show('bounce'); - the effects run smoothly but what it does is mess up the bolded text in the div. I have try the items inside the div without bolding and it works fine and no render problem but when bolded the text that are bolded is quite messed up, and barely readable.

Please let me know is there anything else i can do i really would like use this effect.

P.S all the effect have the same render problem, and i am using ie8 under compatibility mode.





Why getTreeNode does not work?



I try to run a  treeview example from msdn:


I also want to use code from


Here is my code:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>

<%@ Register TagPrefix="mytree"
Assembly="Microsoft.Web.UI.WebControls" %>
 <script type="text/javascript" language="javascript">

     function xxx() {

         var myNode = treeview_one.getTreeNode(treeview_one.selectedNodeIndex);


<form id="myform" runat="server">
<mytree:treeview id="treeview_one"  runat="server" Child

How do I preserve __viewstate between cross domain posts or how do I get a __viewstate of a Remote S


Here is what I want to do:
I have a local site in which I want to display data from a remote site
Lets say: I want to display data of http://www.abc.com/Default.aspx on my localhost

Now Default.aspx requires some post-data which it sends to itself. Thus the __viewstate and __eventvalidation are posted back to it by itself. I want to directly post the data to Default.aspx from localhost without opening Default.aspx and display the Default.aspx's response on my localhost.

The WebApp on http://www.abc.com is configured for __eventvalidation i.e. I cannot post-data to it from my localhost without getting a __viewstate from it. I also have to post the current __viewstate of http://www.abc.com/Default.aspx to itself

How can I accomplish it?

xpath issue


Hi i am using xpath to loop through each node,

the xml is below i can get the value of "link" but i cant get the thumbnail value, have you got any ideas how i can do this, my code is below.



     <link>test 1</link>
     <media:thumbnail url="http://test.com/image.jpg" height="75" width="75" />



     <link>test 2</link>
     <media:thumbnail url="http://test.com/image.jpg" height="75" width="75" />


public void FindLinks(XPathNavigator p_xPathNav, DataTable dt)
            //run the XPath query
            XPathNodeIterator xPathIt = p_xPathNav.Select("//item");

            //use the

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend