Tuesday, May 24, 2011

FreeMarker built-ins for security

FreeMarker (latest version is 2.3.18 released on 5/21/2011) has many built-ins for string. Few of them provides easy way to eliminate potential XSS attack using output filtering.

  • html
The string as HTML markup. That is, the string with all:
  • < replaced with &lt;
  • > replaced with &gt;
  • & replaced with &amp;
  • " replaced with &quot;
  • url
The string after URL escaping. This means that all non-US-ASCII and reserved URL characters will be escaped with %XX.
  • js_string
Escapes the string with the escaping rules of JavaScript language string literals, so it is safe to insert the value into a string literal. Both quotation mark (") and apostrophe-quoate (') are escaped. Starting from FreeMarker 2.3.1, it also escapes > as \> (to avoid </script>). Furthermore, all characters under UCS code point 0x20, that has no dedicated escape sequence in JavaScript language, will be replaced with hexadecimal escape (\xXX).

These 3 built-ins can be used a single filtering, or combined like below
<a href="http://hjzhao.blogspot.com/built-ins?name=${thename?url?html}" 
<td onclick="openURL(newpage?param=${value?url?js_string?html});">Click Me</td>
Posted by at No comments:
Labels:

How to reboot WRT54G

I usually do a power adapter switch to get it rebooted. That needs to approach the physical router in different room. Did some search, and found there probably have 3 ways to reboot/refresh router.

Method 1 - Use hidden reboot page
After login to administration page (192.168.1.1) using admin/thepassword, then type hidden page
http://192.168.1.1/Reset.htm

Method 2 - Backup & Restore
Administration page: Administration -> Config Management -> Backup, then Restore using the backup file (config.bin)

Method 3 - DHCP release/renew
I am not sure if it solves some connectivity issue, will try next time. Administration page: Status -> Router -> DHCP Release/Renew.
Posted by at 2 comments:
Labels:

Friday, May 20, 2011

Install Subclipse on Mac

Subversion (SVN)
Subversion (SVN) is a popular replacement for CVS, offering improved performance (courtesy of intelligent local caching and a database at back end), easy and fast branching. The official website is  http://subversion.apache.org/and the wiki page is http://en.wikipedia.org/wiki/Apache_Subversion. There are many version control systems, and most popular are VSS (Microsoft), CVS and SVN.
 
SVN Client
There are a bunch of clients to access SVN. Most frequently used might be TortoiseSVN, SmartSVN and some integration clients with Visual Studio and Eclipse. For Eclipse, there are two most popular clients: subclipse and subversive. I selected Subclipse which is from tigris.org.

There is a wiki page to compare different SVN clients
http://en.wikipedia.org/wiki/Comparison_of_Subversion_clients

By default Eclipse has built-in CVS client support, but for SVN, we need some efforts to set up Subclipse on Eclipse. The installation includes two major steps: "Adding subclipse to Eclipse" and "Install JavaHL".(JavaHL version should match Subclipse version)

Eclipse Version
I am using the latest Helios release as of May 2011.
Eclipse Java EE IDE for Web Developers.
Version: Helios Service Release 2
Build id: 20110218-0911

Add Subclipse to Eclipse
1. Help -> Install New Software... ->
From "Work with:" drop down list select Subclipse 1.6.x
Subclipse 1.6.x Update Site - http://subclipse.tigris.org/update_1.6.x/

2. Select required components under Subclipse category (See Figure 1) to install

Figure 1







3. Click "OK" on security alert dialog (See Figure 2) - Subclipse isn't digitally signed
Figure 2

4. Restart Eclipse to apply changes (See Figure 3)
Figure 3

Install JavaHL
1. What is JavaHL, and how to install JavaHL on different platforms, see JavaHL Wiki Page

2. Why JavaHL?
This is explained in JavaHL wiki page. For Mac OS X, we need it otherwise we will get below "Subversion Native Library Not Available" error (see Figure 4)
Figure 4

3. Download CollabNet Subversion (I downloaded Subversion-1.6.16-10.6.x.dmg for Mac OS X 10.6.7 version, they also need login to download which is not user friendly). The version is: Universal Subversion 1.6.16 Binaries for Snow Leopard (Mac OS X 10.6)

4. Install the Subversion, after installation, we will see new "/opt/subversion" created. For JavaHL, it is in /Library/Java/Extensions/libsvnjavahl-1.jnilib

4. Restart Eclipse to pickup JavaHL

Use Subclipse
1. Adding a project to the repository
To add a new project to your Subversion repository, right-click the project (in any of Eclipse's project views or the Navigator view) and choose Team > Share Project from the menu.

2. Use SVN Repository Exploring

3. Refer to right-click Team menu

For more info, please refer to http://www.ibm.com/developerworks/opensource/library/os-ecl-subversion/
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)