Hello,
I use the aspnet zero MVC JQuery template.
Actually I have a big issue. User is allow to enter html inside of an input of type text like "test <script>alert('test')</script>". With the actual code to make an ajax call from jtable the html is not encoded.
So my website is not XSS safed.
Did I miss something ?
I tried on a not modified version of the product aspnet zero and I don't have issued there. What should I check to make this issue out of my website ?
Hi,
Ok will dot it this way.
Thank you
Hello,
We have the Token Based authentification, but only for the standard login (so with username and password).
But that's ok, we take the /api/TokenAuth/ExternalAuthenticate implementation from the Core.Web project (in ASP.NET Core project of aspnet zero template) and copy it inside of AccountController of Web API project (inside on ASP.NET MVC Jquery project)
We test it from our Xamarin project and now it's ok.
We need to think now about a system of renew token and alternative to not store ProviderKey inside of the mobile app.
Best regards,
Hello,
I have the same need in my aspnet zero MVC / Jquery application but I don't have the api endpoint available.
What is the version of Abp Zero needed ?
Thanks
I use jtable to display custom localized entry like that:
name: {
title: app.localize('Name'),
width: '10%',
display: function (data) {
return app.localize(data.record.nameKey);
}
},
NameKey is the key matching with the table AbpLanguageTexts
That's works fine until I want to change the value from my popup. When i click on save, the jtable is reloaded but the value returned by app.localize is still the previous value and not the updated one.
I was wondering if there is a way in the framework to force a refresh of the app.localize without the need to reload the whole page ? Or maybe a way to update one value of the object for the key that is updated?
Thanks,
Ok after switching CustomErrors from Off to On the behavior is ok.
Thank you
Here is my config:
<customErrors mode="Off">
<error statusCode="404" redirect="~/Error/E404" />
</customErrors>
After further investigation (add symbol from Abp boilerplate framework in order to debug OnException override method in AbpController):
// If custom errors are disabled, we need to let the normal ASP.NET exception handler
// execute so that the user can see useful debugging information.
if (!context.HttpContext.IsCustomErrorEnabled)
{
base.OnException(context);
return;
}
IsCustomErrorEnabled is false.
What define is this boolean value is false or true?
Hello,
I have trouble in my code actually and for example when the user set a wrong password the login method in AccountController throw a UserFriendlyException that's work fine.
But I don't get the right error message in the popup. I put some console.log in js file and it seems that the problem is :
.fail(function (jqXHR) {
console.log('fail ajax', jqXHR);
if (jqXHR.responseJSON && jqXHR.responseJSON.__abp) {
abp.ajax.handleResponse(jqXHR.responseJSON, userOptions, $dfd, jqXHR);
} else {
abp.ajax.handleNonAbpErrorResponse(jqXHR, userOptions, $dfd);
}
});
there is no responseJSON but responseText
In preview I get the right error:
Login failed!
Description : Une exception non gérée s'est produite au moment de l'exécution de la requête Web actuelle. Contrôlez la trace de la pile pour plus d'informations sur l'erreur et son origine dans le code.
Détails de l'exception: Abp.UI.UserFriendlyException: Login failed!
Erreur source:
Ligne 224 : return loginResult;
Ligne 225 : default:
Ligne 226 : throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
Ligne 227 : }
Ligne 228 : }
Fichier source : C:\projects\dotnet-abpzero-iexpertise\iExpertise.Web\Controllers\AccountController.cs Ligne : 226
I don't know where is my mistake, I don't change the code that call the login action:
abp.ui.setBusy(
null,
abp.ajax({
contentType: app.consts.contentTypes.formUrlencoded,
url: $loginForm.attr('action'),
data: $loginForm.serialize()
})
);
I just check in last version of aspnet zero template and all works fine. Only my code failed :(
Do you have idea why I get this behavior ?
On my project, I added jquery-validate-unobstrusive.js and for the popup I was needed to trigger manual validation (in the init function) :
//Setup unobtrusive validation at client side if (!_$roomForm.data('unobtrusiveValidation')) { $.validator.unobtrusive.parse('form[name=RoomForm]'); _$roomForm.data('unobtrusiveValidation').validate({ ignore: "" }); }