DOM XSS and createElement() and getElementsByTagName() methods

Hello, I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it. 1. document.createElement() 2. document.getElementsByTagName() (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Thank you for your time. Best Regards, Supriya

I am really sorry for that. Thank you for the correct group link. Best Regards, Supriya

Hello, I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it. 1. document.createElement() 2. document.getElementsByTagName() (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Thank you for your time. Best Regards, Supriya

also I used TME_LEAVE to check mouse actions in trackmouseevent structure initialization.. in case if somebody faces the prob as I had..

Thank you. Yes I am using the trackmouseevent in OnMouseLeave() method.. actually i just replaced message as "WM_MOUSEMOVE" and it started working.. but thanks much for the help. Also I cud not find WM_MOUSEENTER message in respective .h file.. thanks and regards, Supriya Tonape

hello On WM_MOUSELEAVE message the below function OnMouseLeave() is not getting called... (however OnInitDialog() is getting called) I have created a dialog box and wanted to call my function OnMouseLeave() on WM_MOUSELEAVE message. Declared a message map as below, BEGIN_MSG_MAP(CMyClass) MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog) MESSAGE_HANDLER(WM_MOUSELEAVE, OnMouseLeave) END_MSG_MAP() any idea if am missing something ? Thanks and Regards, Supriya Tonape

still struggling...

Hello, In C++ Windows programming , I need to make CheckBox(IDC_CHECK1)control transparent on dialog..I have applied a background image to this dialog using pic control and on top of it added auto checkbox. I want to make checkbox's text transparent on the dialog window so that background image is visible even after (checkbox's)text is written on it. I have made checkbox's 'transparent' property true but it's not helping me out. Tried to use getlongwindow() and setlongwindow() API's too... can anybody help ? Best Regards, Supriya Tonape

ok :) Best Regards, Supriya Tonape

Thank you very much for suggestion! I tried below and it worked for me :) hComponentName = GetDlgItem(hDlg,IDC_STATIC3); SendMessage(hComponentName, SW_HIDE, 1, 0); Thanks again. Best Regards, Supriya.

Hello, I want to hide textbox/label at run time, Could you please let me know what's the 2nd parameter to pass to below WIN API function, SendMessage(hComponentName, ?, 0, 0); Best Regards, Supriya

no not sidebar.. but I want to close flyout of Gadget. Some gadgets have flyouts.. for eg. sign in window of any messenger sort of gadget will open in Gagdet's flyout..

Hello, Is it possible to close Vista/Windows7 Gadget's Flyout through C# code ? Best Regards, Supriya.

Yes I had tried that. (sorry for late reply, I cudnt check mails.) Regards, Supriya.

With, Win32_LogonSession you will get 'LogonId' use this logonId to query the Win32_LoggedOnUser. After querying 'Win32_LoggedOnUser' you will get all the fields, like - Domain, Name etc Supriya

I m not sure but check if this helps you, CString buf = _T("salut"); //the first string char * Result; //the result long len = wcslen (buf); //the length of "salut" wcstombs (Result,buf,len); //conversion to char * Result[len] = '\0';

sorry here are some of the errors.. 1>c:\program files\microsoft visual studio 9.0\vc\include\string.h(48) : error C2065: '_MaxCount' : undeclared identifier 1>c:\program files\microsoft visual studio 9.0\vc\include\string.h(48) : error C3861: '_Out_opt_bytecap_': identifier not found 1>c:\program files\microsoft visual studio 9.0\vc\include\string.h(48) : error C2144: syntax error : 'void' should be preceded by ')' 1>c:\program files\microsoft visual studio 9.0\vc\include\string.h(48) : warning C4229: anachronism used : modifiers on data are ignored 1>c:\program files\microsoft visual studio 9.0\vc\include\string.h(48) : error C2059: syntax error : ')' Regards, Supriya

Hello, I am compling one of the sample projects which I got after installing WMSDK. I am using VS2009 and I compiled the project from "C:\WMSDK\WMFSDK11\samples\Metadataedit" but getting error which tells that it's not getting declarations of some symbols/variables used in 'string.h'. I am confused thinking what setting am I missing ? can anybody please guide why I am getting those error ? Thanks in Advance. regards, Supriya

Hi, I wanted to open a media file thru 'IWMMetadataEditor' struct variable in C++. After opening this file , I am initialising the 'IWMHeaderInfo' struct variable so that I can collect the meta data of media file(audio/video) through it's properties.. Can anybody tell me how to get the file name which is being played in WMP which will be input to 'IWMMetadataEditor' (pEditor->Open(???)) Regards, Supriya Tonape.

Hi Mark, I just realized that 2nd query which forms like "Associators of {Win32_LogonSession.LogonId=1121214} Where AssocClass=Win32_LoggedOnUser Role=Dependent" works for local machine but when I try to execute it on remote machine after above query executes, at next line it fails... Query execution passes but enumeration fails.. at below line, HRESULT hr1 = pEnumerator1->Next(WBEM_INFINITE, 1, &pclsObj1, &uReturn1); I have been trying different things to check out but no luck, any idea why it cud be happening or is there any change in query while running on remote machine ? Regards, Supriya Tonape