CS3 (WIN) Cross referencing script

Similar Messages

• Substitution Variable in Cross Referencing dimensions

  Hi All,
  Can we use substitution variable for cross referencing dimensions.
  Example:
  "Region" = &currmth->&curryear->"New York";
  Thanks in Advance
  Bal.

  Hi John,
  If I use substition variable the answer/value for 'DOM' comes vague. If I hardcode the variables, the values for 'DOM' it comes perfect/accurate.
  Can you please help sir ?
  The Calc script is (Hardcoded value are Sep, FY09,Budget)
  //ESS_LOCALE English_UnitedStates.Latin1@Binary
  SET CACHE HIGH;
  SET LOCKBLOCK HIGH;
  SET AGGMISSG OFF;
  SET UPDATECALC ON;
  SET CREATEBLOCKONEQ ON;
  /* Material Expenses Allocation */
  FIX(&xscenario,&xyear,&xmonth,"NoLocation","NoModel",&xversion,@LEVMBRS("KD PARTS TOTAL",0),@LEVMBRS("VEHICLES",0))
  "DOM" = ("Sep"->"FY09"->"Budget"->"NoRegion"->"InputVersion") * ("Indigenous component cost-Domestic-%"->"REGION"->"ENTITY"->"Budget"->"Sep"->"LOCATION"->"MODEL"->"FY09"->"InputVersion")/100;
  ENDFIX
  Many Many thanks in advance.
  Bal

• Cross-site scripting vulnerability

  HI!
  Has any one done this yet? Embedding a flash video object in
  Dreamweaver or
  Contribute using the Insert Flash Video command might create
  a cross-site
  scripting vulnerability. A potential cross-site scripting
  vulnerability has
  been identified within the FLVPlayer_Progressive.swf file.
  The fix on Adobe
  web site is not clear, the article I read about it says
  Dreamweaver 8 and
  CS3 are affected but the adobe page only refers to CS3. I was
  wondering if
  the files for the download they provide will work in 8.02 as
  well? This is
  the link to the Adobe webpage.
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402925&sliceId=1
  Thanks.
  Dave

  I use CS3 and have done the update. The advice in the article
  on the page you're referring to is totally messed up.
  Do the renamed ... .old files need to be deleted from the
  \Program Files\Adobe\Adobe Dreamweaver
  CS3\configuration\Templates\Video_Player and the \Program
  Files\Adobe\Adobe Contribute
  CS3\Configuration\Templates\Video_Player folders or not? The
  article says nothing about this.
  The described update process for existing sites is absolutely
  unclear. Open the page in Dw, Preview In Browser, and Save? What
  change would that make? More importantly, is it enough to update
  the FLVPlayer_Progressive.swf and/or the FLVPlayer_Streaming.swf on
  existing sites or not?
  The updated files have a creation date of January 9, 2008
  while the article suggests that these files should have a creation
  date of January 15, 2008.
  The link is broken in the "Additional Information" section.
  That page seriously needs some supervision imho.

• Cross-frame scripting is not working in Safari 3.0.4. Minimal example code.

  Hello,
  I've found that cross-frame scripting is not working in Safari 3.0.4, as it worked
  ok on Safari 3.0.1, and in other browsers I tried: Firefox, Mozilla, IE.
  document.domain property is set to "ds2ps.net", correctly to the best of my knowledge
  in the frameset and in both frames. Both frames and frameset are loaded
  from subdomains of the same domain "ds2ps.net"
  Please have a look at this mimimal example:
  http://frameset.ds2ps.net/frames-test/frameset.html
  Press buttons to get alert with value of a variable defined in the frameset
  and in the first frame.
  This gives "undefined" in Safari 3.0.4, and give following message in Safari
  JavaScript console:
  Unsafe JavaScript attempt to access frame with URL http://frameset.ds2ps.net/frames-test/frameset.html from frame with URL http://frame2.ds2ps.net/frames-test/frame2.html. Domains, protocols and ports must match.
  Works ok in all other browsers and in earlier versions of Safari.
  Apperently, I'm doing something incorrectly.
  I would appreciate if Apple Safari developers have a look at this problem and suggest solution.
  My company is developing web application which depends on cross-frame scripting,
  and we would like to continue supporting Safari browser.
  Thank you,
  John

  Thank you, iBod,
  We've submitted this bug at http://bugs.webkit.org
  Bug 16444: Cross-frame scripting not working in Safari 3.0.4 despite proper document.domain set in all frames
  Thank you for your suggestion!

• Text File Cross Referencing

  Hi, i am fairly new to OO programming.
  I am having difficulty with creating a cross reference listing of a text file specified on the command line.
  An example of a program call is
  java -jar Xref.jar mytext.txt myxref(created file).txt
  The cross reference listing should ave the following output
  word in file (frequency word occurred) line numbers of occurences.
  If a word occurs multiple times on the same line, it increments the frequency, but the same word should not appear multiple times in the cross referenc listing.
  Words appear in lexicographic order (numbers at the time i believe). After this list is produced, the user needs to be able to query the cross reference listing to see if the words exist.
  eg. html anchor
  Line 33: lien output with word anchor and HTML in same line (if possible)
  Line x : ay line that contains any word from the query.
  The following classes are required.
  Xref class. --> the driver class. It holds the data structures that contain all the words, and methods to load words and output the coss reference listing
  TextLines: a container for lines of text that are read from the input file. Words are accessed by line number. Use a method called input() to read in the text.
  XrefList-> holds the cross reference list (input the text file, output the cross referenc listing to a file.
  Query--> Include a search and display method (using the XrefList object).
  I am having issues creating the cross format listing in teh format specified.
  I have modified a program from JAVA how to program, sixth ed to do what i want the program to do, except loading a text file.
  Here is the below code from the textbook (that i modified and made better)
  import java.util.StringTokenizer;
  import java.util.Map;
  import java.util.HashMap;
  import java.util.Set;
  import java.util.TreeSet;
  import java.util.Scanner;
  public class WordTypeCount
  private Map< String, Integer > map;
  private Scanner scanner;
  public WordTypeCount()
  map = new HashMap< String, Integer >(); // create HashMap
  scanner = new Scanner( System.in ); // create scanner
  createMap(); // create map based on user input
  displayMap(); // display map content
  } // end WordTypeCount constructor
  // create map from user input
  private void createMap()
  System.out.println( "Enter a string:" ); // prompt for user input
  String input = scanner.nextLine();
  // create StringTokenizer for input
  StringTokenizer tokenizer = new StringTokenizer( input, ",- (: ; . ! ? )"); // added actual StringTokenizer values
  // processing input text
  while ( tokenizer.hasMoreTokens() ) // while more input
  //the program is not case sensitive, therefore convert to one case.
  String word = tokenizer.nextToken().toLowerCase(); // get word
  // if the map contains the word
  if ( map.containsKey( word ) ) // is word in map
  int count = map.get( word ); // get current count
  map.put( word, count + 1 ); // increment count
  } // end if
  else
  map.put( word, 1 ); // add new word with a count of 1 to map
  } // end while
  } // end method createMap
  // display map content
  private void displayMap()
  Set< String > keys = map.keySet(); // get keys
  // sort keys
  TreeSet< String > sortedKeys = new TreeSet< String >( keys );
  System.out.println( "Cross Reference Listing" );
  // generate output for each key in map
  for ( String key : sortedKeys )
  System.out.printf( "%s (%s)\n", key, map.get( key ) );
  } // end method displayMap
  public static void main( String args[] )
  new WordTypeCount(); //call constructor
  } // end main
  } // end class WordTypeCount
  Could i please get some help first on converting that so that it can read text files, because this is a major part of what is required for this task.
  Thank you very much for any help in advance.

  I'm not going to give you a complete solution, but take a look at the java api documentation. See what you can find there. Look at the classes File, FileInputStream, Scanner, Map, HashMap. That should give you a start in the right direction.
  And maybe a good thing to do draw/write your design/algorithm before you start coding. I'm just a junior developer myself. And I only recently fully understood the importance of good design skills. Coding is not just writing up some code that does the trick. Good design not only usually produces better code, but usually also in shorter time.
  Good luck!

• DOM Based Cross-Site Scripting issue in RoboHelp 10

  We're using a WebHelp system originally deplyed using RoboHelp 9.0.2.271, and a recent security scan revealed the DOM based cross-site scripting issue.
  I recently upgraded to RoboHelp 10, migrated my help system to this version, and redeployed the system, but our security scan is still detecting the cross-scripting vulnerability in WebHelp. Wasn't this issue resolved in RoboHelp 10?
  Thanks

  Hi,
  I’m not a security expert, but this script reads the URL of the current topic and redirects to the current topic with a bookmark. This is needed for when the same topic is used in multiple locations in the TOC.
  I’ll ask around about this security issue.
  Greet,
  Willam

• Cross-site scripting vulnerability RoboHelp 10 version

  Has the cross-site scripting vulnerability been addressed in the RoboHelp 10 version

  To the best of my knowledge it was addressed in Rh9. Rh10 has an HTML5 output option that does not use frames.
  However, if security is a concern, then only a security expert can give you the assurance you require.
  Personally I have yet to hear of webhelp being used maliciously but that does not mean it hasn't happened.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Problem With Cross Referencing On Iphone

  I have 2 Christina Aguilera songs checked in my itunes account, but only one shows up on my phone under Christina Aguilera.  They are both on my phone, and if I look under the song titles, they show up, but if I look under artists, only one shows up.  Many other examples of the same.  P!nk songs do not show up under artist at all.  I even changed the name to Pink, and still nothing shows up under Pink.  This really is terrible.  The first time I noticed it I was looking for a song from Pink's greatest hits, and I actually said to myself, "Oh, I guess I never uploaded the CD to itunes."  So I stuck the CD in my computer and it said, "These songs already exist..."  I mentioned it to a genius one time (when I was there for a completely different issue and did not really want to spend that much more time there).  I said, "Oh, by the way, if you look under Artist on my phone, nothing shows up under Pink, or P!nk."  She said, "Well that is probably because you do not have any Pink songs on your phone."  I showed her the entire album and she was like, oh whatever.  At the time I thought, well maybe since the exclamation point is there and all, so I let it go.  But just now I was looking for a Christina song, and only one showed up.  But if I look under the song title, it is there.  The problem is that a lot of times I can't remember what a particular song TITLE is, but I know I want to hear a song from an ARTIST.  If these 2 are not cross-referenced properly, who knows how many others are like that. 
  Does anyone have any suggestions?

  I should have mentioned that I did delete the Exchange email address, and then recreated it.
  There was no change. I am still not able to send, receive, or delete emails from that account on the iPhone.
  I'm wondering if the Exchange email service provider has tried to limit access from mobile devices??
  I'll follow-up with another post tomorrow when I hear back from them. Any other ideas?

• Due to the presence of characters known to be used in Cross Site Scripting

  I am getting following error when I try to send single quote as part of URL. I tried javascript escape to encode the URL. But still getting same error. Does anybody know workaround for the issue. Thanks
  Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
  403: Access Forbidden
  Your client is not allowed to access the requested object

  FYI. We are using IIS Webserver and Weblogic Appserver.
  When the page is accessed through Weblogic , cross site script does not occur. It happens when the page is rendered via IIS.

• Cross-site Scripting Vulnerability OAS-10g/10.1.2.0.0 OHS

  Has anyone confronted the Cross-site scripting Vulnerability with 10g and OHS 10.1.2?
  We are about to put our first APEX box into production, but we need to fix this vulnerability first.
  I did some searching around but failed to come up with anything useful. It could be my searching sucked, too.
  Any thoughts / help / ideas would be greatly appreciated.
  Thanks.

  Hi,
  Do you get this error when you try to run forms configured using OAS 10g 10.2.0.2.
  We run a Web application using OAS 10g 10.2.0.2 and after leaving the application idle, more than half an hour, ora-12152 is displayed and the application is in a deadlock.
  Can you please suggest any solution for the same.
  Should the SQLNET.AUTHENTICATION_SERVICES= (NTS) be commented in sqlnet.ora file.
  Sridharrs

• Cross site scripting errors in RoboHelp 8.0

  We are using Robohelp 8.02, generating webhelp for a web application. Development just started to use Fortify to identify security vulnerabilities. The Fortify software found 17 Robohelp htm files with cross-site scripting security holes. We are NOT using RoboHelp Server 8.
  Before creating this posting, I searched the forums and found one post from Feb 2010 (Beware -serious - cross site scripting errors in Robohelp 8.0).
  From reading that posting, it appears that an Adobe engineer was involved----I'm not clear on the final outcome for this issue.
  Any additional information on the final resolve for this issue would be helpful.
  Thanks,
  Beware - serious breach - cross site scripting errors in RoboHelp 8.0

  The previous poster indicated that Tulika, who I can confirm is an Adobe engineer, stated "when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful." The poster also indicated their opinion was the other errors were minor.
  That seems clear enough so I wonder what value is anything that anyone here can add? The forum responses are from other users and I would have thought any further assurance beyond the above is something your management would want to come from Adobe.
  I have not seen anything on these forums indicating that any attack has been triggered.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Cross side scripting in Flex

  Hello,
  We are using flex 3.0 in our project with java1.5 and during our security testing (by a tool) we found that the Cross side scripting
  can be acheived in flex. We are able to inject java scripts inside parameter AMF.Message.0.null.flex.messaging.messages.CommandMessage.8.clientId , thanks to let us know how can we solve this
  issue and make our flex application out of this security issue.
  The following changes were applied to the original request:
  Injected '<script>alert(56180)</script>' into parameter 'AMF.Message.0.null.flex.messaging.messages.CommandMessage.8.clientId's value
  Set cookie 'JSESSIONID's value to '6A0BA588B3E2663A842C9A495CFC69F9'
  Set cookie 'MODCASID's value to 'XfUjTlYJ4atZwnmN2ziB88V1yYuvggHb9CKOIAFHy088F6ByRcAfLUfA8ZTAO0K89g7WHLhl9cgZHYN9wloSWunlhn mOKaWxBb0e1B6InG3tIKoUwXRhBUESdfGxGP3WIzGiPAmub0J8sTqgGH0LecYjTVJIGiVYaD13cENpMJngYk5n8UBG Y5dJpFfBYMO...(33 characters more)'
  Set cookie 'WT_ST_FPC=id's value to '243135f022bc4984bcc1346284111474:lv=1346284111474:ss=1346284111474'
  Set HTTP header to '6A0BA588B3E2663A842C9A495CFC69F9; MODCASID=XfUjTlYJ4atZwnmN2ziB88V1yYuvggHb9CKOIAFHy088F6ByRcAfLUfA8ZTAO0K89g7WHLhl9cgZHYN9 wloSWunlhnmOKaWxBb0e1B6InG3tIKoUwXRhBUESdfGxGP3WIzGiPAmub0J...(31 characters more)'
  New request and response
  POST /esample/messagebroker/amfsecure?a=1 HTTP/1.1
  Cookie: WT_ST_FPC=id=2cc27004653f1b51cbf1346285874746:lv=1346285874746:ss=1346285874746; MODCASID=MHAPkwaeif8fDqMKnnrjFad8J0rQYAVYUBiufXADkB4w0Zb1HAAF0LYAz3m7WD8cEWJ4E5An3FFDdoqV U58jYuOvh2W5HvIiGzDOAmtb7gLYUzcZbaFayFUX8qvHQB0068bVohDPBnHzFbR2LXpT9B0tdDYbCq30uDPuBc00pO 5Z92cJTaQFeigxOnj2D2PB5OqqrwHeHC5bq0glVBvUvMIYUiM5ipJAkPiQ0lblZlP809ln84NjSUHNP2McbFgC3Dsy 0RDmsc9AUuCBAiyBWJBLmzM08rDNNqm25a9BDsB3u81UheSJbZBCuHSmfyTCIykCnFErjFnJ5EqinmLyEjbVl3b04v ToKs9Xqf0kjr4ESYPIBkLpdWaCjUEAuD98EcfeLPYW8aZVBXx; JSESSIONID=8BEE6BEA5DD8D17D663DEFB2B3C56D0E
  Content-Length: 307
  Accept: */*
  Accept-Language: en-US
  Referer: https://XXX/YYY/html/swf/bin/abc.swf
  x-flash-version: 11,1,102,55
  Content-Type: application/x-amf
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; MS-RTC LM 8)
  Host: qa-my.st.com
  Connection: Keep-Alive
  Cache-Control: no-cache
  _   _ _null _/1  __
  ?_Mflex.messaging.messages.CommandMessage_operation_correlationId_timeToLive_destination_m essageId_headers                body_timestamp_clientId_____ ___I415752AC-037C-B994-6A8B-70D83D552A6C
  __%DSMessagingVersion__               DSId_I3C7FD548-C11C-23D5-4A69-5DD471350E15_
  ___ _;<script>alert(56180)</script>
  HTTP/1.1 200 OK
  Content-Length: 186
  Connection: Keep-Alive
  Date: Thu, 30 Aug 2012 05:48:06 GMT
  Server: Apache-Coyote/1.1
  X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
  Content-Type: application/x-amf
  _   _ _/1/onResult  ????_
  __DSK?__;<script>alert(56180)</script>
  #_            DSId%DSMessagingVersion_I3C7FD548-C11C-23D5-4A69-5DD471350E15_??      _Bs?a'?  _!IC ??_J!??.D?4??__!AWR?_|??j?p?=U*l
  Thanks,
  Amit

  Hi,
  Please refer to the article:
  http://blogs.msdn.com/b/how24/archive/2013/05/28/cross-site-scripting-sharepoint-apps-app-parts-and-office-365.aspx
  “Since the release of SharePoint 2013 adding OData support, expanding the RESTful services and empowering the CSOM (Client side object model). Also with the addition of the Content by search web part. There are times where you will need to
  execute cross site queries or queries across multiple domains. For that Microsoft has introduced the ‘Cross-domain library (SP.RequestExecutor.js)’.”
  Please also check the thread below:
  http://social.technet.microsoft.com/Forums/en-US/29e47d18-30f6-4f15-b054-4a03f7ba5156/microsoft-windows-mhtml-crosssite-scripting-and-sharepoint-2013?forum=sharepointgeneral 
  QUOTE: “SharePoint 2013 is different from its predecessor because its already have the XSS prevention method built-in. but it is not closed the probability that the threat is gone for good, so please to keep your SharePoint environment updated by the
  latest cumulative update.”
  Regards,
  Rebecca Tu
  TechNet Community Support

• HTLM Tag Injection - Cross Site Scripting

  Hello,
  I have a basic app with JSP pages and Servelts running on Tomcat. I been told my application in vulnerable to tag injection that could be used to cross site scripting & phishing attacks. What is the best way to prevent these kind of attacks? Is there something in java or do I need to add code? Does Tomcat have anything built in to prevent this?
  Thank you!

  If you don't display content from users then you're unlikely to have issues. If you do (even usernames) then you have to clean the input. That's non-trivial and there's no way to automate it for all cases so there's nothing built in to do it.

• Download to excel on grid generates url with Cross Site Scripting Attack

  When we try to download to exell on a grid (8.50.18). The webserver comes back with an automaticly generated url. This url now contains the characters "%0d%0a" (CR/LF
  Our firewall/ proyserver detects this string in the url as a Cross Site Scripting Attack (XSS) and fails to shows the excell.
  This happens in all our environments (so not dependend on the domain name).
  Does anyone know a solution for this problem?

  it seems a known bug, starting from 8.50.14 and solved with 8.50.19 (also in 8.51xx)
  Unfortunately we are on 8.50.18. Its now a bad timing to update our environment.
  It seems that psppr.dll is doing the job but replacing ours with the 8.50.19 one leaves our domains unstartable.
  I guess we have to ask our network techies to make a exception rule in our internal network/ firewall to allow it.......
  Detlev

• Webhelp vulnerable during XSS cross site scripting audit. Reason - document.location.href

  Online help created by team is going through a security vulnerability check now. It has been found that after integration of webhelp with the application,document.location.href  is a vulnerable point as per XSS cross site scripting. Please your thoughts and any methods you have that can contain this situation. Its urgent, please help.

  This thread is now locked. See the duplicate post.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge