I am working on a hrms project in which I have to make the program for time sheet.
I need to take starting date and ending date from the user and depending on the difference of the two dates i have to generate textboxes fro entering time dynamically.that too in the specified place.
can anybody help me out.
I have done something very similar to that. Basically, I create a HTML table and create as many columns as needed and create a TextBox in each of those columns like this:
myColumn.InnerHtml = "<table>";
int length = THE NUMBER OF TEXTBOXES YOU WANT TO ADD BASED ON THE DATES;
int i = 1;
while (i <= length)
{
myColumn.InnerHtml += "<tr>";
myColumn.InnerHtml += "<td><input id='whatever" + i.ToString() + "' type='text' runat='server'></td>";
unavailableColumn.InnerHtml += "</tr>";
i++;
}
unavailableColumn.InnerHtml += "</table>";
myColumn is declared in the aspx like this:
<table>
<tr>
<td id="myColumn" runat="server" visible="false" style="width: 35%; vertical-align: top">
</td>
</tr>
</table>
This code should be added when you have entered the two dates, in order to create the textboxes dynamically. Hope this helps!
You need to either:
a) Take a postback with entered values, and generate new textboxes in CreateChildControls, depending on the values
or
b) Add them with JavaScript and take their values from Request manually.
Related
I'm getting a string from a list of items, The string is currently displayed as "item.ItemDescription" (the 9th row below)
I want to strip out all html from this string. And set a character limit of 250 after the html is stripped.
Is there a simple way of doing this?
I saw there was a posts saying to install HTML Agility Pack but I was looking for something simpler.
EDIT:
It does not always contain html, If the client wanted to add a Bold or italic tag to an items name in the description it would show up as <"strong">Item Name<"/strong"> for instance, I want to strip out all html no matter what is entered.
<tbody>
#foreach (var itemin Model.itemList)
{
<tr id="#("__filterItem_" + item.EntityId + "_" + item.EntityTypeId)">
<td>
#Html.ActionLink(item.ItemName, "Details", "Item", new { id = item.EntityId }, null)
</td>
<td>
item.ItemDescription
</td>
<td>
#if (Model.IsOwner)
{
<a class="btnDelete" title="Delete" itemid="#(item.EntityId)" entitytype="#item.EntityTypeId" filterid="#Model.Id">Delete</a>
}
</td>
</tr>
}
</tbody>
Your best option IMO is to night get into a parsing nightmare with all the possible values, why not simply inject a class=someCssClassName into the <td> as an attribute. Then control the length, color whatever with CSS.
An even better idea is to assign a class to the containing <tr class=trClass> and then have the CSS apply lengths to child <td> elements.
You could do something like this to remove all tags (opening, closing, and self-closing) from the string, but it may have the unintended consequence of removing things the user entered that weren't meant to be html tags:
text = Regex.Replace(text, "<\/?[^>]*\/?>", String.Empty);
Instead, I would recommend something like this and letting the user know html isn't supported:
text = text.Replace("<", "<");
text = text.Replace(">", ">");
Just remember to check for your 250 character limit before the conversion:
text = text.Substring(0, 250);
This Regex will select any html tags (including the ones with double quotes such as <"strong">:
<[^>]*>
Look here: http://regexr.com/3cge4
Using C# regular expressions to remove HTML tags
From there, you can simply check the string size and display appropriately.
var itemDescriptionStripped = Regex.Replace(item.ItemDescription, #"<[^>]*>", String.Empty);
if (itemDescriptionStripped.Length >= 250)
itemDescriptionStripped.Substring(0,249);
else
itemDescriptionStripped;
I have a HTML page retrieved using the GetResponseStream() in C#. I need an exact value (int) that comes from that page, which is different every time I run the program. Nevertheless, the structure of the HTML code is the same, in particular:
(...)
<td colspan="2" class="txtnormal"><div align="right"> TAX:</div></td>
<td class="txtnormal"><div align="right"><strong>0.00</strong></div></td>
<td colspan="2"> </td>
(...)
and
(...)
<td colspan="2"><div align="right" class="txtnormal">Total:</div></td>
<td class="txtnormal"><div align="right"><strong>10.00</strong></div></td>
<td colspan="2"> </td>
(...)
Notice that the code is repeated in the same page (i.e: <td class="txtnormal"><div align="right"><strong>VALUE</strong></div></td>), but the title of the values (TAX and Total) are the only different thing (the actual value could be the same).
I would like to store in a variable the Total value, this is: 10.0 in this case.
I tried this:
int first = responseFromServer.IndexOf("<td class= \"txtnormal\"><div align=\"right\"><strong>") + "<td class=\"txtnormal\"><div align=\"right\"><strong>".Length;
int last = responseFromServer.LastIndexOf("</strong></div></td>");
string value = responseFromServer.Substring(first, last - first);
But i get bad results, the value stored in value of ALL the HTML page until the value (is for the difference I´m doing).
Do you know how could I get the exact value, this is: the sub-string between the text I pasted?
Thank you very much.
To scrape from a page, you have a couple of options. The "best" is to use the DOM to find the node(s) in question and pull it's value. If you can't use the DOM for some reason, you can move to regex and pull the value that way.
Your method is "okay" in many instances, as long as you can be sure the site owner will never set up another instance of "</strong></div></td>" anywhere downstream. This is a risky assumption.
What value are you getting for the int string? that will tell you whether or not your particular pattern is working correctly. And I would consider the HTML DOM still, as it is a more accurate way to traverse the nodes.
I think Regex is your friend here:
using System;
using System.Text.RegularExpressions;
namespace SimpleApp
{
class Program
{
static void Main(string[] args)
{
Regex theRegex = new Regex(#">Total:<.+?<strong>(.+?)</strong>");
string str = #"<td colspan=""2""><div align=""right"" class=""txtnormal"">Total:</div></td>" +
#"<td class=""txtnormal""><div align=""right""><strong>10.00</strong></div></td>" +
#"<td colspan=""2""> </td>";
if (theRegex.Match(str).Success)
{
Console.WriteLine("Found Total of " + theRegex.Match(str).Result("$1"));
}
else
{
Console.WriteLine("Not found");
}
Console.ReadLine();
}
}
}
Obviously your HTML page might have other things that could trip this simple regular expression up but you get the idea.
I need help. I'm trying to make a .Net, c# application for online creating surveys. I have a few types of questions, and than I dynamicly put labels, combos, textboxes ... on the form. Up to this point, I somehow managed to get. Than, on click on add button, I write down the responses in html format using stringBuffer and append function. Example.
public string RetOptionalQuestion(string seq_numm, string question, string answersOpt)
{
StringBuilder _output = new StringBuilder();
_output.Append(# " <tble><t"r"><th>" + seq_numm + "." + question + "</th></tr>");
_output.Append(#"<tr><td><table>");
string[] words = answersOpt.Split(';');
int m = 0;
foreach (string word in words)
{
if (word != "")
{
_output.Append(#" <tr><td> <label> " + word + "</label> </td> <td>
<input id='optional" + question + Convert.ToString(m) +
"'type='radio' name='rbOpt" + question + "' </td> ");
m++;
}
}
_output.Append("</table></td></tr></table>");
return _output.ToString();
}
Now, I hawe to validate this questions(at least one radio checked...). They have the same name,this mean the same group, so only on e can be selected.
Than I have also to save the values(responses) of this questions to the database.
Problem is that I don't know how to operate with this html objects. Also how to set tehm the ID-s. I'm trying with javaScript , but with no success. Do you have any advice, hint, example, solution ... where to start...
I would be very pleased
Thanks, Martin
Any input controls posted to the form can be found in the Request.Form dictionary, the key is the 'Name' attribute of the input tag. (I think)
http://msdn.microsoft.com/en-us/library/ms525985(v=vs.90).aspx
Hello i have a problem with my application.
I need to pick out a specific text between two nodes.
The html page looks like this
<td align="right" width="186">Text1</td>
<td align="center" width="51">? - ?</td>
<td width="186">Text2</td>`
I can pick out Text1 and Text2 with:
HtmlNodeCollection cols = doc.DocumentNode.SelectNodes("//td[#width='186']");<br />
foreach (HtmlNode col in cols)<br />
{
if (col.InnerText == "Text1")
{
Label1.Text = col.InnerText;
}
}
The reason why i have the if-condition is because there are more td's in the page. And i need to specifically pick out the one who got "Text1" in it.
But the problem is how i can parse out the text "? - ?" There are more text in the document also having the text "? - ?" but i need to pick out specifically the one between my two other nodes..
The result should be Text1 ? - ? Text2 etc..
I guess it has something to do with nextchild or sibling etcetera?
You can check col.NextSibling.InnerText.
I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
EDIT. Here is an example of the stringbuilder. when the page gets loaded the xss vulnerability occurs right after the javascript is generated.
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate(\"product_productpage_rec{0}\",", i+1);
sb.Append("\"entity.id=" + _prodID + "\",");
sb.Append("\"entity.categoryId=" + _categoryID + "\",");
sb.Append("\"entity.name=" + _prod.ActiveProductItemCollection[i].Title + "\",");
sb.Append("\"entity.pageURL=" + Request.Url.ToString() + "\",");
//The following value has been taken from the productImageControl code behind.
//Might have to refactor in future as a property of the image control.
string filename = AppSettingsManager.Current.ProductImagePathLarge + _prod.ActiveProductItemCollection[i].Sku
+ AppSettingsManager.Current.ProductImageExtension;
sb.Append("\"entity.thumbnailURL=" + filename + "\",");
sb.Append("\"entity.inventory=" + _prod.ActiveProductItemCollection.Count + "\",");
sb.Append("\"entity.value=" + _prod.ActiveProductItemCollection[i].ActualPrice + "\",");
sb.Append("\"entity.ProductItemID=" + _prod.ActiveProductItemCollection[i].Sku + "\",");
sb.Append("\"entity.addToCartImg=~/Images/Buttons/btn_AddToCartFlat.gif\");<");
//The last line has to be /script. < inserted on prev line. do not change it or bad things will happen.
sb.Append("/script>");
}
this.LiteralMBoxScript.Text = sb.ToString();
You need to properly encode any user-generated data that you're putting into the Javascript.
In ASP.Net 4.0, you can call HttpUtility.JavaScriptStringEncode.
In earlier versions, you can use the Web Protection Library.
To prevent XSS you could HTML encode the value.
Alternately, you could write your javascript to read the user supplied data off of the page. This will result in less javascript code, and a faster page load.
If you are using JQuery for example, you can use the $.Parent() and $.Children() selectors to traverse the DOM to the appropriate form controls to reference information about that particular record in the loop.
Here is a relatively simple sample
function doSomething(context) {
var IDInput = $(context).parent('td').parent('tr').children('td.id').children('.hidden');
//Do something with the value
IDInput.val();
}
This would work with the following html example:
<table>
<tr>
<td><input type="button" onclick="doSomething(this)" value="Do Something"/></td>
<td class="id">Hidden ID Value <input type="hidden" value="1"/></td>
</tr>
<tr>
<td><input type="button" onclick="doSomething(this)" value="Do Something"/></td>
<td class="id">Hidden ID Value <input class="hidden" type="hidden" value="2"/></td>
</tr>
</table>
The advantage of doing it this way is that you no longer have to write javascript functions that take the ID as a parameter, meaning you don't need to dynamically generate the functions on the button, and can load them in the header in a separate JS file.
Well, if it is just your own script being written to the literal, you are no more open to attacks than if you simply included a js file on your site. If on the otherhand your script is interspersed with user supplied data of any kind, then you need to sanitize that data before you write it to the page.
If you are using .NET 4.0, you could output the value using the <%: theText %> syntax.