PourSalimi.com

RSS Synchronizer Beta Release: (June 1st, 2004)

Technical Issues

August 22, 2004

Important Security Issue (2) ,By Reza
Install URLScan on Your Web Server URLScan is an ISAPI filter that is installed when you run the IISLockdown tool. This helps mitigate the threat of XSS attacks by rejecting potentially malicious input. For more information about IISLockdown and URLScan, see Chapter 16, "Securing Your Web Server."
Note IIS 6.0 on Windows Server 2003 has functionality equivalent to URLScan built in.

Important Security Issue (Encoding) ,By Reza
Encode Output: If you write text output to a Web page and you do not know with absolute certainty that the text does not contain HTML special characters (such as < , > , and &), then make sure to pre-process it using the HttpUtility.HtmlEncode method. Do this even if the text came from user input, a database, or a local file. Similarly, use HttpUtility.UrlEncode to encode URL strings.
The HtmlEncode method replaces characters that have special meaning in HTML to HTML variables that represent those characters. For example, < is replaced with &lt and " is replaced with &quot. Encoded data does not cause the browser to execute code. Instead, the data is rendered as harmless HTML.
```
Response.Write(
	HttpUtility.HtmlEncode(Request.Form["name"])
	);
```

August 16, 2004

Validating Unicode Characters ,By Reza
There is an special regular expression patters for supporing and validating unicodes. The following explains the regular expression shown in the following example code:
- {} specifies a named Unicode character class.
- \p{} matches any character in the named character class specified by {}.
- {L} performs a left-to-right match.
- {Lu} performs a match of uppercase.
- {Ll} performs a match of lowercase.
- {Zs} matches separator and space.
- {1,40} means no less that 1 and no more than 40 characters.
- {Mn} matches mark and non-spacing characters.
- {Zs} matches separator and space.
- * specifies zero or more matches.
- $ means stop looking at this position.
Use the following code to validate Unicode characters in a page:
```
using System.Text.RegularExpressions;
. . .
private void Page_Load(object sender, System.EventArgs e)
{
  // Name must contain between 1 and 40 alphanumeric 
  // characters together with (optionally) special 
  // characters '`Â´ for names such as D'Angelo
  if (!Regex.IsMatch(Request.Form["name"], 
             @"^[\p{L}\p{Zs}\p{Lu}\p{Ll}]{1,40}$"))
      {
      throw new ArgumentException(
           "Invalid name parameter");
      }
  // Use individual regular expressions to validate 
  //other parameters
  . . .
}
```

August 14, 2004

Common Regular Expressions ,By Reza
Visual Studio .NET provides a set of useful regular expressions. To access them, add a RegularExpresssionValidator control to a Web form and click the ellipsis button in the control's Expression property field. The following table shows several additional useful expressions for commonly used Web page fields.
Useful Regular Expression Fields:

Field	Expression	Format Samples	Description
Name	[a-zA-Z'`-Â´\s]{1,40}	John Doe O'Dell	Validates a name. Allows up to 40 uppercase and lowercase characters and a few special characters that are common to some names. This list can be tailored.
Phone Numbers	^\D?(\d{3})\D?\D?(\d{3}) \D?(\d{4})$	(425)-555-0123 425-555-0123 425 555 0123	Validates a U.S. phone number.
E-mail	\w+([-+.]\w+)@\w+ ([-.]\w+)\.\w+([-.]\w+)*	someone@ example.com	Validates an e-mail address.
URL	^(http\|https\|ftp)\://[a-zA-Z 0-9\-\.]+\.[a-zA-Z]{2,3} (:[a-zA-Z0-9])?/?([a-zA-Z 0-9\-\._\?\,\'/\\\+&%\$# \=~])$		Validates a URL.
Zip Code	^(\d{5}-\d{4}\|\d{5}\|\d{9}) $\|^([a-zA-Z]\d[a-zA-Z] \d[a-zA-Z]\d)$		Validates a U.S. ZIP code allowing 5 or 9 digits.
Postal Code	^[a-zA-Z]{1}\d{1}[a-zA-Z]{1}-\d{1}[a-zA-Z]{1}\d{1}$ \|^[a-zA-Z]{1}\d{1}[a-zA-Z]{1}\d{1}[a-zA-Z]{1}\d{1}$ \|^[a-zA-Z]{1}\d{1}[a-zA-Z]{1} \d{1}[a-zA-Z]{1}\d{1}$		Validates a Canadian postal code allowing a format like: A1B 2C3 or A1B-2C3 or A1B2C3
Password	^(?=.\d)(?=.[a-z])(?=.* [A-Z]).{8,10}$		Validates a strong password. Must be between 8 and 10 characters. Must contain a combination of uppercase, lowercase, and numeric digits, with no special characters.
Non- negative integers	\d+	0 986	Validates for integers greater than zero.
Currency (non- negative)	"\d+(\.\d\d)?"		Validates for a positive currency amount. Requires two digits after the decimal point.
Currency (positive or negative)	"(-)?\d+(\.\d\d)?"		Validates for a positive or negative currency amount. Requires two digits after the decimal point.

Weblog

March 10, 2005

Common Errors in English ,By Reza
I have found a website related to the Washington State University which is really useful for a Native English speaker as long as a English Second Language. It has been called Common Errors in English.

Don't miss this and spend at least some minutes to check out Non-Errors, which looks so harmless to know.
Enjoy your visit.

June 29, 2004

Anti Orkut-ism ,By Reza
I was serving the web today, suddenly with a message from a friend of mine, I woke up. It looks funny, but some how seriuos when you read more. Here is the story:

Everyone is shouting to stop orkut which they think it is going to ruin thier privacy.
They believe that this service will sell their information to third parties or even to the "friends of firends". I don't know what the hell that means. Simply, they can stop contributing in this community center or stop sharing information by changing their subscription type. In my point of view, if they are so worried about thier information, they can keep it in thier shelves and never turn their computers on.
Here in North America, talking about personal information privacy such as name, address, email and even phone number is a ridiculous story that no one could stop it yet. Most of us, will recieve at least one tele-marketer's call every week which they have all your information and they just need your verbal confirmation.

AnyWay, In some how, I think they should do this to stop orkut for selling information easily and as orkut's privacy policy says: everything is on subscriber's shoulder to control their shared info.
In the meanwhile, Here is one of the most fun websites that I have ever seen to defeat another website.

May 12, 2004

New RSS Sync has been released ,By Reza Poursalimi
New version of RSS Synchronizer has been released (Version 2.1.36). This software can fetch xml files (RSS: RDF Site Summary) from various online websites and create one solid html to view. It can filter and sort the synced data on the publication date.
It can save unlimited new links and can be installed and uninstalled safely. It provides some environment for you to just review the willing material on each site instead of serving several websites individually to just find any update. In this version you can save the fetched data for ever. (actually it may cause the performance problem when it grows up) In the next version, we will have cleanup and more advanced settings for some special RDF Site Summaries (RSS).

Here is some usefull links:
What the RSS is?
RDF Site Summary 1.0 (Modules: Dublin Core)
RSS Directory

	Other said
2004-02-26 Quality Tips for Webmasters ,By Ali Bolourian I found a good link from w3c that contains valuable tips and tricks for webmasters. So...


Weblogs Technical blog (Myself!) Personal blog (Myself!)
Friends Ali Bolourian
Cool .Net Links Toronto .Net Group The Code Project Got Dot Net .Net Journal 2 (April 2004) .Net Web Matrix (reloaded!) C# .Net Home ASP.Net Home
Cool Java Links On Java Source Forge

New Releases:
RSS Synchronizer 2.1 This Application helps you to save the RSS links and download the selected list of those Rich Site Summaries in just a second and have them all at the same time. Note: Version 2.1.37 is available. Download Now ...

Thumbnail Maker 1.8 beta Are you still worried about creating small images (Thumbnails) for your online gallery? This software helps you to create fixed or dynamic resized images from a bunch of images in a second for using as a thumbnail on the web page. Download the beta version (1.8) of this release by clicking on the folowing link. Download Now ...

RSS Synchronizer Beta Release: (June 1st, 2004)

New Releases: