How to prevent Cross Site Scripting when input using “Full HTML” mode of ckeditor in Drupal?

I am using Drupal version 8.3.7 and ckeditor 4.11.3. I create a basic page contains some scripts as following: Page creation

In the detail page, I can see that the script in onmouseover="alert('222222')" is executed when I move my mouse over the “click” text.

Page detail

Hacker can easily add a malicious script by this way. How can we avoid this ?

Issue is not only for “Full HTML” mode, but also other modes if we configure a proxy between browser and server to change the encoded value to the raw value.

For example, if we select the “Unfiltered HTML” mode and we input <a href="#" onmouseover="alert('111111')">click</a> to the body field. When we save the page, the body value will be sent with a POST request that it is HTML encoded: &lt;a href=&quot;#&quot; onmouseover=&quot;alert(&#39;111111&#39;)&quot;&gt;click&lt;/a&gt;. But in the proxy above, we configure to change the encoded value to the raw value. Then the raw value <a href="#" onmouseover="alert('111111')">click</a> is saved into DB which will cause the same issue with “Full HTML” mode.

A solution that we can encode the output in theme preprocessing hook. But it seems require us to add a lot of codes because our system may have many entity types and fields.

Cross platform OpenSSL aes encryption

I encrypted a file by using the following command from a stackoverflow answer:

openssl enc -in file_name -aes-256-cbc -pass stdin -out file_name.aes; 

I can decrypt this file by running:

openssl enc -in file_name.aes -d -aes-256-cbc -pass stdin -out file_name 

However, the decryption command only works in the machine where I encrypted the file (CentOS). If I copy the encrypted file file_name.aes over to my other machine (running on Fedora) and I try to decrypt it, I get an error message:

140667230762896:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592: 

Which suggests I am typing the wrong password. Is OpenSSL aes encryption system depedent? Why can I only decrypt the file in CentOS but not in Fedora?

Cross US-Canada border at Glacier NP

I am a French citizen with a B2 visa and I plan to stay for ~6 months in the US.

As I’ll be hiking the Continental Divide Trail, I’d like to leave North America from Calgary Airport. I know that US and Canadian citizens have a simplified procedure to cross the border at Glacier National Park:

There is a US ranger station and customs post at Goat Haunt for south bound people into the US. It is a Class B Port of Call, which just means it is for US and Canadian citizens and permanent residents only. Northbound there is an RCMP post in Waterton townsite. Because of the twin park structure you do not seem to need to check in with the Mounties, as people take the boat down to Goat Haunt and walk back all the time. So, as a short answer I think you are ok just walking across.


Or this Reddit topic.

But I can’t find reliable sources for a non-US/Canadian citizen.

I’d prefer to cross the border at Glacier NP, because if I have enough time I’d like to continue hiking in Canada, taking the Great Divide Trail to get closer to Banff and Calgary.

I think I’d stay between up to 2 or 3 weeks in Canada, maybe less if I’m late on my hiking schedule.

Cross Product of transformed vectors

$ (MS) \mathtt x (MT) =Det(M)(M^{-1})^{t}(S \mathtt x T)$ Where M is an invertible matrix and S and T vectors.

So I’m trying to proof this formula. I found this one but I can’t really understand the expasion done here Levi Civita Expansion also in this exercise in the book Maths for 3d Game Programming other proof is suggested Problem Description Thanks Everyone for the help

Cross Product of transformed vectors

So I’m doing this exercise from Mathematics for 3D Game programming and I can’t find, here it is a photo so I don’t have to explain everything. Also I have found this answer in the forum: However I can’t really understand the way this equation is expanded Levi-Civita Expansion Thanks for the help Problem Description

I want a media index to create automatic cross references

In a very limited environment – no programming or workflows, nothing other than SP2013 OOB – I have a media index to PDF documents stored in folders. What is the best way to automate as much as possible cross-referencing related articles, please?

Ideally, they would be stored in a document set but for now, I have to use folders.

Multiple articles can be related.

My ‘related to’ field is a choice set up; I am using a multiple line text field with hyperlinks to the other articles. This is the part I would love to automate. Grateful for advice on this.

How to make cross site collection call using CSOM for on premise provider hosted app

I have requirement that Provider hosted app is in in http://localhost:1234/site1 for example

and I need to get the list items from the list in http://localhost:1234/site2

Uri hostWeb = new Uri(Request.QueryString["SPHostUrl"]);  using (var clientContext =  TokenHelper.GetS2SClientContextWithWindowsIdentity(hostWeb, Request.LogonUserIdentity)) {     List list =                     clientContext.Web.Lists.GetByTitle("ListofSiteCollection2");     Microsoft.SharePoint.Client.ListItem item = list.GetItemById(1);     clientContext.Load(item);     clientContext.ExecuteQuery(); } 

Thanks in Advance

Cross Comparing values between two columns for voting purposes

The current content of our google sheet, is formatted as such:


and we need our content formatted as such:

- _________| PERSON 1 | PERSON 2 | PERSON 3 | - PERSON 1 |   X      |   YES    |    YES   | - PERSON 2 |   YES    |   X      |    YES   | - PERSON 3 |   NO     |   NO     |    X     | 

Is there a simple way to do this using Google Sheets?

Information and Cyber Security ~ SQL Injection attacks and Cross -Site Scripting attacks [on hold]

I have an assignment which states:

Develop a new policy based Proxy Agent, which classifies the request as a scripted request or query based request, and then, detects the respective type of attack, if any in the request. It should detect both SQL injection attack as well as the Cross-Site Scripting attacks.

From where do I start to develop a new policy based Proxy Agent?

I am new to Information & Cyber security, as this is my miniproject I have to complete it within a stipulated amount of time. Please help me.