JQuery function inside Script Tag. How to execute XSS in such a scenario?

The value of currentPage: can be controlled by the user. All characters (like: " ' ( ) / ; : except < & > are injected without being sanitized.

Is there any possible way to execute XSS in such a scenario?

<script type="text/javascript"> $  (function() {             $  ("#blog-pagi").pagination({                 items: 9,                 itemsOnPage: 6,                 currentPage: inject payload here                 edges: 0,                 displayedPages: 10,                 hrefTextPrefix:"?page=",                 prevText: "<i class=\"fa fa-chevron-left\" ></i>",                 nextText: "<i class=\"fa fa-chevron-right\" ></i>",                 onPageClick: function(pageNumber,event){                     window.history.replaceState(null, null, "?page="+pageNumber);                 },             });             });             </script> 

In page Payment script security needs

Currently, I’m working in a Fintech StartUp. We have already implemented our payment solution with redirect in a checkout page hosted in our domain (like https://stripe.com/docs/payments/checkout).

Now, we are going to implement a solution that allow payments directly in the merchants page, but in order to maintain PCI complaint also in the merchants page we need to provide a script, that the merchant can insert in their website, where the sensitive data is collected and forwarded to our APIs (like https://stripe.com/docs/payments/accept-a-payment).

I have to write a JavaScript script that enables “in page” merchant payments, but I don’t find in any places a list of the security needs.

Checking several PSP that provide the same functionality I find some of security needs:

  1. The script and the form that collect sensitive data must be hosted in the PSP domain and inserted in the merchant webpage with an iFrame.
  2. The ids of inputs on the form that collect Credit card data must be randomly generated.
  3. The merchants website must load the script directly from our domain in order to remain PCI complaint (There is any way to check this point?).
  4. Javascript file must be minified and uglified.

My questions: are there any document that explains all the recommended security needs of this typology of script? Otherwise, is my security list enough? Are there some errors in my list?

eSports Gaming Plugins / Script

my question is regarding for Gaming / eSports, There are some gaming website where if you register there and out your PSN / XBox / Steam Id its sync with your gaming account and show all gaming details. and my questions is this feature available in WordPress if yes then share with Plugins and if not then which script this kind of feature allow

How to manage game-object script component and values in new updated model in unity

I have a large object that contains so many gameobject (the fbx) and it attached several mono behaviour script with different values assigned publicly in inspector. Now the problem is each time we update the model in project (FBX in project) we have to drag and drop the model/FBX again. It means that we have to attach all the scripts again with the relevant values/Data. I am currently looking for right way to do this job. Currently I place both new and old fbx in the scene and then one by one i copy paste the old object’s script component into new object. Then i delete the old one object/model/fbx.

Note: I have bring the fbx again in hirarachy because sometime the object not properly update in the scene.

How to use GameManager to get GameOver() from another script?

I’m trying to make a gameover-text show when the player is leaving the plane-area. In GameManager.cs I’ve written:

    public void GameOver()     {         gameOverText.gameObject.SetActive(true);     } 

And in PlayerController.cs I’ve used the following code:

    private GameManager gameManager; 

and:

    void Update()     {         float horizontalInput = Input.GetAxis("Horizontal");         float verticalInput = Input.GetAxis("Vertical");          playerRb.AddForce(Vector3.right * speed * horizontalInput);         playerRb.AddForce(Vector3.forward * speed * verticalInput);          if (transform.position.y < -4)         {             gameManager.GameOver();         }     } 

But this doesn’t really work, and the console is giving me this message:

Assets/Scripts/PlayerController.cs(8,25): warning CS0649: Field ‘PlayerController.gameManager’ is never assigned to, and will always have its default value null

I’ve already used the OnTriggerEnter (for powerups) and OnCollisionEnter (for enemies). How can I get the GameOver-text to show when the player leaves the “Plane”?

Powershell script to get workflow tasks for each list item

I have a lot of number of webs (sub-sites) within a site collection that have lists that have list items with Approval workflows running on them.

How would I get all tasks for each list item in powershell? I see that the “tasks” list has the ‘Related Content’ column which has the title of the list item. How to I do a union between the two lists (the task list and the item list) in powershell?

Thanks for your help!

Powershell script to get workflow tasks for each list item

I have a lot of number of webs (sub-sites) within a site collection that have lists that have list items with Approval workflows running on them.

How would I get all tasks for each list item in powershell? I see that the “tasks” list has the ‘Related Content’ column which has the title of the list item. How to I do a union between the two lists (the task list and the item list) in powershell?

Thanks for your help!

Unity List script field with +/- buttons in editor

I am using Unity 2018.4.11f1 LTS. I have a script with a public List<GameObject> field.

In the property inspector, Unity provides a UI to this field where you specify the size of the list and then assign elements:

public List<GameObject> receivers; 

enter image description here

My question is: Is there a way (perhaps a different field type) to have Unity provide an editor UI that consists of a +/- button where you can add and remove elements, rather than a list-size-based UI?

Something more along the lines of e.g. what it gives you for UnityEvents:

enter image description here

How can i write script for search two different List columns of search boxes related data show on grid view in SPFX?

Am able to search the PR_Number column data, the same i want to search for Description as input in another search box and show the gridview in SPFx.

import * as React from 'react'; import * as ReactDom from 'react-dom'; import { Version } from '@microsoft/sp-core-library'; import {   BaseClientSideWebPart,   IPropertyPaneConfiguration,   PropertyPaneTextField } from '@microsoft/sp-webpart-base'; //import styles from './PrFilter.module.scss'; import { escape } from '@microsoft/sp-lodash-subset';  import * as strings from 'PrFilterWebPartStrings'; import PrFilter from './components/PrFilter'; import { IPrFilterProps } from './components/IPrFilterProps'; import { SPHttpClient, SPHttpClientResponse } from '@microsoft/sp-http';  export interface IPrFilterWebPartProps {   description: string; } export interface ISPLists {   value: ISPList[]; } export interface ISPList {   PR_Number: string;   Description: string;   Request_Date: string; }      export default class PrFilterWebPart extends BaseClientSideWebPart<IPrFilterWebPartProps> {    private _getListData(): Promise<ISPLists> {       let queryString: string = '';     let queryStringforPR: string = '';     let searchboxVal: string=(this.domElement.querySelector('#searchbox') as  HTMLInputElement).value;     if(searchboxVal!=""){       // alert("searchboxVal" + searchboxVal);             queryString="$  filter=substringof('"+searchboxVal+"',PR_Number)";       queryStringforPR= searchboxVal;       console.log("qurery string value is " + queryString);       console.log("queryStringforPR value is " + queryStringforPR);     }     return this.context.spHttpClient.get(this.context.pageContext.web.absoluteUrl + `/_api/web/lists/GetByTitle('PurchaseRequest')/Items?$  filter=PR_Number eq $  {queryStringforPR}`, SPHttpClient.configurations.v1)         .then((response: SPHttpClientResponse) => {             return response.json();         });   }   private _renderListAsync(): void    {       this._getListData()     .then((response) => {       this._renderList(response.value);     });   }    private _renderList(items: ISPList[]): void    {     //debugger;     let html: string = '<table class="TFtable" border=1 width=100% style="border-collapse: collapse;">';     html += `<th>PR_Number</th><th>Description</th><th>Request_Date</th>`;     items.forEach((item: ISPList) => {       html += `           <tr>           <td>$  {item.PR_Number}</td>           <td>$  {item.Description}</td>           <td>$  {item.Request_Date}</td>           </tr>           `;     });     html += `</table>`;     const listContainer: Element = this.domElement.querySelector('#spListContainer');     listContainer.innerHTML = html;   }   private _setSearchBtnEventHandlers(): void    {     //debugger;     this.domElement.querySelector('#searchBtn').addEventListener('click', () => {         this._renderListAsync();     });   }     public render(): void {      this.domElement.innerHTML = `     <div>     <div>        <div class="ms-Grid-row ms-fontColor-white">         <div class="ms-Grid-col ms-u-lg10 ms-u-xl8 ms-u-xlPush2 ms-u-lgPush1">                  <p class="ms-font-l ms-fontColor-white" style="text-align: center">P2P Tool</p>         </div>       </div>       <div class="ms-Grid-row ms-fontColor-white ">          <input id="searchbox" type="textbox"/><input id="searchBtn" type="button" value="Search"/>         <input id="searchboxDescription" type="textbox"/><input id="searchBtnDescription" type="button" value="Search"/>              <br>         <div id="spListContainer" />       </div>     </div>   </div>`;     this._renderListAsync();     this._setSearchBtnEventHandlers();   }    protected get dataVersion(): Version {     return Version.parse('1.0');   }    protected getPropertyPaneConfiguration(): IPropertyPaneConfiguration {     return {       pages: [         {           header: {             description: strings.PropertyPaneDescription           },           groups: [             {               groupName: strings.BasicGroupName,               groupFields: [                 PropertyPaneTextField('description', {                   label: strings.DescriptionFieldLabel                 })               ]             }           ]         }       ]     };   } }  

enter image description here

ECMA script for checking active workflows for an list item

Hi i am having more than 1 workflow associated with the list if there is any workflow that is active for an item then i need to prevent starting another workflow for the same item. I am using the following code to achieve the same. Can anyone please provide me the ECMA client script object model equivalent for achieving the same.

//Check for any active workflows for the document     private void CheckForActiveWorkflows()     {         // Parameters 'List' and 'ID' will be null for site workflows.         if (!String.IsNullOrEmpty(Request.Params["List"]) && !String.IsNullOrEmpty(Request.Params["ID"]))         {             this.workflowList = this.Web.Lists[new Guid(Request.Params["List"])];             this.workflowListItem = this.workflowList.GetItemById(Convert.ToInt32(Request.Params["ID"]));          }         SPWorkflowManager manager = this.Site.WorkflowManager;         SPWorkflowCollection workflowCollection = manager.GetItemActiveWorkflows(this.workflowListItem);         if (workflowCollection.Count > 0)             SPUtility.TransferToErrorPage("An workflow is already running for the document. Kindly complete it before starting a new workflow");     }