ScarTech » ASP.NET

Auto Format Code in Visual Studio 2008

Tim — Wed, 28 Jan 2009 00:53:19 +0000

My new favorite macro in Visual Studio 2008 is control-D then control-K. Hit that key sequence and voila: all code on the page has been formatted. It’s especially helpful when copy-pasting. Just a tip from Tim to make your life easier!

Resize Your Browser Window

Tim — Wed, 30 Jul 2008 00:18:24 +0000

Here’s a cool method for resizing a browser window using a simple shortcut in your bookmarks. This has been especially helpful since I can’t use Firebug at work (we’re forced to use IE6 – I know, it sucks), and the IE Developer toolbar always breaks on my work machine. How ghetto…

Here’s the link.

Getting Serious About Security – Part 2 – XSS

Tim — Tue, 15 Apr 2008 00:59:20 +0000

Cross site scripting can be a tough vulnerability to eliminate, but it doesn’t necessarily have to be. If you’re working on an ASP.NET project, the Microsoft Anti-XSS library is easy to use and freely available. Like a lot of developers, I’ve rolled my own anti-XSS by escaping specific characters, but it’s usually clunky and let’s face it. There are still bound to be vulnerabilities. The MS library can be used to encode HTML, HTML attributes, JavaScript, VBScript, as well as encode for XML and XML attributes.
Always encode data from untrusted inputs. Just a few examples include:

Databases
Form fields
Session variables
Query string
Cookies

Using the library is very simple. Just add a reference to the dll to your project, and you’re ready to go. Here’s a quick and dirty code example encoding a value from the query string:

string Name = AntiXss.HtmlEncode(Request.QueryString["Name"]);

A good rule to live by is “When in doubt. Encode it.” Just don’t encode it twice.

You can download the library from Microsoft here.