I am trying to send emails using smtp in an Adobe AIR application, I am unable to make the code work with gmail but it works with my hosted email without TLS/SSL so my assumption is that TLS/SSL is the issue.
I am using SMTPMAiller from http://www.bytearray.org/?p=27
with latest as3cryptolib I can fine.
I do not want to use a server side script.
Please respond only if you have a working code/application that works with gmail in present.
Thank you
Edit: My question is if you have already this working in present what libraries and what versions are you using, I am sure my libraries are too old.
I managed to send emails from gmail.yahoo using SMTP and SSL using this library airxmail
I had a few problems though, I was trying to log the code using event listeners to understand what is going wrong but adding a specific listener caused problems, I reported it here . For logging I suggest using what the author recommends(the mx.Log).
Other issue was caused by the not clear documentation from the first example I found, there was some code that needed to run for SSL only and other code that needed to run for TLS only.
I did not had time or need to test TLS so I am not sure if it works, code is not yet in production so maybe I will find more issues later.
I created a wrapper class, my needs is to have a test function when a user will add his email credentials and settings, then have the ability to send more then one email, I will show my main code here , use at your own risk.
I tried adding my sample here but SO code formatted did not like it, here is a gist I hope it will help.
I'm getting this chrome flag when trying to post and then get a simple form.
The problem is that the Developer Console shows nothing about this and I cannot find the source of the problem by myself.
Is there any option for looking this at more detail?
View the piece of code triggering the error for fixing it...
The simple way for bypass this error in developing is send header to browser
Put the header before send data to browser.
In php you can send this header for bypass this error ,send header reference:
header('X-XSS-Protection:0');
In the ASP.net you can send this header and send header reference:
HttpContext.Response.AddHeader("X-XSS-Protection","0");
or
HttpContext.Current.Response.AddHeader("X-XSS-Protection","0");
In the nodejs send header, send header reference :
res.writeHead(200, {'X-XSS-Protection':0 });
// or express js
res.set('X-XSS-Protection', 0);
Chrome v58 might or might not fix your issue... It really depends to what you're actually POSTing. For example, if you're trying to POST some raw HTML/XML data whithin an input/select/textarea element, your request might still be blocked from the auditor.
In the past few days I hit this issue in two different scenarios: a WYSIWYG client-side editor and an interactive upload form featuring some kind of content preview. I managed to fix them both by base64-encoding the raw HTML before POSTing it, then decoding it on the receiving PHP page. This will most likely fix the issue and, most importantly, increase the developer's awareness level regarding the data coming from POST requests, hopefully pushing him into adopting effective data encoding/decoding strategies and strengthen their web application from XSS-type attacks.
To base64-encode your content on the client side you can either use the native btoa() function, which is supported by most browsers nowadays, or a third-party alternative such as a jQuery plugin (I ended up using this, which worked ok).
To base64-decode the POST data you can then use PHP's base64_decode(str) function, ASP.NET's Convert.FromBase64String(str) or anything else (depending on your server-side scenario).
For further info, check out this blog post that I wrote on the topic.
In this case, being a first-time contributor at the Creative forums, (some kind of vBulletin construct) and reduced to posting a PM to the moderators before forum access it is easy for one to encapsulate the nature of the issue from the more popular answers above.
The command was
http://forums.creative.com/private.php?do=insertpm&pmid=
And as described above the actual data was "raw HTML/XML data within an input/select/textarea element".
The general requirement for handling such a bug (or feature) at the user end is some kind of quick fixit tweak or twiddle. This post discusses the option of clearing cache, resetting Chrome settings, creating a new_user or retrying the operation with a new beta release.
It was also suggested that one launches a new instance with the following:
google-chrome-stable --disable-xss-auditor
The launch actually worked in this W10 1703 Chrome 061 edition after this modified version:
chrome --disable-xss-auditor
However, on logging back in to the site and attempting the post again, the same error was generated. Perhaps the syntax wants refining or something else is awry.
It then seemed reasonable to launched Edge and repost from there, which turned out to be no problem at all.
This may help in some circumstances. Modify Apache httpd.conf file and add
ResponseHeader set X-XSS-Protection 0
It may have been fixed in Version 58.0.3029.110 (64-bit).
I've noticed that if there is an apostrophe ' in the text Chrome will block it.
When I update href from javascript:void(0) to # in the page of POST request, it works.
For example:
login
Change to:
login
I solved the problem!
In my case when I make the submmit, I send the HTML to the action and in the model I had a property that accept the HTML with "AllowHTML".
The solution consist in remove this "AllowHTML" property and everything go OK!
Obviously I no longer send the HTML to the action because in my case I do not need it
It is a Chrome bug. The only remedy is to use FireFox until they fix this Chrome bug. XSS auditor trashing a page, that has worked fine for 20 years, seems to be a symptom, not a cause.
I'm trying to to guarantee that fresh JSON is sent to my page every time a user clicks refresh. Currently, if the JSON is updated the webpage will not reflect the change until Apache is restarted.
I have tried the following approaches -
Create a nocache function and call the decorator in the page function
I have tried putting headers in my HTML
Using Command + Shift + R in Chrome for MacOS for a "hard" refresh
No good... I'm beginning to think I'm misunderstanding something. Can someone point out the error of my ways? I copy and pasted the code presented in those links. The first link even speaks about JSON specifically. I can show my exact code being used if desired, but like I said; copy and paste.
Maybe its not even a caching issue, I'm not sure, but I'm open to any ideas!
EDIT:
I know now that my no-cache headers ARE being passed to the HTML. The issue lies somewhere in that the Flask isn't asking MySQL for updated data every time the page is loaded, only when Apache is restarted. So even if fresh data is in MySQL DB it will not be displayed for the user unless Apache gets restarted.
I finally found another post on Stack Overflow regarding my question.
Turns out I need to make my DB connection and form the JSON in the same function. Before I was calling the data from the DB in a separate function and then referencing it to create JSON and pass it to the HTML in a different one. Now everything is inline see HERE.
I am writing a CGI script with Shell as basic language and with HTML and JavaScript in it. I am using Apache server and my OS is Ubuntu Server 14.01.1.
There are multiple purposes of this script as well as it's too big so I wont be sharing it here or explaining it fully. In a nutshell, I have a form in which I am validating fields, accepting values in Shell variables and then substituting them in a shell script which also runs in a CGI file when I click submit button. Now the issue here is there are fields whose data is sensitive as a result I MUST use the POST form method.
My CGI script works perfectly fine with GET method however with POST, It just does not connect to next page. Right now, It is linked to a simple web page with no scripting or dynamic building. I instantly get the error Connection Reset By Peer. When I checked apache error log, I get the error Failed to flush CGI output to client.
I just can't find a way around this error. What can I do to make this work?
We started to get
Refused to execute a JavaScript script. Source code of script found within request.
with version 17 of Chrome. Version 16 was working fine. What it seems to complain about is that we do a POST and the reply is the same what we already have if I understand it correctly. Or is there a way to verify exactly what it complains about?
Refused to execute a JavaScript script. Source code of script found within request
Is there a way to get around this or have anyone had simular problems with the new version 17 of Chrome? We dont do any cross posting on our site, so it kind of looks like a bug from Chrome, but anyhow it needs to be solved.
https://stackoverflow.com/a/1547887/99220 seems applicable. The feature is attempting to detect an XSS attack client-side, and refusing to execute code that looks like it's simply reflecting whatever was stuffed into a POST.
It's certainly possible that the XSS filters are buggy, and detecting your case as a false-positive. It's also possible that you have an actual XSS hole on your site that Chrome is warning you about. Can you post a link so others can take a look? If it is a bug, I'll help you file a ticket at http://new.crbug.com/ If it's not a bug, then we can evaluate how you can fix your site.