Nesting Math Functions in Javascript - forms

I am working on an Acrobat form that should only accept positive, whole numbers in a field.
It is ideal if the number is simply reformated to suit the criteria. For example, if a user types in "-1.4", it should simply change to "1".
Is it acceptable to use this as the "Validation Script" for the field:
if (event.value) event.value = Math.abs(Math.round(event.value));
It seems to work, but is it ok to nest functions like this in general, or will it lead to issues.

Rather than change the value during the validation event, prevent an invalid value from being entered in the first place. To allow only numbers with no dashes to be entered, add the following to the custom keystroke event.
event.rc = !(/[a-zA-Z\-]/.test(event.change));
You may want to modify the regex to prevent other characters as well. I just did the bare minimum. Remember that you'll need to allow for the delete key, return key, and backspace to be permitted so you can't just limit the regex to 0-9 (which would be the obvious thing to do).

Related

Kentico 9 form fields.. Is there a way to make a feild into a currency field only?

Have a form I am trying to build and even though I have a text box field that will work for users to enter a $ amount it would be nice to make it so that field only accepts numbers and keeps it in the $0.00 format. Seems like a simple thing but I cannot seem to find out how this would be done.
You need to specify the field as a decimal or double and define the precision (depending on what version you are using). The field should NOT be a text field but can use a textbox as the displaying control.
From an output standpoint, it will not automatically output $0.00, you have to format that based on the culture. There are several macros and functions within the API to do this.
Setup you control as followed
make the Data type a decimal number
in the Editing control settings click to show the Advanced section
in Filter set Type to Numbers and Custom
Add Valid characters your delimiter (, or .)
In the validation section add a rule for the minimum value to be 0.
The data type will enforce it to be a actual number.
You could also use as Validation a Regular expression setting something like:
^[$]?([0-9]{1,2})?,?([0-9]{3})?,?([0-9]{3})?(\.[0-9]{2})?[$]?$
which will allow a dollar sign prefix or suffix.

Handling right-to-left/left-to-right override characters in user input

I need to embed user input in a string; for example, "<User> sent a message".
The problem comes if the user input includes one of the directionality override characters (U+202D or U+202E). If "<User>" includes an RLO character, the displayed string becomes "‪<User>‮ sent a message‬".
My question is how best to handle this. Are there legitimate uses for RLO and LRO, or is stripping them out a plausible option? Otherwise maybe I can wrap the user input with "Left-to-right embedding" (U+202A) and "Pop Directional Formatting" (U+202C), though doing that right probably requires me to make sure that the user input doesn't contain unbalanced PDF characters.
Are there legitimate uses for RLO and LRO, or is stripping them out a plausible option?
I strip them, along with all the other characters designated not suitable for use in markup.
Legitimacy is an arguable point, but real Arabic/Hebrew/etc keyboards can't type BiDi control characters, so you are not likely to come across them in non-malicious user input.

Is sanitizing html by removing angle brackets safe?

I want to sanitize a simple text field with a person's name, to protect from XSS and such. Stackoverflow pretty much says I must whitelist. I don't understand this. If I simply remove all < and > from the input value, or replace them with > and &ls;, does not that rule out code injection? Or am I missing something? Perhaps you only need to whitelist in more complex scenarios where you have to put up with angular brackets?
Sorry if it's a silly question, it's important to get this right.
Whether to whitelist or encode depends on how you want to use the text.
If you intend to treat the input as plain text, then encoding special characters is enough, and any HTML code entered will display as text only as long as you are careful not to allow unencoded text to end up anywhere in your HTML output. (This includes making sure any other systems you interface with don’t inappropriately use the unencoded text.)
If you want to allow some markup in the input, such as text styling or links, then you must whitelist the tags that you allow and get rid of all others.
No, it's not sufficient because if you were to include the person's name in an html attribute, you would also need to escape any double-quotes contained therein.

Cannot use t-sql contains with short words

I call my statement with CONTAINS function, but sometimes it does not return correct records, e.g. I want to return row which contain in one field word 'Your':
SELECT [Email]
,[Comment]
FROM [USERS]
WHERE CONTAINS(Comment, 'Your')
It gives mi 0 result despite that this field contains this word (the same with 'as', 'to', 'was', 'me'). When I use 'given' instead of 'Your' then I receive a result. Is there maybe a list of words which cannot be used with CONTAINS? Or maybe this words are to short (when i use 'name' then i receive the results)? The work 'Your' is at the beginning in field Comment.
The field is of type 'text' and has enabled full-text index.
Words such as those you mention are "stop words"; they are expressly excluded from being indexed and searched in Full Text Search due to how common (and thereby meaningless for searches) they are. You'll notice the same thing when searching Google, for instance.
It is possible to edit the list, but I would avoid doing so except perhaps to add words to it; the words in the list are chosen very well, IMHO, for their lack of utility in searches.

Determine if non-numerical characters have been pasted into UITextField

For a specialized calculator I would like to allow copy / paste for a textfield which is meant for numerical values only. So, only numerical characters should be actually pasted or the pasted string should be rejected if it contains non-numerical characters.
I was thinking about using UITextFieldDelegates textField:shouldChangeCharactersInRange:replacementString: method to check the pasted string for non-numerical characters. But NSString offers no method for checking whether it does NOT contain characters specified in a single set. So this way I would need to check occurances of characters from several sets, which is clumsy and these checks would run for every single number that would be typed in, which appears like quite some overhead to me.
Another way would be to iterate and check for every character in the replacement string whether there's a match in a numerical set.
Either way would propably work, but I feel like I'm missing something.
Do you have any advice? Is there a convenience method to achieve this?
But NSString offers no method for checking whether it does NOT contain characters specified in a single set
sure it does.
if([myString rangeOfCharacterFromSet:myCharacterSet].location ==NSNotFound)
{
//means there is no character from specified set in specified string
}