Widgets September 2009


I dream in code

About the author

Robert Williams is an internet application developer for the Salem Web Network.
E-mail me Send mail
Go Daddy Deal of the Week: 30% off your order at! Offer expires 11/6/12

Recent comments




Code Project Associate Logo


The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

New and Improved Microsoft AntiXss 3.1.

Until now, the preferred way to selectively allow only certain HTML tags like <b> and <i> was to regex the input to ensure it contained only valid Unicode letter and number characters and those specified tags, something like this:

if (!Regex.IsMatch(input, @"^([\p{L}\p{N}'\s]|<b>|</b>|<i>|</i>){1,40}$")) throw new Exception();

This approach will prevent all unwanted tags, but it will also prevent all attributes on the allowed tags. Sometimes this is good – attackers can add malicious script to onmouseover attributes of <b> and <i> tags – but again, sometimes this is overkill and blocks the use of benign attributes like lang or title. It would be theoretically possible to extend the regular expression to allow these attributes, as well as other safe HTML tags and their attributes, but realistically that would be an incredibly difficult regex both to develop and maintain.

AntiXss 3.1 takes care of all of this logic for you, using the same whitelist approach: it filters the input using a list of known good tags and attributes and strips out all other text. Simply pass the untrusted input through the AntiXss.GetSafeHtml or GetSafeHtmlFragment method to sanitize it:

string output = AntiXss.GetSafeHtml(input);

I strongly encourage everyone to download the new AntiXss 3.1 and incorporate it into your applications starting today. It’s a very effective defense, especially when used in conjunction with the output encoding functionality that’s been a part of AntiXss from the beginning.

Read the Full Article Here.

Download AntiXss 3.1 from Microsoft.

Posted by Williarob on Tuesday, September 29, 2009 1:50 PM
Permalink | Comments (0) | Post RSSRSS comment feed

Shepherds Pie Recipe


1 tsp1 Worcestershire Sauce

1/4 tsp thyme

1/8 tsp pepper

1/4 tsp salt

1/8 tsp Paprika

2 tbsp2 Ketchup

1 tsp Parsley

1 Medium Onion

1 lb3 Ground Lamb (If you use Beef you're making Cottage Pie, not Shepherds Pie!)

2 Large Carrots

1 24oz4 Package Refrigerated Garlic Mashed Potatoes5

1 packet Gravy mix6

1 Cup7 Water


Peel & Chop the onion, then combine it and the ground Lamb in a large skillet over a medium heat. Meanwhile, peel and chop the carrots, then add them to the skillet and cover it, but don't forget to stir it occasionally while you work on the sauce.

In a small saucepan, add the gravy mix, Worcestershire Sauce, thyme, salt, pepper, paprika, ketchup, parsley and water. Mix it all up then put it on a high heat and keep stirring it until it boils (if you stop stirring it may get lumpy). When it boils, remove it from the heat. Assuming the meat is brown at this point, drain excess juices from the skillet and pour in the sauce. Cover the skillet and let it simmer over a low heat while you heat the potatoes.

Pour the contents of the skillet into a casserole or baking dish and add the potatoes evenly across the top, fluffing with a fork. I usually place the baking dish on top of a foil covered baking sheet to catch any drips, but that's because my dish is always packed to the very top with juicy goodness and it tends to make a small mess in the oven. Broil (Grill for those in Britain) until the potatoes are golden brown on top and a little crispy (about 5 mins). Serves 4.


  1. tsp = Teaspoon
  2. tbsp = Tablespoon
  3. 1 Pound (lb) = 0.45 kilograms (453.59 grams)
  4. 24 ounces is equal to 0.68 kilograms (680.39 grams)
  5. I use Bob Evans Garlic Mashed potatoes.
  6. An oxo/bovril cube gravy would be better, but very hard to come by in the US, so I use McCormick Brown Gravy mix which is a pretty good substitute.
  7. 1 cup is equal to 236.59 milliliters (ml)

Categories: recipes
Posted by Williarob on Monday, September 21, 2009 11:00 AM
Permalink | Comments (0) | Post RSSRSS comment feed