I have content that is being entered into an API that is likely to appear on various websites. While these websites use CSP and other measures to help prevent XSS, I am looking for more solid input validation on my web api methods to validate better from the start.
What is considered the best practice to do this in web api? Can anyone recommend any resources to assist with this?
Use a HTML parser like Html Agility Pack, then stripe unsafe tags and attributes like , or get only the innerText from the parser of choice.
Related
I am looking to utilize a static site generator framework to work with Vue in order to generate static pages with product info, however we need to create thousands of pages with a different product for each page, we hope to make api calls to retrieve data and then fill in our templates with the different data and pictures for each product, the hope is it boost our search results for part #'s and bring in more business, does Gridsome do this? If so, how do I go about setting up this functionality? Or is Gridsome not the best option for this? I am open to exploring different frameworks but we would like to use Vue still for UI development though we are open to just plain html, css, and vanilla javascript.
Thanks
Yes. Gridsome was designed to handle exactly your situation. From gridsome.org:
You can make API calls to retrieve the data:
Gridsome makes it painlessly easy to build Jamstack websites using data from multiple sources such as Content API's, Headless CMSs, and other web services.
It's SEO-friendly to boost your search results:
Gridsome sites load as static HTML before they hydrate into fully Vue.js-powered SPAs. This makes it possible for search engines to be able to crawl content and give better SEO ranking, and still have all the power of Vue.js.
A good next step might be to check out the various starter templates on the Gridsome website.
I am evaluating Virtocommerce for a small startup company. We only have a few products and would like to make use of VC's user and payment modules instead of creating a website ourselves from scratch. We are familiar with asp.net mvc, angularjs and RestAPI. However, we would rather not learn and use the liquid theme engine if all possible.
So the question is, is it possible/a good idea to simply create a angularjs web app and call storefront's RestAPI? Please advice. Thanks.
Yes, of course, it is possible, you even can exclude VirtoCommerce.LiquidThemeEngine project from storefront solution and use ASP.NET razor views for the rendering SEO critical pages and use client SPA for another kind of presentation logic.
We have some clients who use this kind of storefront implementation (without Liquid themes) but unfortunately, I couldn't provide any of these examples because they aren't in a public access.
If you will have more questions you might ask them in our community chat gitter VirtoCommerce/vc-platform
Forgive me my ignorance, however I was trying to figure it out by myself and I did not find the right solution by myself.
I'm building a website, based on node. I'm also using alot of front-end javascript, such as AJAX in order to load the content dynamically. And, my problem is; I would like to limit GET requests for front-end only. Is there any way to achieve this? Like, we do have CSRF for POST requests, and I was thinking about enabling something like CSRF for specific GET requests. API tokens are not the way achieve the success in here, because those would be available for anyone, after inspecting the markup.
I'm new to Bigcommerce but experienced with web app development. I have a need to make customizations to a Bigcommerce store where I need to implement custom logic that runs on the server-side which affects the output in the UI by deciding which page to serve. For example, I want to have different versions of a product page for different locations. I want each version to have a static URL, however, for SEO purposes. I need to implement logic in the server-side to do something like detect user location based on IP and then determine which of the product version pages to serve. I realize I can do this with JavaScript but I don't want to as I don't think that would work as well for SEO.
I have looked over their API and templating briefly but am not seeing a real way that this is possible. Wondering if anyone can guide me in the right direction or is Bigcommerce too simplified to allow this sort of customization?
You do not have server side access on Bigcommerce. The only would to do this would be client side with javascript.
I have made an angular app with rails as a backend.I have read lots of blog and articles about how to make an angulajs app crawlable.
for example - : "http://www.example.com/#!/home" Google bots will convert this url into "http://www.example.com/?_escape_fragment_=/home".
I have written logic that wherever request comes with "?_escape_fragement_=" format ,I just returns the json data in html file.
for example-:
<p>name: test</p>
<p>designation :test1</p>
so i just want to know that this much is enough for making an ajax application crawlable.if not then please suggest me the other ways to make an application crawlable.
Thanks,
You should consider creating HTML snapshots from your existing codebase rather than adding further complexity for creating pages. Google (see option 3) recommends using a headless browser to prerender your AJAX application before returning to the client.
You can also see some significant performance improvements by prerendering for all users and initialising your Angular app in its current state - especially in hybrid apps/mobile websites - this reduces XHR requests and painting in the browser. More on this here;
https://github.com/ithkuil/angular-on-server/wiki/Running-AngularJS-on-the-server-with-Node.js-and-jsdom