This class is an addition to the html- and url-encoding in the HttpServerUtility class. Where the methods in the base framework, only encode a limited number of characters. The classes in the AntiXss class encode everything, that is not explicitly allowed. These means that everything but the following characters are encoded in most cases: a-z, A-Z, 0-9, (comma), (period), (dash), (underscore) and (space). 

[download: Microsoft Anti-Cross Site Scripting Library V1.5]

[Note: most of this post discusses document libraries, but the concepts and code are similarly applicable to other types of lists.]

The default "New" menu item in a document library has just 2 items: document and folder.

Changing these options in the UI is relatively easy, after enabling the management of content types and  adding a number of content types to the document library these automatically appear in the menu.

The document library settings even allow you to change order of the content types and hide content types from the New menu. ( Shared Documents > Settings > Change New Button Order )

The next step is managing these settings from code, so you can easily change the settings in multiple document libraries. Investigating the SPList class you notice the ContentTypes property, this method returns a collection of supported content types for a list. Deleting a content type from this list, removes the support for that content type from the document library. This will throw an exception when the content type is still in use by items in the list.

// open the library
SPList lib = GetDocumentLibrary();
SPContentTypeCollection contentTypes = lib.ContentTypes;
SPContentType contentType = contentTypes[ /* content type name */ ];
if (contentType == null) {
    // content type not found
    return;
}
// delete the contentype
contentType.Delete();

lib.Update();

Adding a content type is similar:

contentTypes.Add( new SPContentType( /* */ ) )

Changing the order of and hiding content types is less simple. The SPContentType class has a Hidden property, but this property does not appear to have an effect on the content type. But there is another place in an SPList where content types are managed, the RootFolder property has 2 properties: ContentTypeOrder and UniqueContentTypeOrder. The ContentTypeOrder property contains all the content types supported by this list and return the content types from the parent when the list has not specified unique content types. The UniqueContentTypeOrder is used to specify the unique content types for the new menu and their order.

// open the library 
SPList lib = GetDocumentLibrary(); 

IList<SPContentType> currentOrder = list.RootFolder.ContentTypeOrder;
List<SPContentType> result = new List<SPContentType>();
foreach (SPContentType ct in currentOrder)
{
    if (ct.Name.Contains("Document"))
    {
        result.Add(ct);
    }
}

list.RootFolder.UniqueContentTypeOrder = result;
list.RootFolder.Update();

So managing the items in the new menu, is possible but it's not very straightforward.

My company is organizing a one day conference about Employee 2.0 (in Dutch only) together with Agile, Wortell and Microsoft. The main part of the program consists of case-studies of actual application, which help employees to find the information they need, communicate more efficiently etc. And it's free!

Recently I had the pleasure to develop an Eventsink for Exchange 2003. But since the client didn't want to install the .NET framework on their Exchange servers, I had a change to practice my C++.

One of the things I had to check if the number of attendees had changed between creating the appointment and saving the changes. The obvious way to access this property on the IAppointment interface. Opening an appointment should be simple when you have access to the record:

// pEventInfo is a parameter for the OnSyncSave method
IExStoreDispEventInfoPtr pDispEventInfo = (IExStoreDispEventInfoPtr)pEventInfo;

// get the record
_RecordPtr rec;
pDispEventInfo->get_EventRecord( (IDispatch**)&rec );

// load the appointment from the record
IAppointmentPtr iAppointment(__uuid(Appointment));
iAppointment->DataSource->OpenObject(rec, "_Record");

Unfortunately this always fails for an appointment, with an invalid parameter exception (it does work for an IMessage). Luckily the IDataSource interface also has an Open method, which accepts a Stream:

// pEventInfo is a parameter for the OnSyncSave method
IExStoreDispEventInfoPtr pDispEventInfo = (IExStoreDispEventInfoPtr)pEventInfo;

// get the record
_RecordPtr rec;
pDispEventInfo->get_EventRecord( (IDispatch**)&rec );

// open a stream
_StreamPtr iStream(__uuidof(Stream));

iStream->Open(_variant_t((IDispatch*)rec,/* fCopy */true), adModeReadWrite, adOpenStreamFromRecord, BSTR(""), BSTR(""));

// load the appointment from the stream
IAppointmentPtr iAppointment(__uuidof(Appointment));
iAppointment->DataSource->OpenObject(iStream, "_Stream");

// close the stream
iStream->Close();

A nice series of posts about Covariance and Contravariance in a hypothetical future version of C# by Eric Lippert.

1. Covariance and Contravariance in C#, Part One
2. Covariance and Contravariance in C#, Part Two: Array Covariance
3. Covariance and Contravariance in C#, Part Three: Member Group Conversion Variance
4. Covariance and Contravariance in C#, Part Four: Real Delegate Variance
5. Covariance and Contravariance In C#, Part Five: Higher Order Functions Hurt My Brain
6. Covariance and Contravariance in C#, Part Six: Interface Variance
7. Covariance and Contravariance in C# Part Seven: Why Do We Need A Syntax At All?
8. Covariance and Contravariance in C#, Part Eight: Syntax Options
9. Covariance and Contravariance in C#, Part Nine: Breaking Changes
10. Covariance and Contravariance in C#, Part Ten: Dealing With Ambiguity

Eric added another part:

11. Covariance and Contravariance, Part Eleven: To infinity, but not beyond

I moved the Google chart API wrapper development to CodePlex and published a first Alpha release of the source code. Several more releases should follow in the coming weeks, focusing initially on completing the API and changing some things I'm not really happy about.

After the initial release I plan to work on adding designers to make integrating the charts in your ASP.NET applications easier.

From Rands:

Here is an audacious goal for your resume: to get you to a point in your career where you no longer need a resume. It’s the point that in your chosen industry people know who you are and what you are capable of. And they want you doing it at their companies.

The documentation for the DoesUserHavePermissions method starts hopeful:

"The DoesUserHavePermissions method of the SPPermissionCollection class returns a value that indicates whether the current user has the specified permissions."

But it goes downhill in the "return value" section:

"true if the current user has the specified permissions; otherwise, raises an access denied exception and prompts the user for authentication."

It is not exceptional for a user to not have permissions, so raising an exception in those cases is not something you would expect to happen; especially since the method returns a boolean, which does support the false value.

A general design guideline for .Net development as described in the Framework design guidelines (p183-188) is: "DO NOT use exceptions for the normal flow of control, if possible."