Geeks With Blogs
Liam McLennan hackingon.net September 2008 Entries
ASP.NET MVC - Validate Request
Since .NET 2.0 Asp.net webforms has protected the programmer from cross-site scripting by validating all input sent to the server. Unfortunately, this does not happen in Asp.net mvc. I tested my application by typing 'alert("xss");' surrounded by script tags in the first name textbox. The form saved successfully and I got a javascript alert box with the message "xss". In asp.net mvc it is the programmers responsibility to validate all input. Calling Request.ValidateInput() in a controller tells the ......

Posted On Tuesday, September 16, 2008 8:42 PM

ASP.NET MVC - Beautifying Views
This is a simple technique I recently started using to clean up MVC views. Here was my first attempt at rendering a list of alerts: <table class="tabTable"> <tr> <th></th><th... TYPE</th><th>WH... </tr> <% foreach (FleetAlertDTO alert in ViewData.Model) { %> <%= Html.RenderUserControl("~/V... alert) %> <% } %> </table> I didn't like it because ......

Posted On Thursday, September 4, 2008 11:22 PM

Copyright © Liam McLennan | Powered by: GeeksWithBlogs.net