This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do you avoid XSS vulnerabilities in ASP.Net (MVC)?
Hi I need to create a guest book, where users can add their comments and have theme being displayed without moderation on a page.
I'm using Asp.Net MVC 3 in C#.
Could you point me out some tecnics? thanks
Thanks for your time.
PS I'm using Razor
Just make sure all user generated content is HTML encoded before you write it to the browser and you'll be fine. Razor view engine does this by default... it's actually quite hard to screw up on this using Razor.
So:
#"<script>badness</script>"
in Razor would render in HTML as
<script>badness%lt;/script>
to achieve the same in ASP.NET view engine use <%:expression%> as opposed to <%=expression%>
<%:"<script>badness</script>"%>
You could you the AntiXSS library. This is mentioned by:
http://weblogs.asp.net/jgalloway/archive/2011/04/28/using-antixss-4-1-beta-as-the-default-encoder-in-asp-net.aspx
http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx
Related
This question already has answers here:
MVC Rendering (RenderPartial, RenderAction) Html from another MVC Application
(2 answers)
Closed 5 years ago.
I have 2 applications published in the same site in iis, so the only diference between both is the virtual path, ex: localhost:2020/app1 and localhost:2020/app2. My problem is that in the app1, I want to call a partialView from the app2 and I can't add the references from the app2 to the app1. Any idea how to do that?
The only reasonable way (to me at least) to do this is to move shared partial views to separate library and use RazorGenerator tool to generate code for them. Then when you will reference the library in web projects of both applications those views will be available to use.
This question already has answers here:
Render Razor view to string in ASP.NET 5
(2 answers)
Closed 7 years ago.
After a long search for a solution to this problem, I only found MVC5 and outdated solutions.
Now that we are in asp.net 5 beta 7, there are any way to render a view to a string variable ?
I need to render a view to show it in a bootbox javascript control (like a modal windows).
The MVC 5 solutions does not work in version 6 because there is no "ViewEngine" class in there. Look:
and even the Razor object canĀ“t be found:
You can use this approach (see RenderPartialViewToString):
https://stackoverflow.com/a/32577016/2631076
This question already has answers here:
Is it possible to make an ASP.NET MVC route based on a subdomain?
(10 answers)
Closed 8 years ago.
I'm writing here becouse one question doesn't let me sleep calmly. How it's possible that site www.visualstudio.com when I sign in to free TFS account, create special 'part' of site with url {myprojectname}.visualstudio.com?. Is it achieveable in my project using ASP.NET MVC 4 or 5? How it doesn't affect in current DNS system? or it affect? What should I read to let my site be so deeply customizable?
for example:
user1.mysite.xx
user2.mysite.xx/aaa/4/sda/something_other
The easiest way is to define a wildcard DNS A or CNAME entry like (BIND syntax):
*.myside.xx. IN A x.x.x.x
In Windows you can use the command line dns tool for it: http://support.microsoft.com/default.aspx?scid=kb;en-us;840687
After that regardless what you write as username.myside.xx it will hit your webserver. From your code you can decide what to do, make a redirect to username.myside.com/username or whatever else
This question already has answers here:
Is it possible to have C# and vb.net in the same asp.net website?
(6 answers)
Closed 10 years ago.
Is it possible to have both c# and Vb (default.aspx.cs,index.aspx.vb ) in a single site. If so can you give me some ideas or Suggestions.
If you're creating a "web site" then each page can use a specified language, because essentially each page is compiled separately. Some can use VB, some can use C#.
Otherwise "web application" which can use only one language.
This has been asked so many times on here.
See this blog for example - http://timheuer.com/blog/archive/2007/02/28/14002.aspx
However, I personally recommend you don't mix languages in the same project. Just because you can doesn't mean you should and all that...
Consider seperating your business logic from your pages and making it loosely coupled.
You can then build class libraries in C# and VB.Net in seperate projects which will represent your logic and reference the DLL's and call methods in your a single language from a aspx.cs or aspx.vb.
I wouldn't mix the two languages, especially in an area where it isn't needed.
I would even go as far as using a code convertor to make your web page one language.
This question already has an answer here:
Closed 10 years ago.
Possible Duplicate:
ASP.NET 4.0 URL Rewriting: How to deal with the IDs
I am trying to do url re-writing in my asp.net c# project, and I searched internet but did not get what I was looking for.
Say, for example I have following url:
http://www.example.com/Question.aspx?qid=1
Now, Question.aspx finds a question against (which has title and body field) for qid from the db and displays it. I want to display question title in url.
My requirement is something like this:
http://www.example.com/Question/1/QuestionTitleGoesHere
Can anyone please suggest that how can I achieve this ASP.NET 4.0?
You can check following working examples of URL Rewriting in asp.net web forms projects using
URL Rewriting using ASP.NET for SEO
Tip/Trick: Url Rewriting with ASP.NET
In IIS you can use Url Rewrite to achieve this.
If you need this to be within the application, could you look at using MVC3/MVC4 instead of webforms? If that is an option.
I think you should try these links:
URL Routing with ASP.NET 4 Web Forms (VS 2010 and .NET 4.0 Series)
ASP.NET Routing
They will help you.