You searched for the word(s): userid:672375

More Search Options

RSS Available

• Re: UpdateFrom and Encoding

  [quote user="slynch"] Sorry, what you ment was pretty obvious now that I think of it. You might want to consider adding something like this so it wont be replace if you update to the next drop of the MVCToolkit namespace System.Web.Mvc.BindingHelpers{ public static class CustomBindingHelperExtentions { public static void UpdateFrom( this object obj, NameValueCollection values, Expression < Func < string , string >> encoder, params string [] keys) { NameValueCollection encodedValues

  Posted to ASP.NET MVC (Forum) by dmtr on 12/14/2007

• Re: UpdateFrom and Encoding

  [quote user="slynch"] How the javascript getting into the form fields? [/quote] I just entered <script>alert('possible xss');</script> into input field

  Posted to ASP.NET MVC (Forum) by dmtr on 12/14/2007

• Re: UpdateFrom and Encoding

  I found an acceptable solution (for me :) ): In BindingHelpers.cs file of MVCToolkit solution I added some code to UpdateForm method (at line number 100)... ... string strValue = value as string ; if (strValue != null ) value = HttpUtility.HtmlEncode(strValue); ...

  Posted to ASP.NET MVC (Forum) by dmtr on 12/14/2007

• UpdateFrom and Encoding

  Hi, I installed MVCToolkit and played with tutorials. I tried to create some Product object (Linq To Sql) in an action method: But encoding for string values in Request.Form didn't happen and I successfully saved javascript code as product name :( [ControllerAction] public void CreateNew() { Product prod = new Product(); prod.UpdateFrom(Request.Form); northwind.AddProduct(prod); northwind.SubmitChanges(); ..... } What do I need to do to have encoding

  Posted to ASP.NET MVC (Forum) by dmtr on 12/14/2007
  Filed under: UpdateFrom