Last post Sep 17, 2010 07:17 AM by NightOwl888
Feb 25, 2009 01:47 PM|Moskie|LINK
My team has taken on the task of preventing user controls from having ASP.Net script blocks and expressions in them, while having ASP.Net (and our own custom) web server controls is accepted. The reason for this is that we have content managers and creators
for the sites we host, and we want them to have the ability to access and edit certain user controls on the sites, but the type of content that's allowed on them is restricted.
After some digging, we got the impression that a custom PageParserFilter would be the way to go. Unfortunately, we've come up empty-handed in terms of guides on how to use it. We've attempted to figure it out ourselves, but have gotten sporadic results.
I think one problem we have is we don't quite understand the philosophy of how PageParserFilters work. It has all these methods which return boolean values. The one that seems relevant to our purposes is ProcessCodeConstruct. AllowCode isn't appropriate,
because I beleive server controls are considered to be code. My initial guess was that in ProcessCodeConstruct, if the codeType or code parameters were a value that we didn't want, we would return false... but now I don't think that's the case. The summary
for the method says this:
"Returns a value that indicates whether a code block should be processed by subsequent parser filters."
That doesn't quite make sense to me. It doesn't quite explain to me what should be done if something I don't want to be in code or codeType is found. Throw an exception? Return false? Modify a value? I haven't been able to find answers to these questions,
so I thought I'd post here.
We're also having general problems with the methods in our new class being called when we expect them to. We've debugged and put breakpoints in all our overridden methods, but they are not consistently hit. Especially the ProcessCodeConstruct method. We'll
hit a breakpoint in one of our methods, and can see that it's processing a user control that we want to to process. This user control has ASP.Net script code in it. We've tested it with <% ... %> blocks, <%= ... %> blocks, and with <script runat="server">
blocks. But even still, the ProcessCodeConstruct method was not consistenly called.
What we've done so far:
We're starting to get the impression that PageParserFilters are not widely used, and might not even work right... We're hoping someone out there could explain it to us better before we attempt a different solution...
Thanks a lot,
Sep 17, 2010 07:17 AM|NightOwl888|LINK
While I didn't personally create a PageParserFilter, I recently reverse engineered this one....it is designed to remove extra whitespace characters in the page. I am sure if you dig into the code you can figure out how to create your class.
I can probably explain why you are receiving "inconsistant results" though - a PageParserFilter is only executed at compile time.