Why was the request for ASP.NET MVC checked?

Question

Why was the request for ASP.NET MVC checked?

In standard ASP.net applications, ASP.net offered some protection against XSS attacks by checking for validateRequest to detect dangerous input errors if someone tried. It seems that this functionality was derived from MVC of any idea?

+5

asp.net-mvc xss

alexmac Nov 29 '08 at 12:45

source share

4 answers

, , , .

ValidateInput, .

[ValidateInput(true)]
public ActionResult Foo()
{

}

AllowHtml

public class MyModel
{
    public Guid ID { get; set; }

    [AllowHtml]
    public string SomeStringValue { get; set; }
}

+7

Sruly 02 . '09 8:31

, - , ValidateRequest, XSS. .

+2

rodbv 29 . '08 13:20

ValidateRequest . , " XSS" - -; .

I really like the explanation regarding the desire to better follow the principles of REST. As for the 100 hidden fields, this reminds me of the ASP solution I provided several years ago; I used the distribution of hidden fields to transfer metadata. Not really.

+1

Feb 25 '09 at 19:27

source share

Timothy Khouri · Accepted Answer · 2008-11-29T12:57:36+0000

This is a difficult line to cross. Is your web application just a RESTful web resource as it should be? Or is he trying to do more. The next thing you know, you have 100 hidden input fields: __VIEWSTATE, __EVENTTARGET, __EVENTARGUMENT, etc. Etc.

, XSS MVC. google it, . , MVC - , " " -.

EDIT: , , . , MVC , ( ASP.NET). .

Why was the request for ASP.NET MVC checked?

More articles: