Geek Answers Handbook

Unvalidated IValueProvider.GetValue

In my custom model wipe, I use

bindingContext.ValueProvider.GetValue(propertyName);

I have [ValidateInput (false)] in action. However, calling GetValue above results in

The potentially dangerous Request.QueryString value was detected by the client

How can I make my custom mediator get an indefinite value from a cost provider? Of course, when it discovers that there is ValidateInput (false) in the action.

+7
source share
1 answer

Just in case anyone is interested, here is a quick solution. Just call CheckUnvalidated () in the BindModel / BindProperty methods. This will replace the default QueryStringValueProvider with an undefined version.

  MethodInfo GetActionMethod(ControllerContext controllerContext) { var action = controllerContext.RouteData.Values["action"] as string; return controllerContext.Controller.GetType().GetMethods().FirstOrDefault(x => x.Name == action || x.GetCustomAttribute<ActionNameAttribute>().SafeGet(a => a.Name) == action); } void CheckUnvalidated(ControllerContext controllerContext, ModelBindingContext bindingContext) { var method = GetActionMethod(controllerContext); if (method == null) return; if (method.GetCustomAttribute<ValidateInputAttribute>().SafeGet(x => x.EnableValidation, true)) return; var collection = bindingContext.ValueProvider as ValueProviderCollection; if (collection == null) return; var old = collection.OfType<QueryStringValueProvider>().FirstOrDefault(); if (old != null) collection.Remove(old); collection.Add(new UnvalidatedQueryStringValueProvider(controllerContext)); } class UnvalidatedQueryStringValueProvider : NameValueCollectionValueProvider { public UnvalidatedQueryStringValueProvider(ControllerContext controllerContext) : base(controllerContext.HttpContext.Request.Unvalidated().QueryString, CultureInfo.InvariantCulture) { } }
+1
source

More articles:


All Articles