There’s a potential security exploit that ASP.NET MVC leaves you open to. However, in Peter’s opinion, all the proposed solutions miss the point.
Encrypting data that you want stored in your View and returned to you when the user clicks the Submit button has its own special problems. Here’s a complete solution and, as a bonus, an Encryption object you can use anywhere.
SQL Server 2016 lets you treat JSON objects like rows in a table, allowing you to use data from AJAX queries in joins, updates and any other SQL statement you can think of.
When you want to return a string result -- either as text, HTML or XML -- then a ContentResult object gives you the right balance of simplicity and control.
Sometimes what you want to test is how your Action method behaves when it's invoked through an AJAX call. Here's how to mock up that call using Moq.
If you’ve been programming long enough, then you know that the "right way to do things" keeps changing. Here’s why, a description of where we are now and a guess about where we’re going.
That's often where the real problem is.
If you just want to get going with a code-first database, you don't even need to define a connection string -- just write your objects.
Your users will make mistakes ... but it would be a mistake to treat all their errors the same way. You can get more out of ASP.NET MVC's validation infrastructure just by paying attention to how you name your errors.
With JSON now the default format for moving data between clients and servers, SQL Server adds JSON support to make it easier to get your data out of the database and down to the client.
Test, test and test again. You can automate those tests with a TestServer-based Web app that doesn't even touch the Web server.
- By Jason Roberts
Get Visual Studio to be more helpful when you're working with HTML.
When something goes wrong with your Web Service the decent thing to do is to return your errors in a variety of ways.
Sensibly, ASP.NET MVC 5 prevents users from entering HTML or Script tags into your page's textboxes, protecting you from a wide variety of hacks. However, for those rare occasions when you do need to let the user enter tags, here's how to do it.