Tag Archives: dotnethelpers

Visual Studio 2013

Running Web Application in Multiple Browser Simultaneously

Leave a comment

As a web Developer we need to perform cross browser testing in different browser from Visual Studio. In common, we will run the application(pressing F5) after selecting the specific browser from the menu. To test more than one browser simultaneously, VS have an option to set “multiple browser” option. Let we discuss, how to enable multiple browser as a default browser in visual studio.

Why it’s needed?

It is difficult for the developer who working on the browser compatibility because they need to run the solution for every time with different browser. To overcome, in VS has a specific feature that will run the application in many browsers at simultaneously. This feature will be a productivity enhancer for web developers who all working on the browser compatibility.

Step:1

As below image, click the run to show the list of browsers as shown below. As default, we will able to see all added browser and with default browser as checked

Enable Multiple borwser option in visual studio

Step:2

Click on the “Browse With” option to open a new wizard as shown below. From this screen, we can choose a browser that needs run simultaneously for our application. Select required browsers by pressing the control key (for multiple selection) and click “Set as Default” button.

Step: 3

Now we can see the “Multiple Browsers” item present as default in the menu. Now run the application without debugging(Ctrl+F5) mode to launch in all browser at the same time.

Note :

If we run the application in the debugging mode (F5) then it will show popup for choosing the single browser.

Happy Codding !!!

MVC

ValidateInput Attribute in ASP.NET MVC

Leave a comment

In some scenario, we need to send HTML value/content as input to our application from the view to the controller. In some time we use HTML Editors to save the HTML content if the end user accept. By default, ASP.NET MVC framework prevents you from submitting the HTML content/potentially malicious content to the controller, for avoiding the cross site scripting attack. This feature is called request validation.

Used Version Detail : Visual studio 2013, Version 4.5, MVC 5

Controller:

This is the simple ValideInput controller and it will render the view as output. And in the form submission, it will redirect to GetDescription() action and bind the view. In default, ValidateInput attribute parameter is true (ValidateInput(true)).

public ActionResult ValideInput()
{
return View();
}
public ActionResult GetDescription(FormCollection _inputDescription)
{
 //your logic
 return View();
}

View:

Here it is the view for getting the form data from the user, which contain one textbox and submit button inside the BeginForm. After user submission it will redirect to the GetDescription action method inside the dotnethelpers controller.

<!DOCTYPE html>
<html>
<head>
<title>Index</title>
</head>
<body>
<div>
@{
using (Html.BeginForm("GetDescription", "dotnethelpers"))
{
<input type="txtDescription" name="description" /> <br />
<input type="submit" value="Submit Form" />
}
}
</div>
</body>
</html>

Output :

As per below screen, we are entering a content with HTML elements. And once we click on the submit button, then it will throw the error as like below because, in default ASP.NET MVC prevents the HTML element as form data. In simple, ASP.NET MVC cannot send HTML values to the controller.

Note:

This is not an issue, it is default security validation handling by the ASP.NET MVC. In some scenario we need to override this  security by using the ValidateInput attribute to prevent HTML explicitly.

Implementing ValidateInput attribute:

In default, ValidateInput parameter is true (ValidateInput(true).

[ValidateInput(false)]
public ActionResult GetDescription(FormCollection _inputDescription)
{
return View();
}

GetDescription View:


<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>GetDescription</title>
</head>
<body>
<div> 
<h1>GetDescription View : Making validation using ValidateInput(false) attribute</h1>
</div>
</body>
</html>


Run the application and apply the Html element as input (Ex : http://localhost:62536/dotnethelpers/ValideInput).

Now its redirect to the “GetDescription View” instead of throwing the potential error as shown below.




 


Make Note Before Use:


    

  • XSS (Cross site scripting) is a security attack where this can inject malicious code while input the entry.
    • 

  • In ASP.NET MVC, it prevented the above attract by default.
    • 

  • ValidateInput attribute is unsafe because it still allows others to inject malicious code.
    • 

  • It can be applied on the controller/action level, but not for model property.
    • 

  • Model level can be handle by using [AllowHtml] attribute
    • 

  • public class UserDetails
    
{
    
[AllowHtml]
    
public string userDescription { get; set; }
    
}
    • 



 


Happy codding !!!