Asp.Net 4.5 Request Validation

In Asp.Net 4.5 there is a major improvement from point of view of security by RequestValidationMode.

Now with asp.net 4.5 requestvalidation for all HttpRequests (emphasis on "all") there is one flag set which checks all the request data for any malicious data which is hinting towards any malicious attacks in terms of XSS, or sql injection or any anonymous script block to be executed. 

Prior to 4.5 and 4.0 requestvalidation was available for only Page requests but now with 4.5 with all HttpRequests since nowdays httprequests comes in form RESTApi also and now Http is more prominent language of the web then the html istelf and web has started talking more in terms of Http then HTML.

In Asp.net 2.0 if we want to ever save any data with any special character like <b>Bob<./b> coming from any of the textbox we have to put whole page at risk by putting @ValidateRequest attribute to False but with asp.net 4.0 request validation you dont have to put whole page at risk since you can control it at request level, page level and yes not at control level also.

Asp.Net 4.5 has introduced concept of lazy request validation feature which says that request validation will be triggered only if the control which is accessed is code have some malicious code inside it like <b>Bob</b> if that control is not accessed it will not be validated thus improving upon the performance also since its last implementation.

In order to utilize lazy request validation feature of Asp.Net 4.5 one has to make following entry in web.config 

<system.web>
<httpRuntime requestValidationMode="4.5" />
</system.web>

Any value less then 4 for requestValidationMode like 3,3.9,2.5 will  make the requestValidation behave in 2.0 mode.Now if we want to access the value while taking benefit of request validation following the format to access the value. Using following we can access the unvalidated value of txtName.

Request.Unvalidated.Form["txtName"];

Another new feature which is very useful it ValidateRequestMode property which is set to Enabled by default so if for any control or set of control if you want that its values are not validated you can set ValidateRequestMode property to Disabled.

Best Practices for LOB applications

img input type on click and return

Yday I faced a very strange problem

there is one user control who have a image button:

<input type='image' src=<URL of the image> onlick=removrrow(190,120)>

definition of removerow function was returning false.

<script>
function removerow(j,k)
{
...
...

return false;
}
</script>

Now the problem which was occurring was that when ever this image button gets clicked its was reloading the page. This image button was inside a usercontrol which loaded on a page which is opened inside a iframe which in turn is hosted on another page.

So this click was actually reloading the iframe which was opened on a click on another image button.

In order to stop this behavior I have returned false from removerow function since I have read in order to stop the page to submit or postback(you guessed it correct Asp.Net background) one can return false which I was already doing in this function but still it was reloading the iframe content.

My mind was gobbling arround what suddenly went wrong in this I tried lot of methods stoppropogation and cancelBubble= true but it was till posting the form.

In the end what I did I changed the way it was called from button click

Before:   <input type='image' src=<URL of the image> onlick=removrrow(190,120);>

After:    <input type='image' src=<URL of the image> onlick=javascript: return removrrow(190,120);>

And it worked. Yes putting return keyword as shown above made all the difference.

Happy Coding !!

My Day 2 Day jQuery issues collections

Hi Folks!!

In this post I am trying to put my day 2 day jquery problems which I face and fix. Hope you will enjoy reading as much as I enjoyed collecting them for you:

Problem:

     Textbox which should only allow time in HH:MM format and textarea should be disabled till the value is        in correct format.

Solution:

$('#txtTimeInout').keypress(function()

{

var data  = $('#txtTimeInout').val();

var patter = /^\d{2,}:\d{2}:\d{2}$/

if(data.match(patter))

{

 $('#txtarea').prop('disabled',false);

}

else

{

 $('#txtarea').prop('disabled',true);

}

}

)

Problem:

There was a iframe inside a window and inside the page loaded in that window there was a javascript function SaveQuestion() which I was supposed to call from page outside the iFrame in which that window is hosted.

Solution:

So on page on a button click I had to call that method. Following was the solution I implemented/

$('#btnSave').click(function() {

 

   if( windows.frames.length >=1)

 {

    if(typeof(windows.frames[0].SaveQuestion) === "function")

    {

         //Here function is being reference as object so we need to call it using call()

         windows.frames[0].SaveQuestion.call();

    }

 }

});

Hope it will be of help to someone.

Happy Solving!!