Monday, December 26, 2011

Avoid "A potentially dangerous" error in MVC 2.0

When we need to post some HTML contents on server side, on form post in MVC 2.0, we can simplay write ValidateInput(false) above method declaration to avoid run time unhandled exception : "A potentially dangerous Request.Form value was detected from the client"

The complete syntax for the same is as follows

[AcceptVerbs(HttpVerbs.Post), ValidateInput(false)]
public ActionResult Save(YourViewModel model)

Additionally we need to do following setting (only for net 4.0) along with above solution,

With 4, we will need to configure the validation mode in the web.config as well.

Set the following as a child of the <system.web> element:
<httpRuntime requestValidationMode="2.0"/>

Asp.Net 4 sets the requestValidationMode to 4.0 by default, which tells the system to perform request validation before the BeginRequst phase of the HTTP request. The validation will occur before the system reaches the action attribute telling it not to validate the request, thus rendering the attribute useless. Setting requestValidationMode="2.0" will revert to the 2.0 request validation behavior, allowing the ValidateInput attribute to work as expected.

Thanks for Reading
Happy Programming :)

Unescaping unicode characters in C# encoded in JavaScript

Recently I came across a problem where I need to post HTML content (through JSON) in AJAX call and was end up getting "A potentially dangerous Request.Form value was detected from the client"

This problem lead me to learn a new thing which I thought may helpful programmers in many cases.

The problem:

I used java script escape funnction to encode html contents which I need to decode on the server side.
JavaScript escape and unescape are very powerful functions, but they do have its various idiosyncrasies that do not work appropriately with the standard escaping methods in the serverside C# code.

The regualr methods we have on C# to handle escaping/unescaping are:

  • Uri.EscapeDataString
  • Uri.EscapeUriString
  • HttpUtility.UrlEncode
  • HttpUtility.URLPathEncode

but none of these return a properly unescaped string as escaped by the JavaScript conterpart. 

The solution:

Fortunately for us, Microsoft's own JScript libary has it's own, serverside implementation of the JavaScript encode/unencode methods, that do the job exactly as expected. They are exact equivalents.

  • Microsoft.JScript.GlobalObject.unescape(string escapedString) 
  • Server.UrlDecode(Microsoft.JScript.GlobalObject.unescape(string escapedString))

To use it in your code: Reference Micrtosoft.JScript.dll in your project.
Use the static methods in GlobalObject to do the escape/unescape

Thanks for Reading
Happy Programming :)

Wednesday, July 27, 2011

C# Version History

C# Version Wise Features

C# 2.0

  • Generics
  • Partial types
  • Anonymous methods
  • Iterators
  • Nullable types
  • Private setters (properties)
  • Method group conversions (delegates)

C# 3.0

  • Implicitly typed local variables
  • Object and collection initializers
  • Auto-Implemented properties
  • Anonymous types
  • Extension methods
  • Query expressions
  • Lambda expressions
  • Expression trees

C# 4.0
New features Whitepaper

  • Dynamic binding
  • Named and optional arguments
  • Generic co- and contravariance

C# 5.0 (planned)

  • Asynchronous methods
  • Compiler as a service

Wednesday, January 19, 2011

Find Screen Resolution Using Javascript

You Can find screen Resolution in javascript using following code:

var screenW = 640, screenH = 480;
if (parseInt(navigator.appVersion) > 3) {
    screenW = screen.width;
    screenH = screen.height;
else if (navigator.appName == "Netscape"
    && parseInt(navigator.appVersion) == 3
    && navigator.javaEnabled()
   ) {
    var jToolkit = java.awt.Toolkit.getDefaultToolkit();
    var jScreenSize = jToolkit.getScreenSize();
    screenW = jScreenSize.width;
    screenH = jScreenSize.height;
document.write("screenW " + screenW );
document.write("screenH " + screenH );