Articles : Page 1 of 4
-
Wishful Thinking: Why can't HTML fix Script Attacks at the Source?
Apr 1215The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as...
-
Introducing Wijmo, a feature-packed jQueryUI based widget library
Feb 1229Lately I have been evaluating a few JavaScript based UI libraries for both my projects at work and to use for a new version of the bike climbs site called 39x27.com: it was quite nice to see that almost all component vendors are now embracing, some more than others, JavaScript together with the more traditional Web Controls for ASP.NET Web Forms. In this post I’m going to briefly cover the reasons why I ended up choosing Wijmo, and then I’m giving a quick introduction on the set of widgets ...
-
ASP.NET Web API (Part 1)
Feb 1224Earlier this week I blogged about the release of the ASP.NET MVC 4 Beta. ASP.NET MVC 4 is a significant update that brings with it a bunch of great new features and capabilities. One of the improvements I’m most excited about is the support it brings for creating “Web APIs”. Today’s blog post is the first of several I’m going to do that talk about this new functionality. Web APIs The last few years have seen the rise of Web APIs - services exposed over plain HTTP rather than through a more f...
-
ASP.NET MVC 4 Beta
Feb 1220A few days ago we released the ASP.NET MVC 4 Beta. This is a significant release that brings with it a bunch of great new features and capabilities. The ASP.NET MVC 4 Beta release works with VS 2010 and .NET 4.0, and is side-by-side compatible with prior releases of ASP.NET MVC (meaning you can safely install it and not worry about it impacting your existing apps built with earlier releases). It supports a “go-live” license that allows you to build and deploy production apps with it. Click ...
-
Abstracting away issues of HttpContext from your ASP.NET MVC controllers
Feb 1203I've noticed that I write software in one of three modes: For myself: Shortcuts, less testing, not well-factored. For myself but in public: Mostly POP Forums, which I try to avoid letting it suck since others will use it and see the code. For sharing: Any day job or gig where others will use or maintain your code. You don't want to unleash crapsauce on others. I have to admit that second case isn't the most clean of endeavors. While I'm generally happy with the forum app and the feedba...
-
XmlWriter and lower ASCII characters
Jan 1202Ran into an interesting problem today on my CodePaste.net site: The main RSS and ATOM feeds on the site were broken because one code snippet on the site contained a lower ASCII character (CHR(3)). I don't think this was done on purpose but it was enough to make the feeds fail. After quite a bit of debugging and throwing in a custom error handler into my actual feed generation code that just spit out the raw error instead of running it through the ASP.NET MVC and my own error pipeline I foun...
-
ASP.NET MVC + Selenium + IISExpress
Dec 1122The goal of this blog entry is to explain how you can create integration tests for ASP.NET MVC applications by using a combination of Selenium WebDriver and IISExpress. Integration tests are useful when you want to test an entire user story. For example, you might want to test whether a user can successfully add an item to a shopping cart. Adding an item to a shopping cart might require the execution of C# code, database code, and JavaScript code. Using an integration test, you can verify t...
-
Using SignalR to broadcast a slide deck
Dec 1106Last week, Ive discussed Techniques for real-time client-server communication on the web (SignalR to the rescue). Weve seen that when building web applications, you often face the fact that HTTP, the foundation of the web, is a request/response protocol. A client issues a request, a server handles this request and sends back a response. All the time, with no relation between the first request and subsequent requests. Also, since its request-based, there is no way to send messages from the serv...
-
New NuGet.org Deployed!
Dec 1106So my last day at Microsoft ended up being a very long one as the NuGet team worked late into the evening to deployan updated version of NuGet.org. I’m very happy to be a part of this as my last act as a Microsoft employee. This is complete re-write of the gallery. Why a rewrite? We’ve learned a lot since we first launched, and our needs have evolved to the point where a rewrite made sense. The new implementation is a vanilla ASP.NET MVC 3 application and highly optimized to be a gallery wit...
-
New ASP.NET website launched
Dec 1102A few weeks ago we introduced a beta of a freshly designed http://asp.net website. Today we launched it. Jon, myself, and the team that manages the site took lots of your feedback (lots from the comments of the Beta Blog Post) and did our best to incorporate as much as we could. This is just the start, and we've got lots of plans for the future including responsive design, more text content, localization, more HTML 5, HD Video, closed captioning and lots more. It is a big site with a thousa...
