Articles : Page 1 of 1
-
Wishful Thinking: Why can't HTML fix Script Attacks at the Source?
Apr 1215The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as...
-
Using an alternate JSON Serializer in ASP.NET Web API
Mar 1209The new ASP.NET Web API that Microsoft released alongside MVC 4.0 Beta last week is a great framework for building REST and AJAX APIs. I've been working with it for quite a while now and I really like the way it works and the complete set of features it provides 'in the box'. It's about time that Microsoft gets a decent API for building generic HTTP endpoints into the framework. DataContractJsonSerializer sucks As nice as Web API's overall design is one thing still sucks: The built-in JSON S...
-
The evolution of asynchronous controllers in ASP.NET MVC
Jan 1209Asynchronous operations in ASP.NET MVC have always been left a bit behind. They appeared in ASP.NET MVC 2, remained untouched in v3, but now in MVC 4 (especially in combination with C# 5 and async/await) they reached the same easiness of use of the standard synchronous controller. Now (or better, in a few months with the release of ASP.NET MVC 4, .NET 4.5 and C# 5) you can write public async Task<ViewResult> Stuff() { return View(await DoStuff("Some stuff")); } In this post I’m going to...
- 1
