Articles : Page 1 of 1
-
Wishful Thinking: Why can't HTML fix Script Attacks at the Source?
Apr 1215The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as...
-
Rebuilding CoasterBuzz, Part III: The architecture using the "Web stack of love"
Apr 1203This is the third post in a series about rebuilding one of my Web sites, which has been around for 12 years. I hope to relaunch in the next month or two. More: Part I: Evolution, and death to WCF Part II: Hot data objects I finally hit a point in the re-do of CoasterBuzz where I feel like the major pieces are in place... rewritten, ported and what not, so that I can focus now on front-end design and more interesting creative problems. I've been asked on more than one occasion (OK, just...
-
ASP.NET MVC 4 Beta
Feb 1220A few days ago we released the ASP.NET MVC 4 Beta. This is a significant release that brings with it a bunch of great new features and capabilities. The ASP.NET MVC 4 Beta release works with VS 2010 and .NET 4.0, and is side-by-side compatible with prior releases of ASP.NET MVC (meaning you can safely install it and not worry about it impacting your existing apps built with earlier releases). It supports a “go-live” license that allows you to build and deploy production apps with it. Click ...
-
Using QUnit with Razor Layouts
Dec 1111Given how central JavaScript is to many modern web applications, it is important to use unit tests to drive the design and quality of that JavaScript. But I’ve noticed that there are a lot of developers that don’t know where to start. There are many test frameworks out there, but the one I love is QUnit, the jQuery unit test framework. Most of my experience with QUnit is writing tests for a client script library such as a jQuery plugin. Here’s an example of one QUnit test file I wrote a ...
-
Loading jQuery Consistently in a .NET Web App
Oct 1110One thing that frequently comes up in discussions when using jQuery is how to best load the jQuery library (as well as other commonly used and updated libraries) in a Web application. Specifically the issue is the one of versioning and making sure that you can easily update and switch versions of script files with application wide settings in one place and having your script usage reflect those settings in the entire application on all pages that use the script. Although I use jQuery as an exa...
-
Adding Export Capabilities to the Razor WebGrid
Sep 1103When MVC first came out I really missed having a grid control. Now a few years later, we finally have a grid control again. In case, you didnt know the WebGrid was included in the System.Web.Helpers assembly which shipped with MVC 3. After using a variety of grid controls over the years I was actually glad that the API for the new WebGrid was kept clean and simple. Here is a screenshot of what the grid looks like: To display a grid on a razor view page, you basically create a new grid objec...
-
Text templating using Razor the easy way
Aug 1102As a web guy, I’ve slung more than my fair share of angle brackets over the tubes of the Internet. The Razor syntax quickly became my favorite way of generating those angle brackets soon after its release. But its usefulness is not limited to just the web. The ASP.NET team designed Razor to generate HTML markup without being tightly coupled to ASP.NET. This opens up the possibility to use Razor in many other contexts other than just a web application. For example, the help documentation fo...
- 1
