I'm very new to MVC (just started 2 days ago), and I would like to know what the best practice is for outputing HTML.
I have a model named Tools.cs which contains the code below. It uses a stored procedure to return a recordset of menu items, and another to return a second level of menus for each first level menu. In another function, I then loop through the recordset and generate the HTML code to display the menu in a string, which is then returned.
I then have a controller MenuController.cs which calls the GetMenu method and puts the returned HTML string in the ViewData["RightMenu"].
I then have a view which displays the result.
My question is: would it be better practice to return my datareader to the controller into ViewData["RightMenu"], and then loop through it and construct my HTML in the View instead?How would I get that to work with that second level of menus?[Code]....
Above Web Method compiles but does not work. Originally was using Console.* stuff, but that didn't work either. The string arguments are remote URLs. What's wrong with this code?
I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database?
</div> in this case both of this divs are part user control progress bar i'm making, from not related reason i couldn't use ASP.NET elements and had to go back to the traditional HTML elements.so to be able to give those elements dynamic attributes such as tooltip, id, class i had to add literals inside those elemtns..
My Problem Simply is when i create a Literal Control and I put at the text property Html Input
(<input type="text" name="textfield17" id="textfield17" />) and create an control button and But at the click event of the control button :
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Response.Write(Literal1.Text) End Sub
and When I run the application I will find at the literal control a text box when i Type any text at it and click the button it return another Literal have only Html Input control without the text it entered
I'm building a html table dynamically in an ASP.NET code behind file using C#. I basically loop through a set of data which is an unknown number of records and split a string containing all the values to make the required number of tds. I display the html by assigning it to an asp:Literal control. However I can't get the table to fit the screen - the browser is adding a horizontal scroll bar and the full table is well off the screen. I tried in IE 8 and FF 3.6.13. Most things I've read online about it say to set the width to 100%. I'm doing this but it's having no effect.
I am streaming HTML content into a Literal control in an ASPX page, and am continually running into a problem where the page loads fine the first time I try it, then subsequent attempts fail to load.
The purpose of the aspx page is to act as a 'broker' to another process that produces streamed HTML output, which then needs to be resolved by the browser.
The reason I'm not just using HtmlTextWriter to stream out the code to the Response object is that the streamed HTML contains framesets, and I am forbidden from modifying that code in any way, so I must keep the streamed code intact. In spite of the fact that frameset HTML hardcoded into the ASPX file would work, it does NOT resolve streamed frameset code!
In any case, streaming into the literal (by creating a string that is assigned to the Literal's Text property) works just fine -- the FIRST time I load that page. If I exit the page, then try to reinstantiate, it FAILS, producing an empty HTML file (containing only "<HTML></HTML>").
We have a service that generates a report (using word templates and a 3rd party library), and then returns a string in HTML. While this HTML isn't great - its formatted correctly in this string. We want this HTML to show up on a page - format intact. What we currently have done is set an ASP.net Literal's text element to this string. While this works, I have noticed that it has reformatted the HTML string slightly. For the most part, it looks like it generated a bunch of new CSS classes, and a new style element in the HTML. This HTML does not exist in the string thats being returned. I could filter all of this back out, but wonder if there is a better way. I assume that the Page itself is altering something. What is the best way to display this raw HTML back to the user? I can't directly use a Response.Write(string), because this page does have a few other controls on it.
I've put (spaces between & and gt above code otherwise it was not showing in stackoverflow.) The HTML sysntaxs are correct because it's created by an HTMLEDITOR.
I'm looking for a regex that will allow Alpha Numeric and most all special characters except white space. It should be usable in c#. It would be nice if .net supported posix style but I can't seem to get it to work.
What is the best way to disallow editing of existing entries in ASP.NET Dynamic Data while it should still be possible to add new entries? If possible, I would prefer a solution without custom templates.
Here is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.
It loads the Mp3's in by javascript...example below:
AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });
This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.
Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.
I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.
How do I achieve this:-When user types character like 'abcd' and then '>'(an invalid character for my application), I want to set the text back to 'abcd'. Better if we can cancel the input itself as we do in winforms application. This should happen when user is typing and not on a click of button.I want this to be applied on all text boxes in my web page. This will be easy if the solution is jQuery based. May be something which will start like this.$("input[type='text']")SOLUTIONI used both of the answer provided by @jAndy and @Iacopo (Sorry, couldn't mark as answer to both) as below.
$(document).ready(function() { //makes sure that user cannot enter < or > sign in text boxes. $("input:text").keyup(purgeInvalidChars)
I have 50 checkboxes that I need to write onto an aspx page. Each checkbox comes with 3 textboxes.
Example:
chkbox State Name donation new donation chkbox CA Sam 10 15 chkbox AK Sam 15 20
Now this shall go for all 50 states, depending on which states the person wishes to donate. In each state's row shall be a checkbox. So initially the page shall have value 0.00 in donation and new donation checkboxes, but all 50 states shall be visible. When the person puts a value of donation in certain state, that state shall get "checked" value and the donation, after submitting. On reloading, the value shall be populated automatically and checkbox checked automatically.
How do I make these 50 checkboxes in VB.NET? Do I have to write the table in .aspx with 50 <tr> tags, and then have VB.NET code populate it? Can I otherwise dynamically write these checkboxes from VB.NET code?
I have a file, a.pdf, stored on a SharePoint server behind Windows authentication. I want to make a.pdf available through another Web app with forms authentication. Basically, link is clicked and up pops the open / save as dialog for the pdf (or other document file) I've set up my HTTPWebRequest and passed credentials, getting my data into a stream (file.GetResponseStream).
I've tried converting the stream to a byte array and then using response.write or response.output.write with no luck (stream not seekable) I've tried using a streamreader and doing a response.write(streamreader.readtoend()) and response.write(memorystream.toarray(),0,memorystream.toarray().length) with no luck (the message received from the server could not be parsed).
return Json will serialize my string to a jSon string, this i know but it likes to escape for some reason, how can i get rid of it? for info this is how i call it with jQuery:
I'm creating an ecommerce site using asp.net and a Access Datasource, I have used the pre-defined logging in and registering controls provided by Visual Studio 2010 which stores the user data in a SQL server.
For my site the content of the shopping cart is uploaded to a table in the access database, I need to however save the contents of the cart to a specific user ID. For example if User number 1 orders book id's 4,7,2 this needs to be saved, but if user number 2 comes along and orders 4,1,7 this needs to be saved for them as well.
So a user can have many carts, this is sorted in access but with the user ID being saved to a different database is there anyway I can link the two databases so I can say
"Save bookid's 1,2,3 in tblcart where userID is the same as the logged in user"
If I have a strongly typed view e.g. Inherits="System.Web.Mvc.ViewPage>" %> And i want to output the list of items in the model, when I use "Add view" within visual studio i get the following html code generated below.Is there anyway to eliminate the Magic string "Version" when outputting the table column headers?
I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder(); //loop through items in the collection for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++) { sb.Append("<script type='text/javascript'>"); //add +1 to each item sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1); [code]...
I have a javascript to enable text boxes when called, I want to trigger this code when a user picks value "Custom" from a dropdownlist, so that I can display/Hide these new textboxes.