On an asp.net mvc 5.2.4 model I have an email address field decorated thusly, with the System.ComponentModel.DataAnnotations.EmailAddressAttribute:
[DataType(DataType.EmailAddress)]
[EmailAddress(ErrorMessageResourceName = "EmailField", ErrorMessageResourceType = typeof(Messages))]
public string EmailAddress { get; set; }
It renders html that looks like this, an input of type "email":
<input type="email".../>
If I enter an email address without a full domain (eg "tom#yahoo") it passes client side validation, but it fails server-side validation. I only have to worry about 2 browsers (Chrome and IE 11), and it passes both of them client-side.
I think I understand what is happening. jquery.validate.js, the client-side validation, is following the international standard, which allows for emails without domains. The server-side is using a RegEx expression as long as my arm (see https://referencesource.microsoft.com/#System.ComponentModel.DataAnnotations/DataAnnotations/EmailAddressAttribute.cs) and throwing a validation error.
I'm guessing I'm not the first person to bump into this. Is there an attribute I can decorate an email address field with that corresponds exactly to input type="email" in the browser, so that if an email address passes client-side validation it will always pass server-side validation?
You could write your own validator. You already know the regex that MS is using and if you feel it is the more accurate/correct for your needs then you can "reuse" (in quotes as you will likely have to format it differently) the regex in your client side validator. This requires that you create your own ValidationAttribute for server side validation & to wire up to the client side you'll implement the IClientValidatable interface & add a method on the js validator.
You have a leg up in that you don't have to write it from scratch either. You can use the source code for the EmailAddressAttribute to get you started.
http://ezzylearning.com/tutorial/creating-custom-validation-attribute-in-asp-net-mvc has a nice writeup.
MVC custom validation: compare two dates has another example of doing both server & client side with comparing two dates but the idea of what to implement & how is the same.
My workaround is to remove the EmailAddress attribute, copy the regular expression used by client-side validation (jquery.validate.js v1.16.0 line 1356) and use that in a RegularExpression validation attribute, so my code now looks like this:
[DataType(DataType.EmailAddress)]
[RegularExpression(EmailRegEx, ErrorMessageResourceName = "EmailField", ErrorMessageResourceType = typeof(Messages))]
Where "EmailRegEx" is a constant with this value:
^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+#[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$
Related
I have an application built on ServiceStack and razor (no MVC). The application has a class with an integer field. When I enter an integer with thousand separator(comma) from a web page that allows me to enter data for the field, I get an error with something like "'23,586' is an Invalid value for 'Fieldxx'".
Is there a way to allow integers with thousand separator?
Thanks.
No integers are whole numbers, if you want to keep using an integer I'd recommend your Web Page strip any formatting before sending the API request otherwise change it to a string and convert it into an int inside the Service implementation.
I use Xamarin Forms with azure-mobile-apps-net-client with the .net backend. What I noticed is, that if I change a value in my mobile app for my model like
var dog = get_dog_from_sqlite_database();
dog.Color = "black";
and call
await dogTable.UpdateAsync(dog);
and then sync with the server, the Delta<Dog> patch object in the
public Task<Dog> PatchDog(string id, Delta<Dog> patch)
method in the backend, contains every property from my dog model, although changing just one value.
Is it possible to change some settings, that just changed values are patched to the backend? I ask, as I have to do some restrictions on who can change what values, so my backend code would be cleaner as I just have to look if a forbidden property was changed and then throw an exception.
No - when we do offline sync, we don't necessarily know which fields have changed - we don't keep that granular information. We just keep the new record. You can check out the operations queue in the SQLite database to confirm this.
I am using the IBM Social Business Toolkit. I have defined a connection for my Notes app via endpoints in the faces-config xml file. I wonder how I can access this file pro grammatically since I could not find a service that returns me the base url of IBM Connections.
It's useful to remember that an endpoint definition is really just creating a managed bean. The managed bean has a variable name you refer to it - the managed-bean-name property. You can access this directly from SSJS or via ExtLibUtil.resolveVariable() in Java. The definition also tells you the Java class that's being used, e.g. com.ibm.sbt.services.endpoints.ConnectionsBasicEndpoint. That really gives you all the information you need to get or set the properties.
So from SSJS you can just cast it to the class name, e.g.
var myService:com.ibm.sbt.services.endpoints.ConnectionsBasicEndpoint = connections
So the bit after the colon will be the managed-bean-class value and the bit after the equals sign will be the managed-bean-name. In Java, you can use
ConnectionsBasicEndpoint myService = (ConnectionsBasicEndpoint) ExtLibUtil.resolveVariable(ExtLibUtil.getXspContext().getFacesContext(), "connections");
You'll then have access to all the methods of the class, so you should be able to retrieve what you need.
The properties are part of the Java class, who are referred to in the Faces-Config.xml. So get the class by his fully qualified name or by bean name and set or get the properties
I think the best route will most likely be what Paul is suggesting: resolve the variable by its name and use the getters to get the effective properties that way.
Sven's suggestion is a good one to keep in mind for other situations. By accessing the faces-config.xml file as a resource, you could load it into an XML parser and find the values using XPath. I'm doing much that sort of technique in the next version of the OpenNTF Domino API, which will have a set of methods for manipulating the Faces config. However, one key aspect there is that reading the XML file directly will just get you the string values, which may be EL expressions, whereas going the resolveVariable route will get you the real current properties.
i have text box in my website. this text box give text value with form and post method.
this form search special text in database.
How can I be certain of the safety input data from sql injectin or xss.
Because of the nature of the ORM database style in Symfony2 you are naturally protected from SQL injection. Data that does not match the constraints set by your configuration or Validator class will be rejected before reaching the database anyways.
Data is automatically encoded before being passed into the Request Class. XSS is not possible because on both the receiving side and the outputting side the data is not in its RAW form unless you specify it to be, in which case you would negate the built in security anyways.
XSS in forms is not feasible because Symfony by default (when using the Form Class) will create CSRF tokens in your form submissions to validate the sender of the request. Unless you specifically disable them, they will generate automagically and be included in a hidden field.
The built in functionality of symfony is only a first step, the best practice is to use Data Transformers to ensure your data is of the format and type you expect it to be.
Data Transformers: http://symfony.com/doc/current/cookbook/form/data_transformers.html
Finally, on the note of SQL Injection, using the built-in Query builder or using the DQL language (if your using doctrine) is another layer of security to prevent injections when using highly customized queries.
I need validate multiple fields in the JavaScript Framework, but can't figure out how.
What kind of validation do you need?
Client side: you must use a Javascript validation framework. For example, this one is a good validation framework using jQuery.
Server side: you just need to use <f:validateXXX/> components. For exmaple, <f:validateLength minimum="2" maximum="8"/> will check that the field contains a value that has a size between 2 and 8 characters. Otherwise, it will throw an Exception. Note that there a few validator by default, and you will not be able to validate an email address, or something like that. However, it is really easy to develop your own validator...
Server side, using Ajax. This is almost the same thing as the previous type of validation, except that the validation is ajaxified, which means that a request will be sent to the server once the user fills a field, and then validate the field. This is usefull to check on the fly the value. The component library Richfaces offers such features.
JSF has validation framework that can be used for simple validations. Like mandatory, length, format etc.
In addition it allows you to write custom validators which are invoked for field validations once configured in myfaces file.
Also a bunch of fields can be grouped into "SubForms" which will let you validate several fields in a go. A seamless validation without page being submitted would require Ajax integration. (Richfaces is a good option)