Output and Encoding in ASP.net 4.0

Pre .NET 4.O

Prior to  ASP.NET 4.0 (and especially with MVC) when a user outputted information to a webpage they used <%= Server.HtmlEncode(modelViewStore.Content) %>

The reason for the Encoding is primiarily to prevent XSS (cross site script injection) whereby someone may try to inject some client side script or HTML Markup to vandalize a site or to steal valuable information.

This approach has a few shortcommings; like,

* Users may forget the encoding
* bit verbose

 


.NET 4.0

A new nugged has arrived:

<%: modelViewStore.Content %>

WaitCursor and MVVM

Ever wondered how to display the correct cursor in an application that is databinded to async methods?

Pretty easy solution, just databind the cursor on the window itself.

Here's how:

  • Add an IsBusy property on the DataContext (and implement INotifyPropertyChanged on it)
  • Add the following to your window xaml

[code:c#]

xmlns:valueConverters="clr-namespace:XXX.ValueConverters"
Cursor="{Binding IsBusy, Converter={valueConverters:CursorExtensionConverter}}" 

[/code]

 

  • Create the following ValueConverter

[code:c#]

public class CursorExtensionConverter : MarkupExtension, IValueConverter
{
    public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture)
    {
        if (value != null && ((bool)value))
            return Cursors.Wait;           
        else
            return Cursors.Arrow;
    }

    public object ConvertBack(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture)
    {
        throw new NotImplementedException();
    }

    public override object ProvideValue(IServiceProvider serviceProvider)
    {
        return instance;
    }

    private static CursorExtensionConverter instance = new CursorExtensionConverter();
}

[/code]

 

Note: Use of MarkupExtension