The Startup – WASP

So I started working on this personal project. Will reveal the details later but as of the moment, i’ve been cooking this project which I think would really help individuals to know the Philippines in detail (could mean plenty of things). That’s right, the entire Philippines. Here is a splash screen of the mobile app. Yeah just the splash screen for now.

39984954_10217849213010830_6267894900335837184_n

Coming soon…

Advertisements

How to avoid “Potential Dangerous Request.QueryString” in asp.net mvc

In some instances we might wan’t to allow html tags in our web application. But sad to say ASP.NET MVC blocks us from doing this. Chek out the below scenario. I want to add a comment and I want it italicized.

– Below is our form. When we submit this form it will result to?

ErrorOnPost

– Yes you are right, to an error. After submitting the form this is the result. By default MVC blocks potentially malicious scripts.

ErrorOnPost2

 

– But what if we want to allow valid htm tags such as the italics tag? What do we do then? One of the best ways I found is to block inputs containing <script> tags and allow those that are non script tags . So how do we do that?

Let’s modify our ActionResult a little bit by adding [ValidateInput(false)] attribute in our action.

[ValidateInput(false)]
public ActionResult AddComment(string comment)
{
     if (System.Text.RegularExpressions.Regex.IsMatch(comment, “<script>.*?</script>”)) {
          throw new HttpException(500, “Potantially malicious Request.QueryString detected.”);
     }
     else {
          ViewBag.Message = comment;
     }
     return View(“Index”);
}

As you notice from the above snippet I am checking if the input contains tags. If it does, I displayed the message that the input is not valid, otherwise, I displayed what they have typed in the message box.

– Once we run our app again and tried to input html tags appart from <script> tags, it run’s smoothly as shown below. Else we throw our own exception. disallowing script tags that might cause serious problems in our app.

PassedTag

And that is it. You are now allowing safe html tags in your web app.

Happy coding.

By the way the entire source is in github. https://github.com/francorobles/Blog/tree/master/HtmlInputsInMvc

Custom EntityFramework DbContext with VB.NET – Code first approach

First of all, let me say that I have used EntityFramework many times already but I want to know its inner workings and decided to do it for the starters. That is why I created this blog to share my experience when I did it in vb.net.For the remainder of this blog EF is EntityFramework.

So, now let’s get EF from nuget using package manager console in visual studio. At the time of this writing I am using Visual Studio 2013.

1. Go to package manager console.
PackageManagerConsole

2. Install the latest EF package which currently is 6.1.1.

PackageManagerConsoleConsole

3. Time to create our DbContext. What Im doing here is that I am inheriting from System.Data.Entity.DbContext,

Imports System.Data.Entity
Public Class EFContext
     Inherits DbContext
End Class

4. Lets Assign our connection string to our context.

Public Sub New()
     MyBase.New(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
End Sub

5. Lets create our entity

Public Class Users
     Property UserId As Integer
     Property Username As Integer
     Property FirstName As String
     Property LastName As String
End Class

6. Add our entity to our context

Private _systemUsers As DbSet(Of Users)
Public Property SystemUsers() As DbSet(Of Users)
     Get
          Return _systemUsers
     End Get
     Set(value As DbSet(Of Users))
          _systemUsers = value
     End Set
End Property

7. And finally lets override OnModelCreating method of our base class DbContext. Why I am doing this? Because I am telling our custom DbContext that I have an existing database and I don’t what you to touch it.

Protected Overrides Sub OnModelCreating(modelBuilder As DbModelBuilder)
     MyBase.OnModelCreating(modelBuilder)
     Database.SetInitializer(Of EFContext)(Nothing)
End Sub

And that is pretty much about it. You now have your custom DbContext using the code first approach.

The complete source is available in github. https://github.com/francorobles/Blog/tree/master/EntityFrameworkVB