I am having a look at Kendo UI's widgets, and I can't find any reference to how they protect against XSS attacks in their documentation.
Any idea of how this works?.
Cheers.
In the end you have to do this on the server side. If you are on .NET you can use the AntiXSS nuget package.
If you don't want to integrate it yourself I can recommend ASP.NET Boilerplate
HTH
Related
The MVC plugin for Glimpse can supply information on model binding that's taking place within a web application.
Do MVC and WebForms share the core libraries for model binding, and if so would installing the MVC plugin into a WebForms site:
Kill the application?
Do nothing useful?
Show lots of lovely debugging information?
Just trying to get an idea of how likely it is I'll spend the rest of the day unpicking an unholy configuration mess if I try something so crazy.
Glimpse WebForms 1.0.1 was released recently. See the Glimpse 1.7.0 released – First class WebForms support & MVC5 blog entry on the Glimpse website for details about what is included. Glimpse.WebForms provides page life cycle details, timeline integration, details about the ViewState and control tree, and more.
Unfortunately, the model binding in WebForms and MVC are based on completely different implementations and aren't really related.
What this means is that installing the Glimpse.Mvc* package will basically do nothing useful.
You can/should install the Glimpse.AspNet package which will provide a good amount of lovely debugging information.
If you have anything specific you'd like Glimpse to support in WebForms, please submit a feature request on our GitHub issue tracker.
I created a new ASP.NET 4.5 WebForms project and found a bunch of extra javascript files pertaining to GridView, DetailsView and other data related components as well as MSAjax. I assume they are to help with AJAX on data components, but I don't know how to use them.
I read almost every ASP.net announcement and haven't heard anything about these files and searched Google and didn't find anything either.
Those files belong to the Microsoft Ajax Library,it's a collection of tools similar to jQuery. MSDN describes it like this :
"Microsoft Ajax features enable you to quickly create Web pages that provide a rich user experience and that include responsive and familiar user interface (UI) elements. Microsoft Ajax includes client-script libraries that incorporate cross-browser ECMAScript (JavaScript) and dynamic HTML (DHTML) technologies. By using Microsoft Ajax, you can improve the user experience and the efficiency of your Web applications."
You can see the reference here : Microsoft Ajax
I'm wondering, which css framework is best suitable for ASP.NET MVC 3?
I've tried yaml and it has several drawbacks in my opinion, at least using with ASP.NET MVC 3:
uses inputs for buttons by default (so, not compatible with jquery ui, because jquery ui uses buttons in dialogs for example).
you need to adjust css for ASP.NET MVC 3 validation.
I don't like how they describe forms (well that is may be only my
subjective opinion regarding this, anyway you need to use custom
editors if you wish stick to yaml css style).
some css class names are not very intuitive.
Nothing, that would be show stoppers, but maybe there's better alternative - something, that is adapted for ASP.NET MVC specifics, or may be ASP.NET MVC project stub, adapted to yaml css framework.
Update: OOCSS looking good, is lightweight and good structured, worth checking out.
Update 2: TwitterBootstrap is getting popular too, you can get it for asp.net mvc here http://nuget.org/packages/Twitter.Bootstrap
I have used both Blueprint (http://www.blueprintcss.org/) and 960Grid (http://960.gs/) quite successfully with MVC.
But more recently I am leaning towards "BlueLess" (https://github.com/michaek/blueless) - a ".LESS" (http://lesscss.org/) version of Blueprint together with the simply excellent "Chirpy" (http://chirpy.codeplex.com/) VS2010 add-in which automagically converts and minimises CSS, Javascript, LESS, CoffeeScript etc. quite transparently. A simply wonderful tool.
Both Blueprint and 960Grid are for layout and typography ... for form design/styling I would look at the standard JQuery UI framework (http://jqueryui.com/) .. or perhaps the Telerik MVC Extensions (http://www.telerik.com/products/aspnet-mvc.aspx)
Hope this helps.
I am starting a project with Sitecore, I have looked for different possibilities. I have some experience with MVC but I don't understand why you want to combine this with Sitecore (6.4).
What are the benefits? Are there any examples of the implementation of (the code of) this (not the configuration on: http://sdn.sitecore.net/upload/sitecore6/64/integrating%20an%20asp.net%20mvc%20web%20application%20in%20sitecore%20cms-usletter.pdf)?
Or why shouldn't I use MVC with Sitecore?
So when should I use Sitecore 6.4 with MVC3 and when not? And are there any (code)examples?
Thanks in advance!
I've successfully implemented my own MVP implementation using Sitecore. MVP is a bit more forgiving than MVC, and can easily be integrated into web forms based applications. I used T4 templates to generate Models directly from Sitecore templates using the built-in webservices which worked really well.
Sitecore doesn't support MVC yet (in the recommended release), and trying to make it work is probably not worth the effort. I believe they are working on a version that supports MVC properly, which may be the link you provided. However it's probably also very new and there is a lot of functionality in the old version that relies on web forms. I'd like to see it working under MVC in an official capacity for a few more iterations.
Implementing patterns such as MVC and MVP are all about separating concerns and making your presentation layer unit testable. It also encourages more elegant design.
Just reading the doc it looks like this is a guide for running Sitecore in parallel with MVC. I can't see anything about new rendering mechanisms for Sitecore, which would make templating difficult in anything other than web forms. It would however allow you to use the Sitecore API to build your own templates via MVC Views, but you would loose the inline editing functionality that you get out-of-the-box with web forms.
Using mvp is probably the simplest way to go. I wrote a blog post about it here.
However, we have used MVC3 with Razor before and it worked very well. The only issue is you lose the ability to use Page edit mode as you have to do some hacking of sitecore to get it to work. I'm contemplating writing a blog post about it if people are interested.
Just to follow up.. MVC is now supported in 6.6, which will be released on November 5th 2012. We just saw a demo from John West at the Sitecore Symposium and it looks like a great framework. One of the best things about it is that you can use MVC side-by-side with Web Forms. You don't have to make an all-in bet for MVC, you can just slowly migrate or build new components in MVC, while still running Web Forms throughout your site.
I'm looking for a basic markdown component for ASP.NET MVC and Razor. I don't need anything fancy or particularly extensible, it just needs to play nice with MVC and be compatible with the BSD License.
(A NuGet package is a definite plus.)
Have you looked at Markdown Sharp used by stackoverflow?
http://nuget.org/List/Packages/MarkdownSharp