I am sending over a series of array values from a posted form to an MVC3 Controller. I was hoping the default modelbinder would be able to parse this but I'm having some difficulty with it.
The array is in the following format:
order[0].[type]=some value.
I think this is the reason the model binder is not parsing my values because I'm not getting anything populated in my model.
What would be another way to handle this?
Probably need to post more of your code so I can see what you are doing exactly. However saying this you need to pass the model to the view/partial view on the response you are trying to retrieve on the post request.
If not you will have to iterate through the Form Collection that will be returned and the Actions Methods type e.g. ActionMethodName(FormCollection form), one issue is name versus id its the name of the Kendo UI control that is used to get the value not the id.
1As far as I remember the right format was:
orders[0].OrderID=13;
orders[0].Name="test";
orders[1].OrderID=15;
orders[1].Name="again test";
The indexing should start from 0 and increase by 1.
Check this out: http://haacked.com/archive/2008/10/23/model-binding-to-a-list.aspx
Related
In a MVC app we implemented a mini forum. New posts in this forum are ajaxed. The AJAX POST action either returns a response form (partial view) or new post html and form html as a JSON.
New post and form are both rendered from views by this method. The model provided for the form has some null values, but the corresponding inputs store values taken from POST data (I verified the generated data to make sure it's not something that is done by the browser). The inputs are generated by html helpers (such as TextBoxFor).
So my question is, is this normal behavior in MVC and if it is, then how do I go about making those inputs have empty/null values (or even some specific value)? When debugging the values in the model are exactly as I set them (which is null, but same thing happens for any value really), but inputs for this very model still hold values taken from POST data.
I tested how does this work with good old PartialView instead of rendering html to string and returning it through JSON, but the results were exactly the same (so the method I use for rendering those views should be unrelated to the problem).
I came across this question: View data dictionary overriding model data in ASP.NET MVC
But from what I checked in my app, the POST data isn't actually stored in ViewData and the OP wasn't AJAXing data so redirects made more sense in his case.
I came across this post which explain this problem in detail and shows ways to deal with it.
To sum it up. Yes, this is normal behavior of htmlHelpers during POST action. To prevent it you can run ModelState.Clear(); in your post action (preferably just before you return\render the view). Optionally it is also possible to remove just one field using ModelState.Remove("PropName"); where PropName is the name of the model property which you don't want to be passed from POST data.
I am able to successfully retrieve an object via POST action.
I am trying to build a proof of concept for dynamic treatment of form values posted, so that I do not know at design time what those names or values will be.
Is there a particular type of binder or formatter etc. that should be added after [FromBody] attribute in the post action to achieve this?
Essentially I need a name-value-pair. I tried KeyValuePair and dynamic. Dynamic returns an object. I don't know how to get the key names and values out of it.
This should do what you are looking for.
public HttpResponseMessage Post(FormDataCollection collection) {
...
}
I have a model and a form in the view. I have a simple field of string which is called description. I'm able to insert scripts like: <script>alert('xss')</script> to that field.
I can see that in other actions on my site with other models I can't
I do not have an AllowHtml or anything like that.
the only difference is that for this model I use a post with a json object and content-type of application/json
the ModelState.IsValid is returning true. even though there is a description property with an xss script on it...
and for the other actions I make a simple ajax post.
why isn't the validation input work on this kind of JSON ajax posts?
how can I prevent xss across the entire site for this kind of ajax requests?
thanks
It is because ValidateInput is only for FormValueProvider. As for JsonValueProvider, you need to roll out your own mechanism.
Steps
1) Create a marker attribute CustomAntiXssAttribute
2) Create a custom model binder by sub-classing DefaultModelBinder
3) Overrides BindProperty method -> get the attempted value for the underlying property, sanitize it and assign it to the view model property.
Check this out.
Edited:
Replace the line var valueResult = bindingContext.ValueProvider.GetValue(propertyDescriptor.Name); with var valueResult = bindingContext.ValueProvider.GetValue((string.IsNullOrWhiteSpace(bindingContext.ModelName) ? string.Empty : bindingContext.ModelName + ".") + propertyDescriptor.Name); in order to support nested ViewModel.
try using AntiXssLibrary from Nuget, and by using getSafeHtmlContent. you can get the safe content while you're saving your records to db.
Another approach is to use a Sanitizer library like this one, you can choose which HTML tags you want to be filtered out.
My form (Html.BeginForm) was submitting well, i added some records over the period of one month using this form.
Then i did some cleanup (i don't remember those cleanups :( ) and tested the form after some time and now it is not submitting with a date value.
I mean, there are some date fields associated with master and child models, if child's date fields are filled (no matter parent's date is filled or not), the form does not get submitted and if these are empty then it does provided this is the first attempt i.e. if i attempt first with filled dates and then with empty dates, submitting does not work. I have two validation summaries with excludePropertyErrors true and false, no error is shown.
I had custom date format, dd-MMM-yyyy, and respective unobtrusive validator as jQuery.validator.methods["date"]. The behavior is same after removing these on both IE and Chrome.
However, a sample form submitting to the same controller's action on the same view with a sample model depicting the same structure works fine !!!
How to troubleshooting this??
Seems to me that the model binder is working correctly for your expected params, but that specific form is not passing in the values correctly (while your test form does).
These are the things your should try:
Use the browser's built in network logger and see what your POST looks like
Check the cAsE and spellnig of your variable names on the form (they should match your params/POCO on the action signature)
Hope this helps some.
Thanks BiffBaffBoff for compare the two. I figured out the problem by enhancing the sample model, controller and view, adding fields and validations one by one and finally got the issue. It was my authorization action attribute which was missing on one of the Remote validation action for date, my controller requires authorization.
Thank you all who tried to help me out, without even looking at single line of code.
I've a small doubt. I use Spring SimpleFormController with a form backing object.
Let's say my formBackobject has the following member:
- Id
- Name
- Sex
on the jsp page, I only bind name and sex to input field. when i submit the form, the backend controller can remember the value of the id field and so can distinguish whether this is a "new" or "edit' mode.
Could you tell me the trick behind this?
Thanks,
In my opinion you need to override isEqual() and hashCode() function.
In my code I'm generating uuid and assign it to String and then implement isEqual() and hashCode() where I'm comparing these strings.
Such technique is very useful for Hibernate as well and it will assure you that you always generate unique object.
The 'trick' behind is that the form is kept in session. When you submit the form, only 'name' and 'sex' fields are overwritten and Id is left as it is.
It's logical to think that the id is saved in session. you're right. I don't submit the id value, but spring can auto load its value into the id field.
All this is done automatically behind the scene. And that's what caused my confusion since the first place.
Anyway, all of this are assumption made by you and me. It may not be true from the documentation.