I am trialing jqgrid.net mvc and have noticed that any server error that happens in an add or edit popup dialog, ends up rendering the entire error page in the popup, which is not very pretty. Does anyone know if it is possible to handle this better and perhaps just put a brief message in the dialog instead, a bit like the way validation errors are handled.
You can use errorTextFormat. You can find some code fragments in the answer and in the answer. I would recommend you to post HTTP error messages in JSON format. For example, in case of ASP.NET MVC you can use HandleJsonExceptionAttribute described here. It will convert all unhandled exceptions in the severe code to JSON response instead of default HTML response. You can easy modify the code to provide JSON response only if the client requested JSON format in the server response. The JSON response you can easy parse, but even in case of pure HTML response you get only the most important part of the response with respect of jQuery selectors and return from your implementation of the errorTextFormat callback.
Related
Good morning. I am new to logic apps and I am trying to figure out how I can trigger the execution based on a GET URL with three parameters. All the examples I've found on Google show the URL being generated once the JSON and relative path is entered, but that's not happening for me. Perhaps it's because I am creating the logic app in VS.
Here's what my "When a HTTP request is received" step looks like in the logic app.
I also tried removing the JSON and just using the parameters to pass the values to the function, as shown below. I'm just not sure the best way to do this.
All I really need to do is get the three parameters into the logic app so I can perform a function call with the parameters. Any suggestions would be greatly appreciated!
Why is my HTTP request URL not being generated for a Logic App?
You need to click save, and then the url will be automatically generated for the When a HTTP request is received trigger:
You can use this expression to accept values through GET parameters:
triggerOutputs()['queries']['parameter-name']
For example:
Note:
Queries need to pass parameters in the form of json.
I recorded a .net application using JMETER. After correlating and playing back it throws the below error. I have seen few posts which says eventvalidation has to be set false. Is there any other way to get rid of this error in Jmeter?
505|error|500|Invalid postback or callback argument.
Event validation is enabled using in configuration or <%# Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them.
If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation
I have used added Regular expression extractor for all the VIEWSTATE and EVENTVALIDATION. However i am still getting this error.
Could you please help me in this.
Thanks in Advance
Theju.
Most probably your Regular Expression Extractor for the EVENTVALIDATION is failing to extract the value. Please double check the relevant variables using Debug Sampler and View Results Tree listener combination (see How to Debug your Apache JMeter Script artice for comprehensive information on JMeter scripts troubleshooting) to ensure that they are extracted and have non-default values.
The other point is that due to ASP.NET web applications specifics you need to extract these values from each and every request, if you do this for 1st request only - the second will be successful, but the 3rd and all further will fail.
References:
Understanding ASP.NET View State
ASP.NET Event Validation and “Invalid Callback Or Postback Argument” : Part II
Page.EnableEventValidation Property
I am trying to work out a way to provide a CSV download through a Spring 3 Portlet. I have a method that uses the #ResourceMapping annotation to define a handler that takes some report params in the form of a #ModelAttribute, builds the report, and returns it. The catch-22 I am running into is validating the parameters being send in from the client form.
If I make the handler a #ResourceMapping, I can set the headers and write out the report as using the ResourceResponse, but I can't seem to figure out how to redirect the user back to the Portlet view with errors when their input fails validation. However, if I make it an #ActionMapping, I can then check the BindingResults and forward them back to the form as needed, but the ActionResponse doesn't allow me to set the Content-Disposition header nor write out the CSV bytes, which is sort of critical for sending the report back.
I am at a total loss here, as I don't even know what my options are. Is it even possible to do what I am trying to do with a Portlet? Are there other examples I could look at for a possible work-around?
I suggest you to use both #ActionMapping and #ResourceMapping to fulfill your requirement.
As you said you were able to handle the validation errors using the #ActionResponse, I'll tell you how to handle the Resource Streaming.
As you know every #ActionResponse is followed by a #RenderResponse, just return the same view but, with a hidden iframe this time whose src points to the ResourceURL.
Now the Request you receive in #ResourceMapping is something which is already Validated. So, you can now serve your CSV.
I dont know how complex is your UI and if you are using jsp as views in your application. If nicely managed, Validation can be handled by #ResourceMapping.
Thank you
Is there any built-in support for validating malicious input within the Web API, similar to forms with MVC?
If not, could anyone suggest a "global" filter/message inpector/whatever to validate against malicious input? I'm trying to avoid validating all of my models/parameters individually...
No, I don't believe there is such support. Here's why. The input validation support with Web Forms/MVC was a stopgap measure. But encoding output is the better XSS fix; validating input doesn't work perfectly, as what input is "bad" depends on how you'll be outputting it (as part of HTML element source, as part of JS source, in an HTML attribute value, as part of a SQL query, etc.).
So I'd recommend against generic, global input validation as the solution to XSS concerns. Instead, make sure you're always encoding input correctly before outputting it (or passing it on to another layer, such as a SQL DB). For output, if you're using the normal Web API mechanisms for returning data (model classes with content negotiation/formatters), the formatters should handle the content type-specific encoding for you.
I believe XSS is not relevant to ASP.NET Web API. Here is why I think so. Suppose, in the request body, say I get a JSON like this "input": "<script>alert('hello');</script>" and the web API stores the "input" which is bound to some property as-is into a database and retrieve it as-is in a subsequent GET request and sends that off to a client, it is still okay. It is the responsibility of the client to ensure this data is escaped correctly. So, when this input property is serialized to say a web application, before it writes to the browser, the client web app must HTML encode. Web API doing this generally does not make sense because a web API can be consumed by other clients say a WPF application where XSS may not be applicable. Or am I missing any specific case you have in mind?
Why dont you use HttpUtility.HtmlEncode?
Input should always be validated. It doesn't matter where it is going. A name field should return a name string, not a jpeg file or for example depending on your environment a SQL attack.
Can you use AJAX to download a generated csv file from a web application? If so does anyone have any kind of reference that I could be pointed towards?
EDIT: Sorry I should have mentioned I am using Prototype's Ajax.Request and I looked in firebug's response tool and the generated CSV is the response, I just need to get it to pop up with the save file option after has been generated by the Ajax.Request
This is a known limitation of Ajax requests, you will need to use JS like:
window.location='download-csv.rb';
Instead of using an Ajax request. Another way is to change the location of a hidden Iframe, but this has it's own pro's/con's.
You will never get an Ajax request to display the 'file save' dialog, no matter what HTTP headers you send.
In light of your latest edit, to make your CSV file trigger a file download (instead of rendering in the browser), there's no need for Ajax.
Instead, the solution is to have your back-end system add this HTTP header when the CSV file is requested:
Content-disposition: attachment; filename=<your_filename.csv>;
Your implementation here depends on the back-end system you're using. If you're using Rails (as your username suggests), here's a start:
filename = 'your_filename.csv'
headers['Content-Type'] = 'text/plain'
headers['Content-Disposition'] = "attachment; filename=\"#{filename}\""
render :layout => false
Downloading it isn't the problem; you can download any data you like via XmlHttpRequest. The hard part is parsing it. There are several ways to parse it, from regexs to string indexing.
You can use "AJAX" to download anything .. Some people would say you shouldn't call it AJAX in that case since that term is rigorously devoted to downloading XML. But really it's just a mechanism to get data into the client w/o reloading a page. If you were loading HTML it'd be called AHAH, for CSV i guess you'd call it AHAC or AJAC? ..