I'm looking for a way to validate just a single field (object property) against the constraints specified in the annotations of a particular entity.
The goal is to send an AJAX request after the "onBlur" event of a form field, asking the server to validate this single field only, and - depending on the response - add a small "OK" image next to this field or an error message.
I don't want to validate the whole entity.
I wonder what's the best approach for this problem? Thanks for any tips.
The Validator class has the validateProperty method. You can use it like this:
$violations = $this->get('validator')->validateProperty($entity, 'propertyName');
if (count($violations)) {
// the property value is not valid
}
Or, if the value is not set in the entity, you can use the validatePropertyValue method:
$violations = $this->get('validator')->validatePropertyValue($entity, 'propertyName', $propertyValue);
if (count($violations)) {
// the property value is not valid
}
Have a look at validation groups. I think this is what you need. You could add a group "ajax" or and just adding the one constraint to it. Then tell the validator to use that group. THe symfony2 docs have an example included.
Related
I have a form with a number of fields.
Some of them are userId, userFirstName, userLastName.
When user inputs incorrect userId value then near userId field page must show error message and add this error into validationSummary(this is standart behavior for asp.net mvc unobtrusive validation). If userId is correct then page must remove errors and autopopulate userFirstName and userLastName(This is not standart behavior)
How can i implement this?
Here is what come to my mind:
Remote validation attribute
It has a bad customization in my case. That's why i decide to don't use it.
Add special method for jquery validation plugin ( for example
jQuery.validator.addMethod("userIdValidation", function(value, element) {
//some logic
return something;
}, "Please specify the correct userId"); )
and put there logic for validation and for autopopulate other fields.
In this case i mix validation and other stuff.
3 . Add special method for jquery validation plugin ONLY for validation and add special handler for input change event for autopopulate.
In this case i need to send TWO ajax requests to server for one thing. And ofcourse it is not good too. So what is the right way? I am confused.
Have you thought about using a partial view to display the userFirstName and userLastName?
You can fire an AJAX request that sends the userId, and then returns a partial view of the name fields. Within the controller being called, you can validate the incoming userId, and then grab the name details in one query. If thevalidation fails, you can return the partial view with empty fields.
I have a model and a form in the view. I have a simple field of string which is called description. I'm able to insert scripts like: <script>alert('xss')</script> to that field.
I can see that in other actions on my site with other models I can't
I do not have an AllowHtml or anything like that.
the only difference is that for this model I use a post with a json object and content-type of application/json
the ModelState.IsValid is returning true. even though there is a description property with an xss script on it...
and for the other actions I make a simple ajax post.
why isn't the validation input work on this kind of JSON ajax posts?
how can I prevent xss across the entire site for this kind of ajax requests?
thanks
It is because ValidateInput is only for FormValueProvider. As for JsonValueProvider, you need to roll out your own mechanism.
Steps
1) Create a marker attribute CustomAntiXssAttribute
2) Create a custom model binder by sub-classing DefaultModelBinder
3) Overrides BindProperty method -> get the attempted value for the underlying property, sanitize it and assign it to the view model property.
Check this out.
Edited:
Replace the line var valueResult = bindingContext.ValueProvider.GetValue(propertyDescriptor.Name); with var valueResult = bindingContext.ValueProvider.GetValue((string.IsNullOrWhiteSpace(bindingContext.ModelName) ? string.Empty : bindingContext.ModelName + ".") + propertyDescriptor.Name); in order to support nested ViewModel.
try using AntiXssLibrary from Nuget, and by using getSafeHtmlContent. you can get the safe content while you're saving your records to db.
Another approach is to use a Sanitizer library like this one, you can choose which HTML tags you want to be filtered out.
I have a big form organized in some validations groups. For every group in the form there is a corresponding checkbox which tell the server to save group data.
When the user post the form, I need to validate only validation groups whose correspond the checked checkboxes because some of their "sub" fields are required, but only if you activate the group. Otherwise the validator must ignore the required fields.
Actually I do that in my controller. I skip the Symfony's normal validation cycle and manually I validate every field checking for the group activation checkbox.
How I can move this validation logic inside the Form class or in a specific Constraint class used by the entity?
EDIT:
As said below is possibile in symfony 2.1, for now i solved:
$request = $this->get('request');
// myEntity knows the business logic to chose validation groups
$myEntity->collectValidationGroups($request);
$form = $this->createForm(new MyEntityType(), $myEntity);
If you are using Symfony 2.1 then you can set validation group based on submitted data. Check this section.
There is another possibilty than the one offered by 2.1.
You can set the validation_groups attribute on the form using $builder->getData():
// inside buildForm method of a form type:
$builder->setAttribute('validation_groups', $builder->getData()->getValidationGroups());
I have a Form in an MVC3 project. One of my input fields should accept HTML. Unfortunately I cannot have a ViewModel which this value maps to. The Field is autogenerated and read in automatically. I am getting the following error.
A potentially dangerous Request.Form value was detected from the client
Since there is no viewmodel, I cannot apply the [AllowHTML] attribute. Does anyone know a workaround that does not involve disabling validation for the entire page?
Thank You
Additional Information:
I can access the unvalidated value by doing the following:
using System.Web.WebPages;
using System.Web.Helpers;
.....Inside Controller....
string value = Request.Unvalidated("input-40");
The problem now is that the Request.Params collection throws an exception. I would like to access all the other values and have them be validated...just not that one. Is there a way for me to validate the other fields either explicitly or access a validated collection.
The following would be fine
string value = System.Web.Something.ValidateInput(Request.Unvalidated("input-41"));
Unfortunately I don't know where/if this method exists
You can try the ValidateInput(false) attribute:
[ValidateInput(false)]
public ActionResult YourAction(FormCollection yourCollection)
{
// your stuff
}
Use ValidateInput attribute for your action method. Seems to be unsafe but should work, cannot test it now.
I use the validation attribute on the fields of a class and has a requirement like that:
if field 'a' is validate succeed then process the validation of field 'b' but if the field 'a' is not throw validation , ignore the validation of field 'b'.
does it feasible or i should think in other way?
public class myclass
{
[required]
public string a{get;set;}
[required]
public string b{get;set;]
}
i want:
1.if a pass the validate, then execute b 's validate
2.if a not pass the validate , then don't execute the b 's validate
Check out the MVC.ValidationToolkit
http://blogs.msdn.com/b/simonince/archive/2011/09/29/mvc-validationtookit-alpha-release-conditional-validation-with-mvc-3.aspx
It contains these two validations that will help you out.
RequiredIfAttribute. This attribute says “this field is required if some other field has value X”. It is used as [RequiredIf(“OtherField”, “TargetValue”)]
RequiredEmptyIfAttribute. This attribute says “this field must be empty if some other field has value X”. It is used as [RequiredEmptyIf(“OtherField”, “TargetValue”)]
Implement the IValidateableObject interface in your model to contain your custom validation logic. Since you cannot apply validation checks in the manner you've requested you need to resort to your own custom validation. I don't think Michael's suggestion )(although a good one) will work if you really need to say 'only if that is valid, validate something else' through attributes but this is done easily through this interface. However note this will be server side validation only unless you want to write your own client portion for this as well.