I am using struts 1.3.10. I need the query string from the request to use with the input attribute of the action mapping so that when validation fails, the forward goes to correct page without any null pointer exceptions. how can I do this? I do have the entire forward(myAction.do?foo="bar") as a form property posted throught he jsp. Plesae let me know if I am not clear on the problem definition.
Have you tried request.getQueryString()?
Example:
String queryString = request.getQueryString(); //where "request" is "HttpServletRequest"
Related
I went through so many links like How to show all controllers and mappings in a view and How to configure a default #RestController URI prefix for all controllers? and so on.
I want to get the Request Mapping URL at Filter interceptor
Ex: This URL I configured at REST controller method, and naturally we will pass /employees/employee-names/John to get the Employee John.
/employees/employee-names/{employee_name}
Now, when somebody hit /employees/employee-names/John I want to get the value of actual mapping url if REST controller /employees/employee-names/{employee_name},
Any pointers how to get that ?
Spring MVC sets the attribute HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE, which you can use to get the pattern that was used to match the incoming request:
String matchingPattern = (String) request.getAttribute(HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE)
That would return /employees/employee-names/{employee_name} in your case.
I was able to solve this issue using below code. AntPathMatcher is the perfect way to identify if the incoming request and URL you configured in the property file matches exactly. This solution works greatly for me.
AntPathMatcher springMatcher = new AntPathMatcher();
Optional<String> antMatch = props.getMapping().stream()
.filter(//Perform Some Filter as per need)
.map(Mapping::getVersion)
.findFirst();
return antMatch.isPresent() ? antMatch.get() : null;
I have a form with a number of fields.
Some of them are userId, userFirstName, userLastName.
When user inputs incorrect userId value then near userId field page must show error message and add this error into validationSummary(this is standart behavior for asp.net mvc unobtrusive validation). If userId is correct then page must remove errors and autopopulate userFirstName and userLastName(This is not standart behavior)
How can i implement this?
Here is what come to my mind:
Remote validation attribute
It has a bad customization in my case. That's why i decide to don't use it.
Add special method for jquery validation plugin ( for example
jQuery.validator.addMethod("userIdValidation", function(value, element) {
//some logic
return something;
}, "Please specify the correct userId"); )
and put there logic for validation and for autopopulate other fields.
In this case i mix validation and other stuff.
3 . Add special method for jquery validation plugin ONLY for validation and add special handler for input change event for autopopulate.
In this case i need to send TWO ajax requests to server for one thing. And ofcourse it is not good too. So what is the right way? I am confused.
Have you thought about using a partial view to display the userFirstName and userLastName?
You can fire an AJAX request that sends the userId, and then returns a partial view of the name fields. Within the controller being called, you can validate the incoming userId, and then grab the name details in one query. If thevalidation fails, you can return the partial view with empty fields.
I have a model and a form in the view. I have a simple field of string which is called description. I'm able to insert scripts like: <script>alert('xss')</script> to that field.
I can see that in other actions on my site with other models I can't
I do not have an AllowHtml or anything like that.
the only difference is that for this model I use a post with a json object and content-type of application/json
the ModelState.IsValid is returning true. even though there is a description property with an xss script on it...
and for the other actions I make a simple ajax post.
why isn't the validation input work on this kind of JSON ajax posts?
how can I prevent xss across the entire site for this kind of ajax requests?
thanks
It is because ValidateInput is only for FormValueProvider. As for JsonValueProvider, you need to roll out your own mechanism.
Steps
1) Create a marker attribute CustomAntiXssAttribute
2) Create a custom model binder by sub-classing DefaultModelBinder
3) Overrides BindProperty method -> get the attempted value for the underlying property, sanitize it and assign it to the view model property.
Check this out.
Edited:
Replace the line var valueResult = bindingContext.ValueProvider.GetValue(propertyDescriptor.Name); with var valueResult = bindingContext.ValueProvider.GetValue((string.IsNullOrWhiteSpace(bindingContext.ModelName) ? string.Empty : bindingContext.ModelName + ".") + propertyDescriptor.Name); in order to support nested ViewModel.
try using AntiXssLibrary from Nuget, and by using getSafeHtmlContent. you can get the safe content while you're saving your records to db.
Another approach is to use a Sanitizer library like this one, you can choose which HTML tags you want to be filtered out.
I have a Form in an MVC3 project. One of my input fields should accept HTML. Unfortunately I cannot have a ViewModel which this value maps to. The Field is autogenerated and read in automatically. I am getting the following error.
A potentially dangerous Request.Form value was detected from the client
Since there is no viewmodel, I cannot apply the [AllowHTML] attribute. Does anyone know a workaround that does not involve disabling validation for the entire page?
Thank You
Additional Information:
I can access the unvalidated value by doing the following:
using System.Web.WebPages;
using System.Web.Helpers;
.....Inside Controller....
string value = Request.Unvalidated("input-40");
The problem now is that the Request.Params collection throws an exception. I would like to access all the other values and have them be validated...just not that one. Is there a way for me to validate the other fields either explicitly or access a validated collection.
The following would be fine
string value = System.Web.Something.ValidateInput(Request.Unvalidated("input-41"));
Unfortunately I don't know where/if this method exists
You can try the ValidateInput(false) attribute:
[ValidateInput(false)]
public ActionResult YourAction(FormCollection yourCollection)
{
// your stuff
}
Use ValidateInput attribute for your action method. Seems to be unsafe but should work, cannot test it now.
I'm looking for a way to validate just a single field (object property) against the constraints specified in the annotations of a particular entity.
The goal is to send an AJAX request after the "onBlur" event of a form field, asking the server to validate this single field only, and - depending on the response - add a small "OK" image next to this field or an error message.
I don't want to validate the whole entity.
I wonder what's the best approach for this problem? Thanks for any tips.
The Validator class has the validateProperty method. You can use it like this:
$violations = $this->get('validator')->validateProperty($entity, 'propertyName');
if (count($violations)) {
// the property value is not valid
}
Or, if the value is not set in the entity, you can use the validatePropertyValue method:
$violations = $this->get('validator')->validatePropertyValue($entity, 'propertyName', $propertyValue);
if (count($violations)) {
// the property value is not valid
}
Have a look at validation groups. I think this is what you need. You could add a group "ajax" or and just adding the one constraint to it. Then tell the validator to use that group. THe symfony2 docs have an example included.