/// <summary> /// /// </summary> /// <param name="controllerContext"></param> /// <param name="bindingContext"></param> /// <returns></returns> public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { var modelName = bindingContext.ModelName; IUnvalidatedValueProvider valueProvider = bindingContext.ValueProvider as IUnvalidatedValueProvider; var valueProviderResult = valueProvider == null?bindingContext.ValueProvider.GetValue(modelName) : valueProvider.GetValue(modelName, true); if (valueProviderResult == null) { return(null); } bindingContext.ModelState.SetModelValue(modelName, valueProviderResult); string value = valueProviderResult.AttemptedValue; if (string.IsNullOrEmpty(value)) { return(null); } IXssSchemeName scheme = bindingContext.ModelMetadata?.ContainerType?.GetProperty(bindingContext.ModelMetadata.PropertyName).GetCustomAttributes(true)?.Cast <IXssSchemeName>()?.FirstOrDefault() ?? null; if (scheme == null) { return((RichText)value); } RichText richText = new RichText(value, DependencyResolver.Current.GetService <IFilterPolicyFactory>().CreateHtmlFilter(scheme.GetSchemeName(controllerContext.HttpContext).Result).Result); return(richText); }
public void GetValueProvider_GetValue_SkipValidation() { // Arrange Mock <MockableUnvalidatedRequestValues> mockUnvalidatedValues = new Mock <MockableUnvalidatedRequestValues>(); mockUnvalidatedValues.Setup(o => o.Form).Returns(_unvalidatedBackingStore); FormValueProviderFactory factory = new FormValueProviderFactory( _ => mockUnvalidatedValues.Object ); Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>(); mockControllerContext.Setup(o => o.HttpContext.Request.Form).Returns(_backingStore); // Act IUnvalidatedValueProvider valueProvider = (IUnvalidatedValueProvider)factory.GetValueProvider(mockControllerContext.Object); // Assert Assert.Equal(typeof(FormValueProvider), valueProvider.GetType()); ValueProviderResult vpResult = valueProvider.GetValue("foo", skipValidation: true); Assert.NotNull(vpResult); Assert.Equal("fooUnvalidated", vpResult.AttemptedValue); Assert.Equal(CultureInfo.CurrentCulture, vpResult.Culture); }
public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { try { return(base.BindModel(controllerContext, bindingContext)); } catch (HttpRequestValidationException) { bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("The characters in the field {0} were not allowed and removed.", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName)); } catch (FormatException) { bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("The format of the value in the field {0} is not allowed", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName)); } //Cast the value provider to an IUnvalidatedValueProvider, which allows to skip validation IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider; if (provider == null) { return(null); } //Get the attempted value, skiping the validation var result = provider.GetValue(bindingContext.ModelName, skipValidation: true); return(result.AttemptedValue); }
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { IUnvalidatedValueProvider provider = (IUnvalidatedValueProvider)bindingContext.ValueProvider; return(new Foo { Bar = provider.GetValue("Bar", true).AttemptedValue, Banana = provider.GetValue("Banana", true).AttemptedValue }); }
internal static ValueProviderResult GetValueFromProvider(IValueProvider provider, string key, bool skipValidation) { // Since IUnvalidatedValueProvider is a superset of IValueProvider, it's always OK to use the // IUnvalidatedValueProvider-supplied members if they're present. Otherwise just call the // normal IValueProvider members. IUnvalidatedValueProvider unvalidatedProvider = provider as IUnvalidatedValueProvider; return((unvalidatedProvider != null) ? unvalidatedProvider.GetValue(key, skipValidation) : provider.GetValue(key)); }
public void ProceedWithTimerWithIUnvalidatedValueProviderReturnValue([Frozen] IProxyFactory proxyFactory, ValueProviderFactory.GetValueProvider sut, IAlternateMethodContext context, ControllerContext arg1, IUnvalidatedValueProvider returnValue) { context.Setup(c => c.Arguments).Returns(new object[] { arg1 }); context.Setup(c => c.ReturnValue).Returns(returnValue); proxyFactory.Setup(pf => pf.IsWrapInterfaceEligible<IUnvalidatedValueProvider>(typeof(IUnvalidatedValueProvider))).Returns(true); proxyFactory.Setup(pf => pf.WrapInterface(It.IsAny<IUnvalidatedValueProvider>(), It.IsAny<IEnumerable<IAlternateMethod>>())).Returns(returnValue); sut.NewImplementation(context); context.TimerStrategy().Verify(c => c.Time(It.IsAny<Action>())); context.Verify(c => c.ReturnValue); context.VerifySet(c => c.ReturnValue = It.IsAny<IUnvalidatedValueProvider>()); }
private ValueProviderResult GetValue(ControllerBase controller, ModelBindingContext context) { if (!controller.ValidateRequest || !context.ModelMetadata.RequestValidationEnabled) { IUnvalidatedValueProvider provider = context.ValueProvider as IUnvalidatedValueProvider; if (provider != null) { return(provider.GetValue(context.ModelName, true)); } } return(context.ValueProvider.GetValue(context.ModelName)); }
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { try { var value = bindingContext.ValueProvider.GetValue(bindingContext.ModelName); var attemptedValue = value?.AttemptedValue; return(string.IsNullOrWhiteSpace(attemptedValue) ? attemptedValue : attemptedValue.Trim()); } catch (HttpRequestValidationException) { Trace.TraceWarning("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName); bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("{0} cannot contains HTML <p>, SQL, or Entity Numbers &", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName)); } //Cast the value provider to an IUnvalidatedValueProvider, which allows to skip validation IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider; if (provider == null) { return(null); } //Get the attempted value, skiping the validation var result = provider.GetValue(bindingContext.ModelName, skipValidation: true); Debug.Assert(result != null, "result is null"); return(result.AttemptedValue); //var shouldPerformRequestValidation = controllerContext.Controller.ValidateRequest && bindingContext.ModelMetadata.RequestValidationEnabled; //var valueProviderResult = bindingContext.GetValueFromValueProvider(shouldPerformRequestValidation); //if (valueProviderResult != null) //{ // var theValue = valueProviderResult.AttemptedValue; // return string.IsNullOrWhiteSpace(theValue) ? theValue : theValue.Trim(); //} //return null }
public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { try { return(base.BindModel(controllerContext, bindingContext)); } catch (HttpRequestValidationException) { Trace.TraceWarning("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName); bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName)); } IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider; if (provider == null) { return(null); } var result = provider.GetValue(bindingContext.ModelName, skipValidation: true); Debug.Assert(result != null, "result is null"); return(result.AttemptedValue); }
public void GetValueProvider_GetValue_SkipValidation() { // Arrange Mock <MockableUnvalidatedRequestValues> mockUnvalidatedValues = new Mock <MockableUnvalidatedRequestValues>(); mockUnvalidatedValues.Setup(o => o.QueryString).Returns(_unvalidatedBackingStore); QueryStringValueProviderFactory factory = new QueryStringValueProviderFactory(_ => mockUnvalidatedValues.Object); Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>(); mockControllerContext.Setup(o => o.HttpContext.Request.QueryString).Returns(_backingStore); // Act IUnvalidatedValueProvider valueProvider = (IUnvalidatedValueProvider)factory.GetValueProvider(mockControllerContext.Object); // Assert Assert.AreEqual(typeof(QueryStringValueProvider), valueProvider.GetType()); ValueProviderResult vpResult = valueProvider.GetValue("foo", skipValidation: true); Assert.IsNotNull(vpResult, "Should have contained a value for key 'foo'."); Assert.AreEqual("fooUnvalidated", vpResult.AttemptedValue); Assert.AreEqual(CultureInfo.InvariantCulture, vpResult.Culture); }
public void ProceedWithTimerWithIUnvalidatedValueProviderReturnValue([Frozen] IProxyFactory proxyFactory, ValueProviderFactory.GetValueProvider sut, IAlternateMethodContext context, ControllerContext arg1, IUnvalidatedValueProvider returnValue) { context.Setup(c => c.Arguments).Returns(new object[] { arg1 }); context.Setup(c => c.ReturnValue).Returns(returnValue); proxyFactory.Setup(pf => pf.IsWrapInterfaceEligible <IUnvalidatedValueProvider>(typeof(IUnvalidatedValueProvider))).Returns(true); proxyFactory.Setup(pf => pf.WrapInterface(It.IsAny <IUnvalidatedValueProvider>(), It.IsAny <IEnumerable <IAlternateMethod> >())).Returns(returnValue); sut.NewImplementation(context); context.TimerStrategy().Verify(c => c.Time(It.IsAny <Action>())); context.Verify(c => c.ReturnValue); context.VerifySet(c => c.ReturnValue = It.IsAny <IUnvalidatedValueProvider>()); }