/// <summary>
///
/// </summary>
/// <param name="controllerContext"></param>
/// <param name="bindingContext"></param>
/// <returns></returns>
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
var modelName = bindingContext.ModelName;
IUnvalidatedValueProvider valueProvider = bindingContext.ValueProvider as IUnvalidatedValueProvider;
var valueProviderResult = valueProvider == null?bindingContext.ValueProvider.GetValue(modelName) : valueProvider.GetValue(modelName, true);
if (valueProviderResult == null)
{
return(null);
}
bindingContext.ModelState.SetModelValue(modelName, valueProviderResult);
string value = valueProviderResult.AttemptedValue;
if (string.IsNullOrEmpty(value))
{
return(null);
}
IXssSchemeName scheme = bindingContext.ModelMetadata?.ContainerType?.GetProperty(bindingContext.ModelMetadata.PropertyName).GetCustomAttributes(true)?.Cast <IXssSchemeName>()?.FirstOrDefault() ?? null;
if (scheme == null)
{
return((RichText)value);
}
RichText richText = new RichText(value, DependencyResolver.Current.GetService <IFilterPolicyFactory>().CreateHtmlFilter(scheme.GetSchemeName(controllerContext.HttpContext).Result).Result);
return(richText);
}
public void GetValueProvider_GetValue_SkipValidation()
{
// Arrange
Mock <MockableUnvalidatedRequestValues> mockUnvalidatedValues =
new Mock <MockableUnvalidatedRequestValues>();
mockUnvalidatedValues.Setup(o => o.Form).Returns(_unvalidatedBackingStore);
FormValueProviderFactory factory = new FormValueProviderFactory(
_ => mockUnvalidatedValues.Object
);
Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>();
mockControllerContext.Setup(o => o.HttpContext.Request.Form).Returns(_backingStore);
// Act
IUnvalidatedValueProvider valueProvider =
(IUnvalidatedValueProvider)factory.GetValueProvider(mockControllerContext.Object);
// Assert
Assert.Equal(typeof(FormValueProvider), valueProvider.GetType());
ValueProviderResult vpResult = valueProvider.GetValue("foo", skipValidation: true);
Assert.NotNull(vpResult);
Assert.Equal("fooUnvalidated", vpResult.AttemptedValue);
Assert.Equal(CultureInfo.CurrentCulture, vpResult.Culture);
}
public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
try
{
return(base.BindModel(controllerContext, bindingContext));
}
catch (HttpRequestValidationException)
{
bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("The characters in the field {0} were not allowed and removed.", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName));
}
catch (FormatException)
{
bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("The format of the value in the field {0} is not allowed", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName));
}
//Cast the value provider to an IUnvalidatedValueProvider, which allows to skip validation
IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider;
if (provider == null)
{
return(null);
}
//Get the attempted value, skiping the validation
var result = provider.GetValue(bindingContext.ModelName, skipValidation: true);
return(result.AttemptedValue);
}
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
IUnvalidatedValueProvider provider = (IUnvalidatedValueProvider)bindingContext.ValueProvider;
return(new Foo {
Bar = provider.GetValue("Bar", true).AttemptedValue,
Banana = provider.GetValue("Banana", true).AttemptedValue
});
}
internal static ValueProviderResult GetValueFromProvider(IValueProvider provider, string key, bool skipValidation)
{
// Since IUnvalidatedValueProvider is a superset of IValueProvider, it's always OK to use the
// IUnvalidatedValueProvider-supplied members if they're present. Otherwise just call the
// normal IValueProvider members.
IUnvalidatedValueProvider unvalidatedProvider = provider as IUnvalidatedValueProvider;
return((unvalidatedProvider != null) ? unvalidatedProvider.GetValue(key, skipValidation) : provider.GetValue(key));
}
public void ProceedWithTimerWithIUnvalidatedValueProviderReturnValue([Frozen] IProxyFactory proxyFactory, ValueProviderFactory.GetValueProvider sut, IAlternateMethodContext context, ControllerContext arg1, IUnvalidatedValueProvider returnValue)
{
context.Setup(c => c.Arguments).Returns(new object[] { arg1 });
context.Setup(c => c.ReturnValue).Returns(returnValue);
proxyFactory.Setup(pf => pf.IsWrapInterfaceEligible<IUnvalidatedValueProvider>(typeof(IUnvalidatedValueProvider))).Returns(true);
proxyFactory.Setup(pf => pf.WrapInterface(It.IsAny<IUnvalidatedValueProvider>(), It.IsAny<IEnumerable<IAlternateMethod>>())).Returns(returnValue);
sut.NewImplementation(context);
context.TimerStrategy().Verify(c => c.Time(It.IsAny<Action>()));
context.Verify(c => c.ReturnValue);
context.VerifySet(c => c.ReturnValue = It.IsAny<IUnvalidatedValueProvider>());
}
private ValueProviderResult GetValue(ControllerBase controller, ModelBindingContext context)
{
if (!controller.ValidateRequest || !context.ModelMetadata.RequestValidationEnabled)
{
IUnvalidatedValueProvider provider = context.ValueProvider as IUnvalidatedValueProvider;
if (provider != null)
{
return(provider.GetValue(context.ModelName, true));
}
}
return(context.ValueProvider.GetValue(context.ModelName));
}
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
try
{
var value = bindingContext.ValueProvider.GetValue(bindingContext.ModelName);
var attemptedValue = value?.AttemptedValue;
return(string.IsNullOrWhiteSpace(attemptedValue) ? attemptedValue : attemptedValue.Trim());
}
catch (HttpRequestValidationException)
{
Trace.TraceWarning("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName);
bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("{0} cannot contains HTML <p>, SQL, or Entity Numbers &", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName));
}
//Cast the value provider to an IUnvalidatedValueProvider, which allows to skip validation
IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider;
if (provider == null)
{
return(null);
}
//Get the attempted value, skiping the validation
var result = provider.GetValue(bindingContext.ModelName, skipValidation: true);
Debug.Assert(result != null, "result is null");
return(result.AttemptedValue);
//var shouldPerformRequestValidation = controllerContext.Controller.ValidateRequest && bindingContext.ModelMetadata.RequestValidationEnabled;
//var valueProviderResult = bindingContext.GetValueFromValueProvider(shouldPerformRequestValidation);
//if (valueProviderResult != null)
//{
// var theValue = valueProviderResult.AttemptedValue;
// return string.IsNullOrWhiteSpace(theValue) ? theValue : theValue.Trim();
//}
//return null
}
public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
try
{
return(base.BindModel(controllerContext, bindingContext));
}
catch (HttpRequestValidationException)
{
Trace.TraceWarning("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName);
bindingContext.ModelState.AddModelError(bindingContext.ModelName, string.Format("Ilegal characters were found in field {0}", bindingContext.ModelMetadata.DisplayName ?? bindingContext.ModelName));
}
IUnvalidatedValueProvider provider = bindingContext.ValueProvider as IUnvalidatedValueProvider;
if (provider == null)
{
return(null);
}
var result = provider.GetValue(bindingContext.ModelName, skipValidation: true);
Debug.Assert(result != null, "result is null");
return(result.AttemptedValue);
}
public void GetValueProvider_GetValue_SkipValidation()
{
// Arrange
Mock <MockableUnvalidatedRequestValues> mockUnvalidatedValues = new Mock <MockableUnvalidatedRequestValues>();
mockUnvalidatedValues.Setup(o => o.QueryString).Returns(_unvalidatedBackingStore);
QueryStringValueProviderFactory factory = new QueryStringValueProviderFactory(_ => mockUnvalidatedValues.Object);
Mock <ControllerContext> mockControllerContext = new Mock <ControllerContext>();
mockControllerContext.Setup(o => o.HttpContext.Request.QueryString).Returns(_backingStore);
// Act
IUnvalidatedValueProvider valueProvider = (IUnvalidatedValueProvider)factory.GetValueProvider(mockControllerContext.Object);
// Assert
Assert.AreEqual(typeof(QueryStringValueProvider), valueProvider.GetType());
ValueProviderResult vpResult = valueProvider.GetValue("foo", skipValidation: true);
Assert.IsNotNull(vpResult, "Should have contained a value for key 'foo'.");
Assert.AreEqual("fooUnvalidated", vpResult.AttemptedValue);
Assert.AreEqual(CultureInfo.InvariantCulture, vpResult.Culture);
}
public void ProceedWithTimerWithIUnvalidatedValueProviderReturnValue([Frozen] IProxyFactory proxyFactory, ValueProviderFactory.GetValueProvider sut, IAlternateMethodContext context, ControllerContext arg1, IUnvalidatedValueProvider returnValue)
{
context.Setup(c => c.Arguments).Returns(new object[] { arg1 });
context.Setup(c => c.ReturnValue).Returns(returnValue);
proxyFactory.Setup(pf => pf.IsWrapInterfaceEligible <IUnvalidatedValueProvider>(typeof(IUnvalidatedValueProvider))).Returns(true);
proxyFactory.Setup(pf => pf.WrapInterface(It.IsAny <IUnvalidatedValueProvider>(), It.IsAny <IEnumerable <IAlternateMethod> >())).Returns(returnValue);
sut.NewImplementation(context);
context.TimerStrategy().Verify(c => c.Time(It.IsAny <Action>()));
context.Verify(c => c.ReturnValue);
context.VerifySet(c => c.ReturnValue = It.IsAny <IUnvalidatedValueProvider>());
}
