public async Task <IActionResult> Create([Bind("Id,Title")] FeedModel feedModel) { if (ModelState.IsValid) { _context.Add(feedModel); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } return(View(feedModel)); }
public async Task <IActionResult> CreateFeed() { string content = string.Empty; using (Stream receiveStream = HttpContext.Request.Body) { using (StreamReader reader = new StreamReader(receiveStream)) { content = reader.ReadToEnd(); } } var entry = JsonConvert.DeserializeObject <Feed>(content, new JsonSerializerSettings { TypeNameHandling = TypeNameHandling.Auto // A6 - Insecure Deserailization - You shoudl instead use TypeNameHandling.None }); _context.Add(entry); await _context.SaveChangesAsync(); return(Ok()); }