public async Task <IActionResult> Details(int id, string review) { var pie = await _pieRepository.GetById(id); if (pie == null) { return(NotFound()); } //html encode the user input - useful for html input fields - ensures malicious script inout cant be re-rendered later try { string encodedReview = _htmlEncoder.Encode(review); await _pieReviewRepository.AddPieReview(new PieReview() { Pie = pie, Review = encodedReview }); } catch (Exception e) { _logger.LogWarning(e.Message, "Error attempting to html encode user review"); } return(View(new PieDetailViewModel() { Pie = pie })); }
public async Task <IActionResult> Details(int id, string review) { var pie = _pieRepository.GetPieById(id); if (pie == null) { // _logger.LogWarning(LogEventIds.GetPieIdNotFound, new Exception("Pie not found"), "Pie with id {0} not found", id); return(NotFound()); } if (string.IsNullOrEmpty(review) || review == String.Empty) { ModelState.AddModelError("", "review empty"); } else { var user = await _userManager.GetUserAsync(User); string encodedReview = _htmlEncoder.Encode(review); _pieReviewRepository.AddPieReview( new PieReview() { Pie = pie, // UserReview = user, UserName = $"{user.FirstName} {user.LastName}", UserId = user.Id, Review = encodedReview }); } return(View(new PieDetailViewModel() { Pie = pie })); }
public IActionResult Details(int id, string review) { var pie = _pieRepository.GetPieById(id); if (pie == null) { return(NotFound()); } string encodedReview = _htmlEncoder.Encode(review); _pieReviewRepository.AddPieReview(new PieReview() { Pie = pie, Review = encodedReview }); return(View(new PieDetailViewModel() { Pie = pie })); }
public IActionResult Details(int id, string review) { var pie = _pieRepository.GetPieById(id); if (pie == null) { _logger.LogDebug(LogEventIds.GetPieIdNotFound, new Exception("Pie Not Found"), "Pie with id {0} not found", id); return(NotFound()); } string encodedReview = _htmlEncoder.Encode(review); _pieReviewRepository.AddPieReview(new PieReview() { Pie = pie, Review = encodedReview }); return(View(new PieDetailViewModel() { Pie = pie })); }
public IActionResult Details(int id, string review) { var pie = _pieRepository.GetPieById(id); if (pie == null) { return(NotFound()); } // Protect against XSS attacks by encoding all input string encodedReview = _htmlEncoder.Encode(review); _pieReviewRepository.AddPieReview(new PieReview() { Pie = pie, Review = encodedReview }); return(View(new PieDetailViewModel() { Pie = pie, Review = "" })); }