asp.net mvc use ActionFilterAttribute Filter keyword method _ practical skills

This article gives an example of how ASP.net MVC uses ActionFilterAttribute to filter the keywords. Share to everyone for your reference, specific as follows:

In the development process, user input is sometimes filtered to ensure the security of the platform. There are many ways to shield, but today I'm talking about this mainly using the ActionFilterAttribute attribute in MVC. Because MVC naturally supports AOP, we use this type of filtering to take advantage of this feature of MVC.

Here's a look at the steps:

First, when a user enters his or her own name, with something like <BR>, because MVC defaults to validating the content, it throws a yellow page error that prompts the user for a request value that detects a potential risk from the client. This kind of page is extremely unfriendly, at the same time we are the most do not want to see the page, mask this error is very simple, is in the response page ActionResult Plus [ValidateInput (false)] features, so when the user submitted, The page will not test the input again.

If you tolerate such behavior, it will pose a threat to the security of your system, so the best solution is to escape it like <>.

Let's use ActionFilterAttribute to construct our own escape filtering class:

Using SYSTEM.WEB.MVC;

Using TinyFrame.Plugin.StrongTyped.Models; Namespace TinyFrame.Plugin.StrongTyped {public class Filtercharsattribute:actionfilterattribute {protected str
    ing parametername = "T";
    
 protected Testmodel model; public override void OnActionExecuting (ActionExecutingContext filtercontext) {base.
      
   OnActionExecuting (Filtercontext);
      No Parameters, would return directly.
      
   if (!filtercontext.actionparameters.containskey (parametername)) return;
      
   var t = Filtercontext.actionparameters[parametername] as Testmodel;
      
   No Entity data, would return directly if (t = null) return; Replace chars that should is filtered if (!string. IsNullOrEmpty (t.tname)) T.tname = T.tname.replace ("<", "<").
      Replace (">", ">"); if (!string. IsNullOrEmpty (t.tsite)) T.tsite = T.tsite.replace ("<", "<").
    Replace (">", ">");

 }
  }
}

Line 8th, representing the entity class parameters entered by our user, the specific controller code is as follows:

Public ActionResult Index (Testmodel t)
{
     viewdata["convertedmodel"] = t;
     return View ();
}

Line 11th, by overloading the OnActionExecuting method, we can define our own filter.

Line 19th converts the obtained input result to entity.

27th, 29 lines, to escape the potentially dangerous characters.

After writing this, we create a filter that filters out the keyword. If you want to do general-purpose, you need to traverse the input of the filtercontext.actionparameters, and through reflection to build an instance, and then through the reflection field values, to achieve universal keyword filtering. Here I only provide ideas, the concrete way to see themselves.

Then add this method to the head of the page that needs to be detected in the controller:

[ValidateInput (false)]
[Filterchars]
Public ActionResult Index (Testmodel t)
{
   viewdata["convertedmodel"] = t;
   return View ();
}

In this way, we have finished filtering the input data, let's look at the results below:

We can clearly see that the input result, after the output, a pair of sharp horn is escaped.

I hope this article will help you to ASP.net program design.