Where to process/sanitize database input in ASP.NET MVC3
Question
I think the title does cover the question, but i'll explain the question anyway.
Say I have a user that submits a comment, and in that comment he was allowed to use Markdown. Now I want to parse the comment on the server for Markdown and transform the Markdown syntax into HTML, but strip out any html or other unwanted syntax and then save it in the DB. Where should I do this? Should I do this in the controller or during the validation of the model?
An example would be appreciated.
1 answers
solution1
1 ACCPTED 2012-02-20 18:32:30
You would do this generally outside of the controller passing it off to a class to sanitize the data. If you just want to sanitize passed in HTML you can use the antixss library's Sanitizer.GetSafeHtmlFragment()
If you want the rules displayed to the user pm validation then you could consider implementing IValidateableObject in your model but I still wouldnt actually do the filtering here.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.