Home | Projects | Mastodon

ASP.Net Query Parameter Validation

Reading time: 2 minutes

I have just been thinking about a subject that has always concerned me with ASP.Net. By Default ASP.Net won't allow certain characters through on the querystring that could potentially cause security problems (such as Cross Site Scripting attacks). The Developer has the opportunity to turn this feature off, but would be required to validate all the elements themselves.

I have just been thinking, wouldn't it be good if when a Page Class is defined you could provide some predicates that must be true for the page not to invalid. For instance a developer could provide a list of all the accepted query parameters and their datatypes and the runtime will take car of validating it automatically. I know you can have custom validators and the like but they must always be called via validate.

Wouldn't it be nice if you could do something like:

[QueryParameterValidation(Text)]protected TextBox inputName;[QueryParameterValidation(Numeric)]protected TextBox inputAge;[QuertParameterValidFields(inputName, inputAge)]public class TestPage: Page{.....

I am not too sure if this type of thing has been done before, or even if it has any advantages over CustomValidaters etc.

I just thought it might be quite handy, because you could seperate the types out so that a Text attribute wouldn't allow HTML/XML characters and it would remove this before the page is completely loaded. So that once the developer sees the data it is HTML safe.

I will have more of a think about this :).

View Source | Make a correction | Correction history

I lead the Chrome Developer Relations team at Google.

We want people to have the best experience possible on the web without having to install a native app or produce content in a walled garden.

Our team tries to make it easier for developers to build on the web by supporting every Chrome release, creating great content to support developers on web.dev, contributing to MDN, helping to improve browser compatibility, and some of the best developer tools like Lighthouse, Workbox, Squoosh to name just a few.

I love to learn about what you are building, and how I can help with Chrome or Web development in general, so if you want to chat with me directly, please feel free to book a consultation.

I'm trialing a newsletter, you can subscribe below (thank you!)

RSS Github Mastodon Book a consultation