ASP.NET MVC
I got a chance over the weekend to watch the videos from altnetconf on the new Microsoft ASP.NET MVC framework. It’s a really exciting development. Anyway - as I’ve listened I’ve got myself a list of questions about features - I figured I’d put them here so I can see how they get on.
- In views ScottGu shows how to write views using <%= %> style code. Now that was all good when asp classic was a new and good idea. These days some (lots?) of people think that HtmlEncode’ing by default is a good idea. It makes attacks like XSS and CSRF more difficult and is the default for much of the WebForms controls. It’d be nice to see support for this integrated into the WebForms compiler or maybe a rails like <%h= %> option.
- Scott demos a new extension method: .UpdateFrom(NameValueCollection) which allows you to update a class from a NameValueCollection. This is super sweet - especially with the built in reflection caching he mentions. I’d like to know if this extension methos has support for whitelist/blacklist of incoming property names/values? (Like the MonoRail DataBindAttribute.Exclude/Allow properties). IMO - this is an important security consideration.
- Can you configure the routing rules based on HostHeader+Url or is it just Url?)
- In the example he uses - the Layout is specified by the View (i.e. MasterPage=”") - this is an improper separation of concerns - it should be upto the Controller to specify the “layout” (masterpage).
Anyway - it’s really just a list of things I’ve thought of and am curious about. Overall I’m amazingly excited and really looking forward to getting my hands on some bits.
No Comments Yet