发表新帖
发表新帖

Should I always call Page.IsValid?

前端 未结
关注
3 734
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-08 21:45

I know to never trust user input, since undesirable input could be compromise the application\'s integrity in some way, be it accidental or intentional; however, is there a

相关标签:
3条回答
  • 轮回少年
    2020-12-08 22:04

    I would be the first to tell you that "All input is evil until proven otherwise." However, in this case, I think your friend is mistaken because by his/her logic we could probably come up with a hundred other properties that should be checked or set, even though the defaults are okay.

    Checking Page.IsValid only makes sense if you have a "CausesValidation" scenario - a button that submitted the form has its CausesValidation property set to True. This would automatically call Page.Validate and all Validation controls belonging to the same ValidationGroup would be checked for validity.

    Edit:

    Just checked it using Reflector and the function will always return True if the Page does not have any Validators(ValidatorCollection is null).

    0 讨论(0)
  • 暗喜
    2020-12-08 22:18

    You can check the validity of a Page by checking the Page.IsValid property, your purpose to check the Page.IsValid might vary like

    • If you have Validators which has the EnableClientScript property set to false
    • If you have a server side validated Validator.
    • Before performing a critical operation in a PostBack event handler body like Save, Delete, Authenticate...
    • Do/display different things depending on the validity of page...
    • Any thing you can think of...

    So when/where can you call Page.IsValid

    1. If the page is in post back
    2. If the post back is caused by an input control with the CausesValidation property set to true.
    3. After a call is made to the Page.Validate, i.e after the Page.Load event.

    You can check Page.IsValid in the page life cycle if the place/time invoked satisfies the above criteria; otherwise the Page.IsValid will result in the System.Web.HttpException being thrown.

    You should use Page.IsValid where it makes sense; like in the postback event handlers of input controls(with CausesValidation=true) and require the state of the page to be valid to perform their task correctly. (if you have server side validated validators or validators with client side validation switched off it becomes a MUST). 

       protected void btnSave_Click(object sender, EventArgs e)
    {
       //Note that there might be ServerSideValidation which evaluated to false.
       if (!Page.IsValid)  
         return;

       CurrentEntity.Save();
    }

    Finally note that Page.IsValid only checks for validation errors in the validator controls on your page, it all depends on what your validator controls do.

    0 讨论(0)
  • 不知归路
    2020-12-08 22:19

    You may still want to call it, because in the future their maybe validation controls. I know this kinda falls into adding functionality based on future requirements, but it is also protecting yourself against needing to know if the page is valid and not going through all the event handlers etc. to make sure that it is there if a validator does get added. We have a rule that we always add it, so we don't have that problem of not-validating in the future.

    0 讨论(0)
 看不清?
提交回复
热议问题