Javascript Injection in MVC

ASP.net MVC (model view controller) by default open to javascript injections. It depends upon the developer how to protect their website from javascript injections. MVC provide options for the same but due to lazy coding or incomplete knowledge some of us avoid to use these.
Firs of all let us understand what is javascipt injection and how these injections affect our websites? There is a website in which we have two controllers named as "Insert" , "Details". Insert controller inserts input informatin of user (say user name) in database. Details controller used to dispaly information (that is saved by "Insert" controller) from database.
In view suppose i am using following code to display the user names:

<% foreach ( string userName in Model.UserNames) {%>
    <%# userName %>
<%}%>

In this case if a user ( not a normal user say intruder or hacker) inserts a script in datbase say: he inserts <script> alert('hiiii'); </script>. Our "Insert" controller doesn't detect this javascript code, It will consider it as a normal data. It will save it into the database. During display it will show an alert box on the screen. A smart or clever developer can also do this alerts in loop so that it will affect the functionality of website. This is a simple and small example of such javascript injection. Such type of injections can also be very dangerious.
Now let us discuss how we can protect our websites from such type of injections. A simple usage of "Html.Encode" function during displaying the user names. If  we use following code in view to display data then such scripting injections will not work.


<% foreach ( string userName in Model.UserNames) {%>
    <%# Html.Encode(userName) %>
<%}%>

We can also apply during insertion of data in "Insert" controller. By using "Html.Encode" it will convert the "<" into "&lt; and ">" to "&gt;". By doing this inserted javascript code will not work and website will work normally :)

Unit Testing in MVC

Unit testing is a tool which is for the ease of developers to test their progams. From its name it is clear to test the units (methods or actions) of program.

To create the unit test, user need to create a seprate project for it. For this they just need to right click on the desired method or action. In right click dropdown menu there will be an option to create the unit test. Users can also create the unit test for each method of class by right click on the class and then use the option of create unit test.

Unit test project class have an attribute TestClass in square bracess ([TestClass]), In case of N-Unit test this attribute replaced by [TestFixture]. The methods  of the unit test project have
attribute "[TestMethod"] and similarly N-unit have "[Test]" attribute for the N-Unit test class methods.

After creation of unit test project. Its time to write the logic for unit test methods. These unit test methods follow "AAA" rule. (Arrange, Act, Assertion)
i) Arrange
  Here we need to initialize the objects that we need to test or need to supply the required inputs.

ii) Act
   In act section action of created objects of part (i) will take an action. Action will be method call or a calculation.

iii) Assertion
 In assertion we need to compare the results created by step (ii) and expected results. If both are matched then test will be successfull.

To test these test methods. There is a tool in visual studio which is used to debug the unit test. To enable it go view tab and from toolbars select "Test Tools". If unit test method passes then status of debugger will be in green color with text "passed", In case of any failure it will in red color with text named as "failure" .

First N-Hibernate Application

Installing NHibernate

Download the NHibernate binaries and extract in a folder. That’s it. Create a project in visual studio and add NHibernate references in it.

Create a business project (class library) . Create the property classes in it as equal number of tables present in database.

Lets start by defining a very simple domain. For the moment it consists of one entity called Product. The product has 3 properties Name, Category and Discontinued.

Add a folder Domain to the FirstSample project of your solution. Add a new class Product.cs to this folder. The code is very simple and uses automatic properties (a feature of the new C# 3.0 compiler)

namespace FirstSolution.Domain
{
    public class Product
    {
        public string Name { get; set; }
        public string Category { get; set; }
        public bool Discontinued { get; set; }
    }
}

Define the Mapping

Create a folder Mappings in the FirstSample project. Add a new xml-document to this folder and call it Product.hbm.xml. "hbm" part of the file name. This is a convention used by NHibernate to automatically recognize the file as a mapping file. Define "Embedded Resource" as Build Action for this xml file.

In the Windows Explorer locate the nhibernate-mapping.xsd in the src folder of NHibernate and copy it to your SharedLibs folder. We can now use this xml schema definition file when defining our mapping files. VS will then provide intellisense and validation when editing an xml mapping document.

Back in VS add the schema to the Product.hbm.xml file

Let's start now. Each mapping file has to define a root node

xml version="1.0" encoding="utf-8" ?>

<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" 

                   assembly="FirstSolution" 

                   namespace="FirstSolution.Domain">

 

  

  

hibernate-mapping>

In a mapping file when referencing a domain class you always have to provide the fully qualified name of the class (e.g. FirstSample.Domain.Product, FirstSample). To make the xml less verbose you can define the assembly name (in which the domain classes are implemented and the namespace of the domain classes in the two attributes assembly and namespace of the root node. It's similar to the using statement in C#.

Now we have to first define a primary key for the product entity. Technically we could take the property Name of the product since this property must be defined and has to be unique. But it is common to use a surrogate key instead. For thus we add a property to our entity and call it Id. We use Guid as the type of the Id but it can as well be an int or a long.

using System;
 
namespace FirstSolution.Domain
{
    public class Product
    {
        public Guid Id { get; set; }
        public string Name { get; set; }
        public string Category { get; set; }
        public bool Discontinued { get; set; }
    }
}

The complete mapping file

xml version="1.0" encoding="utf-8" ?>
<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2"
                   assembly="FirstSolution"
                   namespace="FirstSolution.Domain">
 
  <class name="Product">
    <id name="Id">
      <generator class="guid" />
    id>
    <property name="Name" />
    <property name="Category" />
    <property name="Discontinued" />
  class>
 
hibernate-mapping>

DNN SKIN IMPLEMENTATION

Whenever start dnn skin implementation on dnn website. In html design file change module names to under square braces:

Eg: If there is logo module in dnn.

Then replace that module in html in following format

Logo to [Logo].

After converting Logo to [Logo] it is understandable for dnn engine that [Logo] is a dnn module it will convert it into

All this coversion will be done only after Parsing the skin. After parsing DNN engine generate a user control for that html file. Which is called a skin that can be implemented on the dnn pages.

DNN Skin Installation:

To install a dnn skin go in extensions and select skin from dropdownlist.

Then follow the described steps of DNN installation. Dnn engine will install skin in portals folder. After that any one can implement that skin.

Skin need to be place in the same folder under same portal for which we have design it. If skin is in another folder then it will show you to implement the skin along with preview of correct images. But css will implement on that preview.