StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSanitizing Input with JsonConvert.SerializeObject in MVC4?
primarykey
Id
19747846
data
AcceptedAnswerId
19874737
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-11-02T22:56:51.230
FavoriteCount
1
LastActivityDate
2013-11-10T11:29:22.810
LastEditDate
2013-11-09T04:01:18.350
LastEditorUserId
899530
OwnerUserId
899530
ParentId
0
PostTypeId
1
Score
3
ViewCount
1352
LastEditorDisplayName
text
Body
<p>Long story short, I'm trying to get the output from JsonConvert.SerializeObject to be sanitized without having to modify the contents of the saved data.</p> <p>I'm working on an app that has the following markup in the view: </p> <pre><code> <textarea data-bind="value: aboutMe"></textarea> </code></pre> <p>If I save the following text, I run into problems: </p> <pre><code> <script type="text/javascript">alert("hey")</script> </code></pre> <p>The error I get in FF: </p> <p><img src="https://i.stack.imgur.com/gJtGc.png" alt="enter image description here"></p> <p>The relevant part of the offending rendered text:</p> <blockquote> <p>$(document).ready(ko.applyBindings(new MyProfileVm({"profileUsername":"admin","username":"Admin","aboutMe":"alert(\"hey\")","title":"Here's a short self-bio! :)","thumbnail":"<a href="https://i.imgur.com/H1HYxU9.jpg" rel="nofollow noreferrer">https://i.imgur.com/H1HYxU9.jpg</a>","locationZip":"22182","locationName":"Vienna, VA"</p> </blockquote> <p>And finally - at the bottom of my view: </p> <pre><code><script type="text/javascript"> $(document).ready(ko.applyBindings(new MyProfileVm(@Html.Raw(JsonConvert.SerializeObject(Model, new JsonSerializerSettings() { ContractResolver = new CamelCasePropertyNamesContractResolver() }))))); </script> </code></pre> <p>Here, I'm passing the model that I get from the MVC controller into the js ViewModel for knockout to map into observable data. The Raw encoding seems to be the problem, but I'm not sure how to go about handling it.</p> <p>To be clear, I'm getting data from the server, and outputting it to the client, which is mucking up the JSON/KO combo. </p>
Tags
<asp.net-mvc><asp.net-mvc-4><knockout.js><json.net>
Title
Sanitizing Input with JsonConvert.SerializeObject in MVC4?
singulars
PostAcceptedAnswerId
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USSB2055
UserOwnerUserId
1. USSB2055
plurals
PostLinksPostIdRelatedPostId
1. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
PostLinksRelatedPostIdPostId
1. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
2. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  POSanitizing Input with JsonConvert.SerializeObject in MVC4?
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTApproveEditSuggestion
2. VO
  singulars
  PostPostId
  POSanitizing Input with JsonConvert.SerializeObject in MVC4?
  UserUserId
  USSB2055
  VoteTypeVoteTypeId
  VTBountyStart
3. VO
  singulars
  PostPostId
  POSanitizing Input with JsonConvert.SerializeObject in MVC4?
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.