ASP.NET CORE OWASP TOP 10 - Cross-Site Scripting (XSS)

Cross-site scripting (known also as XSS) is a type of attack aimed at web application users. Attacker injects client-side code (typically a JavaScript) into vulnerable web application in such a way that the script is run on on users browsers visiting vulnerable page. Imagine that you’ve build an web application allowing your users to send private messages to each other. One of the users finds out that you do not encode messages, so it is possible to send pure HTML or JavaScript code to other person. The user decides to send this message to his buddy: ...

January 27, 2019 · 4 min · Zbigniew

Razor beginner intro and syntax tutorial

Razor is a syntax used to build web pages within ASP.NET applications. In essence it’s a mix of Razor specific markup, C# (or VB) and HTML code. In this guide I’m going to introduce you to Razor syntax, explain how it works and show you some other related stuff. It’s worth noting that Razor syntax is pretty simple. Visual Studio has syntax highlighting for it as well as it supports Razor intellisense. ...

December 30, 2018 · 8 min · Zbigniew

Testing webhooks on localhost

During one of my projects I was implementing payments using Stripe and PayPal. I had to test webhooks in order to confirm subscriptions (recurring payments) periodically. Since I was developing locally my app could not receive requests. In this post I’m going to show you how you can test remote webhook callback from 3rd party apps in your local app. Webhooks theory The theory is simple, you create a payment transaction (or any other supported event) in Stripe/PayPal/whatever, then you receive a request, which is sent by 3rd party software. You have to configure webhook URL, so remote applications know where to send requests. But since you develop locally your app cannot be reached from outside. After all, you cannot use localhost as webhook URL. ...

November 25, 2018 · 3 min · Zbigniew

ASP.NET Core ajax modals with validation using Bootstrap (Part 2)

In the second part of this tutorial we’ll add more ajax powered functionality to modals. You’re going to learn how to: upload files via ajax display notifications after modal data has been saved view stored data in a table ajax reload table after modal data has been saved make sure that the modal opens when button is dynamically generated First part of this tutorial can be found here. This tutorial relies on the first part, so I expect you to read it and code your solution before starting part two. All the sources for this tutorial can my found in my Github repository. ...

October 26, 2018 · 10 min · Zbigniew

jQuery ajax file upload

Do you know why you cannot send files via $.post? Maybe you don’t event know how you should start sending files? In this post you’re going to learn how to send files via ajax requests. I’m not going to show you how to implement server-side code, it’s up to you. Preparation Let’s start by preparing simple HTML form: 1 2 3 4 <form enctype="multipart/form-data" action="/Upload" method="post"> <input name="Picture" type="file"> <button type="submit">Send!</button> </form> There is one point which should be noted. I’ve set the enctype attribute to multipart/form-data. It is required when you send files via regular forms, but since this will be sent via ajax it’s not needed. I’ve left it as a fallback. ...

October 19, 2018 · 4 min · Zbigniew