Security Type in String Arguments

Question

Security Type in String Arguments

My specific question is about ASP.NET MVC, but I'm sure the answers can be applied outside of ASP.NET.

How do you feel about functions that take string arguments, but still want to keep it safe?

In ASP.NET Html.ActionLink extension method takes two arguments of type string: string linkText, string actionName. The first argument is the text that can be loaded from the resource, but the second argument is the name of the method that exists in the code.

One option is to create a class with constant lines, so instead of writing

 Html.ActionLink("Blah blah", "MyAction");

can write:

Html.ActionLine("Blah blah", StrongType.MyAction);

Where MyActionis the string const in the class with the name StrongType. However, this becomes a pain for control when the number of methods and other objects that can be passed as arguments increases.

The second option is to load the function name somehow using Reflection, but this seems too expensive.

Is there a better way to do this? How do you make sure you don't have typos in string arguments like the ones mentioned earlier?

+3

c # strong-typing

Victor Hurdugaci Jun 16 '11 at 17:22

source share

2 answers

, . . , , , , , "", "".

, , , , . .

+1

Mark Meuer 16 . '11 17:34

Lester · Accepted Answer · 2011-06-16T17:27:17+0000

You can use the ActionLink extension method, which avoids the use of this magic string.

<%= Html.ActionLink<BlahController>(c => c.MyAction(), "Blah blah");

You will need a link Microsoft.Web.Mvcthat is part of the ASP.NET MVC 3 futures and is available at http://aspnet.codeplex.com/releases/view/58781 .

Security Type in String Arguments

More articles: