- Validate arguments from events.
- Validate inputs and results from JS interop calls.
- Avoid using (or validate beforehand) user input for .NET to JS interop calls.
- Prevent the client from allocating an unbound amount of memory.
- Data within the component.
-
DotNetObject
references returned to the client. - Guard against multiple dispatches.
- Cancel long-running operations when the component is disposed.
- Avoid events that produce large amounts of data.
- Avoid using user input as part of calls to NavigationManager.NavigateTo and validate user input for URLs against a set of allowed origins first if unavoidable.
- Don't make authorization decisions based on the state of the UI but only from component state.
- Consider using Content Security Policy (CSP) to protect against XSS attacks.
- Consider using CSP and X-Frame-Options to protect against click-jacking.
- Ensure CORS settings are appropriate when enabling CORS or explicitly disable CORS for Blazor apps.
- Test to ensure that the server-side limits for the Blazor app provide an acceptable user experience without unacceptable levels of risk.
مایکروسافت و اپنسورس
The toolkit contains various controls (labesl, text entry, buttons, radio buttons, checkboxes, dialog boxes, windows, menus) for building text user interfaces, a main loop, is designed to work on Curses and the Windows Console, works well on both color and monochrome terminals and has mouse support on terminal emulators that support it.
Angular 10 منتشر شد
Version 10.0.0 is here! This is a major release that spans the entire platform, including the framework, Angular Material, and the CLI. This release is smaller than typical; it has only been 4 months since we released version 9.0 of Angular.
آینده #C به نقل از طراحان آن
The future of C#
Over the last year we shipped no less than three "point releases" of C# (7.1, 7.2 and 7.3), full of small but useful language features. Mads and Dustin will race you through a tour of these, before turning to some of the big things we have in store for the future: Nullable reference types, recursive patterns, asynchronous streams and more.
سورس باز شدن WCF
We’re excited to announce a new open source project on GitHub from the WCF team at Microsoft. This new version of WCF targets .NET Core and has been donated to the family of .NET Foundation open source projects.
Duende IdentityServer v6 منتشر شد
- Performance and stability improvements.
- Optimization and testing for .NET 6.
- All UIs and templates have been updated for “.NET 6” style, which means they now use the new hosting API, and all UIs have been converted to Razor pages.
- Added support for CIBA, which was the last missing piece for full FAPI compliance.