- Validate arguments from events.
- Validate inputs and results from JS interop calls.
- Avoid using (or validate beforehand) user input for .NET to JS interop calls.
- Prevent the client from allocating an unbound amount of memory.
- Data within the component.
-
DotNetObject
references returned to the client. - Guard against multiple dispatches.
- Cancel long-running operations when the component is disposed.
- Avoid events that produce large amounts of data.
- Avoid using user input as part of calls to NavigationManager.NavigateTo and validate user input for URLs against a set of allowed origins first if unavoidable.
- Don't make authorization decisions based on the state of the UI but only from component state.
- Consider using Content Security Policy (CSP) to protect against XSS attacks.
- Consider using CSP and X-Frame-Options to protect against click-jacking.
- Ensure CORS settings are appropriate when enabling CORS or explicitly disable CORS for Blazor apps.
- Test to ensure that the server-side limits for the Blazor app provide an acceptable user experience without unacceptable levels of risk.
ASP.NET Core 1.0 (formerly ASP.NET 5) provides a revamped Web development framework geared towards the requirements of modern Web applications. The new framework, currently in RC1, requires you to learn many new concepts not found in ASP.NET MVC 5. To that end, this article enumerates a few important features that ASP.NET MVC 5 developers should know as they prepare to learn this new framework.
Entity Framework 7 (EF7) Preview 5 has shipped with support for Table-per-Concrete type (TPC) mapping. This blog post will focus on TPC. There are several other enhancements included in Preview 5, such as:
- Support for AT TIME ZONE in SQL Server
- Updates to command and connection interception (#23087, #23085, #17261)
- Addition of the delete behavior attribute
Read the full list of EF7 Preview 5 enhancements.
HTTPS چه اطلاعاتی را فاش میکند؟
Blazor از حالت آزمایشی خارج شد
بهبود PowerShell IntelliSense
As you may remember, Microsoft has removed the IE Mode feature from Microsoft Edge. THe company has limited it to enterprise customers and IT admins. They have also stated that the feature was released to the public for testing purposes only. Here is a bit of good news - you can re-enable IE Mode when needed with recent versions of Edge!