[Fixes #3868] Exclude Antiforgery token in form with method Get
This commit is contained in:
parent
dd952d8d70
commit
f0777b95a8
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.ComponentModel;
|
||||||
using Microsoft.AspNet.Mvc.Rendering;
|
using Microsoft.AspNet.Mvc.Rendering;
|
||||||
using Microsoft.AspNet.Mvc.ViewFeatures;
|
using Microsoft.AspNet.Mvc.ViewFeatures;
|
||||||
using Microsoft.AspNet.Razor.TagHelpers;
|
using Microsoft.AspNet.Razor.TagHelpers;
|
||||||
|
|
@ -68,7 +69,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Whether the antiforgery token should be generated.
|
/// Whether the antiforgery token should be generated.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <value>Defaults to <c>false</c> if user provides an <c>action</c> attribute; <c>true</c> otherwise.</value>
|
/// <value>Defaults to <c>false</c> if user provides an <c>action</c> attribute
|
||||||
|
/// or if the <c>method</c> is <see cref="FormMethod.Get"/>; <c>true</c> otherwise.</value>
|
||||||
[HtmlAttributeName(AntiforgeryAttributeName)]
|
[HtmlAttributeName(AntiforgeryAttributeName)]
|
||||||
public bool? Antiforgery { get; set; }
|
public bool? Antiforgery { get; set; }
|
||||||
|
|
||||||
|
|
@ -81,6 +83,13 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
[HtmlAttributeName(RouteAttributeName)]
|
[HtmlAttributeName(RouteAttributeName)]
|
||||||
public string Route { get; set; }
|
public string Route { get; set; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The HTTP method to use.
|
||||||
|
/// </summary>
|
||||||
|
/// <remarks>Passed through to the generated HTML in all cases.</remarks>
|
||||||
|
[EditorBrowsable(EditorBrowsableState.Never)]
|
||||||
|
public string Method { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Additional parameters for the route.
|
/// Additional parameters for the route.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
@ -122,6 +131,10 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
{
|
{
|
||||||
throw new ArgumentNullException(nameof(output));
|
throw new ArgumentNullException(nameof(output));
|
||||||
}
|
}
|
||||||
|
if (Method != null)
|
||||||
|
{
|
||||||
|
output.CopyHtmlAttribute(nameof(Method), context);
|
||||||
|
}
|
||||||
|
|
||||||
var antiforgeryDefault = true;
|
var antiforgeryDefault = true;
|
||||||
|
|
||||||
|
|
@ -195,6 +208,11 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
output.MergeAttributes(tagBuilder);
|
output.MergeAttributes(tagBuilder);
|
||||||
output.PostContent.AppendHtml(tagBuilder.InnerHtml);
|
output.PostContent.AppendHtml(tagBuilder.InnerHtml);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (string.Equals(Method, FormMethod.Get.ToString(), StringComparison.OrdinalIgnoreCase))
|
||||||
|
{
|
||||||
|
antiforgeryDefault = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Antiforgery ?? antiforgeryDefault)
|
if (Antiforgery ?? antiforgeryDefault)
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -43,9 +43,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// match the current request.
|
/// match the current request.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <returns>
|
/// <returns>
|
||||||
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
||||||
|
|
@ -53,7 +55,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <remarks>
|
/// <remarks>
|
||||||
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public static MvcForm BeginForm(this IHtmlHelper htmlHelper, bool suppressAntiforgery)
|
public static MvcForm BeginForm(this IHtmlHelper htmlHelper, bool? antiforgery)
|
||||||
{
|
{
|
||||||
if (htmlHelper == null)
|
if (htmlHelper == null)
|
||||||
{
|
{
|
||||||
|
|
@ -66,7 +68,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: suppressAntiforgery,
|
antiforgery: antiforgery,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -94,7 +96,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -130,7 +132,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -140,9 +142,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
||||||
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="htmlAttributes">
|
/// <param name="htmlAttributes">
|
||||||
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
||||||
|
|
@ -158,7 +162,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
public static MvcForm BeginForm(
|
public static MvcForm BeginForm(
|
||||||
this IHtmlHelper htmlHelper,
|
this IHtmlHelper htmlHelper,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
if (htmlHelper == null)
|
if (htmlHelper == null)
|
||||||
|
|
@ -171,7 +175,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: suppressAntiforgery,
|
antiforgery: antiforgery,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -205,7 +209,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: routeValues,
|
routeValues: routeValues,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -237,7 +241,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -277,7 +281,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues,
|
routeValues,
|
||||||
FormMethod.Post,
|
FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -311,7 +315,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -353,7 +357,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues,
|
routeValues,
|
||||||
method,
|
method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -393,7 +397,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -426,7 +430,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName: null,
|
routeName: null,
|
||||||
routeValues: routeValues,
|
routeValues: routeValues,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -442,9 +446,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <see cref="System.Collections.Generic.IDictionary{string, object}"/> instance containing the route
|
/// <see cref="System.Collections.Generic.IDictionary{string, object}"/> instance containing the route
|
||||||
/// parameters.
|
/// parameters.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <returns>
|
/// <returns>
|
||||||
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
||||||
|
|
@ -452,7 +458,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <remarks>
|
/// <remarks>
|
||||||
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, object routeValues, bool suppressAntiforgery)
|
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, object routeValues, bool? antiforgery)
|
||||||
{
|
{
|
||||||
if (htmlHelper == null)
|
if (htmlHelper == null)
|
||||||
{
|
{
|
||||||
|
|
@ -463,7 +469,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName: null,
|
routeName: null,
|
||||||
routeValues: routeValues,
|
routeValues: routeValues,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: suppressAntiforgery,
|
antiforgery: antiforgery,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -490,7 +496,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -500,9 +506,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
/// <param name="htmlHelper">The <see cref="IHtmlHelper"/> instance this method extends.</param>
|
||||||
/// <param name="routeName">The name of the route.</param>
|
/// <param name="routeName">The name of the route.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <returns>
|
/// <returns>
|
||||||
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
/// An <see cref="MvcForm"/> instance which renders the </form> end tag when disposed.
|
||||||
|
|
@ -510,7 +518,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <remarks>
|
/// <remarks>
|
||||||
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
/// In this context, "renders" means the method writes its output using <see cref="ViewContext.Writer"/>.
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, string routeName, bool suppressAntiforgery)
|
public static MvcForm BeginRouteForm(this IHtmlHelper htmlHelper, string routeName, bool? antiforgery)
|
||||||
{
|
{
|
||||||
if (htmlHelper == null)
|
if (htmlHelper == null)
|
||||||
{
|
{
|
||||||
|
|
@ -521,7 +529,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: suppressAntiforgery,
|
antiforgery: antiforgery,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -558,7 +566,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues,
|
routeValues,
|
||||||
FormMethod.Post,
|
FormMethod.Post,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -589,7 +597,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -628,7 +636,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues,
|
routeValues,
|
||||||
method,
|
method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -665,7 +673,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: null,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -114,9 +114,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="htmlAttributes">
|
/// <param name="htmlAttributes">
|
||||||
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
||||||
|
|
@ -133,7 +135,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
string controllerName,
|
string controllerName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes);
|
object htmlAttributes);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
@ -148,8 +150,11 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// Determines whether or not to include an <input> of type "hidden" with an antiforgery token.
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="htmlAttributes">
|
/// <param name="htmlAttributes">
|
||||||
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
||||||
|
|
@ -165,7 +170,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
string routeName,
|
string routeName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes);
|
object htmlAttributes);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
|
||||||
|
|
@ -288,7 +288,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
string controllerName,
|
string controllerName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
|
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
|
||||||
|
|
@ -297,7 +297,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
CanRenderAtEndOfForm = true
|
CanRenderAtEndOfForm = true
|
||||||
};
|
};
|
||||||
|
|
||||||
return GenerateForm(actionName, controllerName, routeValues, method, suppressAntiforgery, htmlAttributes);
|
return GenerateForm(actionName, controllerName, routeValues, method, antiforgery, htmlAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
|
|
@ -305,7 +305,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
string routeName,
|
string routeName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
|
// Push the new FormContext; MvcForm.GenerateEndForm() does the corresponding pop.
|
||||||
|
|
@ -314,7 +314,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
CanRenderAtEndOfForm = true
|
CanRenderAtEndOfForm = true
|
||||||
};
|
};
|
||||||
|
|
||||||
return GenerateRouteForm(routeName, routeValues, method, suppressAntiforgery, htmlAttributes);
|
return GenerateRouteForm(routeName, routeValues, method, antiforgery, htmlAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
|
|
@ -871,9 +871,11 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="htmlAttributes">
|
/// <param name="htmlAttributes">
|
||||||
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
||||||
|
|
@ -890,7 +892,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
string controllerName,
|
string controllerName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
var tagBuilder = _htmlGenerator.GenerateForm(
|
var tagBuilder = _htmlGenerator.GenerateForm(
|
||||||
|
|
@ -906,7 +908,8 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
|
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!suppressAntiforgery)
|
var shouldGenerateAntiforgery = antiforgery.HasValue ? antiforgery.Value : method != FormMethod.Get;
|
||||||
|
if (shouldGenerateAntiforgery)
|
||||||
{
|
{
|
||||||
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
|
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
|
||||||
ViewContext.FormContext.HasAntiforgeryToken = true;
|
ViewContext.FormContext.HasAntiforgeryToken = true;
|
||||||
|
|
@ -927,9 +930,11 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
/// <see cref="IDictionary{string, object}"/> instance containing the route parameters.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
/// <param name="method">The HTTP method for processing the form, either GET or POST.</param>
|
||||||
/// <param name="suppressAntiforgery">
|
/// <param name="antiforgery">
|
||||||
/// If <c>true</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token. By
|
/// If <c>true</c>, <form> elements will include an antiforgery token.
|
||||||
/// default <form> elements will automatically include an antiforgery token.
|
/// If <c>false</c>, suppresses the generation an <input> of type "hidden" with an antiforgery token.
|
||||||
|
/// If <c>null</c>, <form> elements will include an antiforgery token only if
|
||||||
|
/// <paramref name="method"/> is not <see cref="FormMethod.Get"/>.
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="htmlAttributes">
|
/// <param name="htmlAttributes">
|
||||||
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
/// An <see cref="object"/> that contains the HTML attributes for the element. Alternatively, an
|
||||||
|
|
@ -945,7 +950,7 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
string routeName,
|
string routeName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool suppressAntiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
var tagBuilder = _htmlGenerator.GenerateRouteForm(
|
var tagBuilder = _htmlGenerator.GenerateRouteForm(
|
||||||
|
|
@ -960,7 +965,8 @@ namespace Microsoft.AspNet.Mvc.ViewFeatures
|
||||||
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
|
tagBuilder.WriteTo(ViewContext.Writer, _htmlEncoder);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!suppressAntiforgery)
|
var shouldGenerateAntiforgery = antiforgery.HasValue ? antiforgery.Value : method != FormMethod.Get;
|
||||||
|
if (shouldGenerateAntiforgery)
|
||||||
{
|
{
|
||||||
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
|
ViewContext.FormContext.EndOfFormContent.Add(_htmlGenerator.GenerateAntiforgery(ViewContext));
|
||||||
ViewContext.FormContext.HasAntiforgeryToken = true;
|
ViewContext.FormContext.HasAntiforgeryToken = true;
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<title></title>
|
<title></title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<form method="get" action="HtmlEncode[[/UrlEncode[[HtmlGeneration_Home]]/UrlEncode[[ProductSubmit]]]]">
|
<form method="HtmlEncode[[get]]" action="HtmlEncode[[/UrlEncode[[HtmlGeneration_Home]]/UrlEncode[[ProductSubmit]]]]">
|
||||||
<div>
|
<div>
|
||||||
<label class="product" for="HtmlEncode[[HomePage]]">HtmlEncode[[HomePage]]</label>
|
<label class="product" for="HtmlEncode[[HomePage]]">HtmlEncode[[HomePage]]</label>
|
||||||
<input type="HtmlEncode[[url]]" size="50" id="HtmlEncode[[HomePage]]" name="HtmlEncode[[HomePage]]" value="HtmlEncode[[http://www.contoso.com/]]" />
|
<input type="HtmlEncode[[url]]" size="50" id="HtmlEncode[[HomePage]]" name="HtmlEncode[[HomePage]]" value="HtmlEncode[[http://www.contoso.com/]]" />
|
||||||
|
|
|
||||||
|
|
@ -99,18 +99,23 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[InlineData(null, "<input />")]
|
[InlineData(null, FormMethod.Post, "<input />")]
|
||||||
[InlineData(true, "<input />")]
|
[InlineData(true, FormMethod.Post, "<input />")]
|
||||||
[InlineData(false, "")]
|
[InlineData(false, FormMethod.Post, "")]
|
||||||
|
[InlineData(null, FormMethod.Get, "")]
|
||||||
|
[InlineData(true, FormMethod.Get, "<input />")]
|
||||||
|
[InlineData(false, FormMethod.Get, "")]
|
||||||
public async Task ProcessAsync_GeneratesAntiforgeryCorrectly(
|
public async Task ProcessAsync_GeneratesAntiforgeryCorrectly(
|
||||||
bool? antiforgery,
|
bool? antiforgery,
|
||||||
|
FormMethod method,
|
||||||
string expectedPostContent)
|
string expectedPostContent)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var viewContext = CreateViewContext();
|
var viewContext = CreateViewContext();
|
||||||
|
var expectedAttribute = new TagHelperAttribute("method", method.ToString().ToLowerInvariant());
|
||||||
var context = new TagHelperContext(
|
var context = new TagHelperContext(
|
||||||
allAttributes: new ReadOnlyTagHelperAttributeList<IReadOnlyTagHelperAttribute>(
|
allAttributes: new ReadOnlyTagHelperAttributeList<IReadOnlyTagHelperAttribute>(
|
||||||
Enumerable.Empty<IReadOnlyTagHelperAttribute>()),
|
new ReadOnlyTagHelperAttributeList<IReadOnlyTagHelperAttribute>(new List<IReadOnlyTagHelperAttribute> { expectedAttribute })),
|
||||||
items: new Dictionary<object, object>(),
|
items: new Dictionary<object, object>(),
|
||||||
uniqueId: "test");
|
uniqueId: "test");
|
||||||
var output = new TagHelperOutput(
|
var output = new TagHelperOutput(
|
||||||
|
|
@ -140,6 +145,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
Action = "Index",
|
Action = "Index",
|
||||||
Antiforgery = antiforgery,
|
Antiforgery = antiforgery,
|
||||||
ViewContext = viewContext,
|
ViewContext = viewContext,
|
||||||
|
Method = method.ToString().ToLowerInvariant()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
|
@ -148,7 +154,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal("form", output.TagName);
|
Assert.Equal("form", output.TagName);
|
||||||
Assert.Equal(TagMode.StartTagAndEndTag, output.TagMode);
|
Assert.Equal(TagMode.StartTagAndEndTag, output.TagMode);
|
||||||
Assert.Empty(output.Attributes);
|
var attribute = Assert.Single(output.Attributes);
|
||||||
|
Assert.Equal(expectedAttribute, attribute);
|
||||||
Assert.Empty(output.PreContent.GetContent());
|
Assert.Empty(output.PreContent.GetContent());
|
||||||
Assert.True(output.Content.IsEmpty);
|
Assert.True(output.Content.IsEmpty);
|
||||||
Assert.Equal(expectedPostContent, output.PostContent.GetContent());
|
Assert.Equal(expectedPostContent, output.PostContent.GetContent());
|
||||||
|
|
|
||||||
|
|
@ -338,7 +338,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginForm(suppressAntiforgery: false);
|
var mvcForm = htmlHelper.BeginForm(antiforgery: true);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -371,7 +371,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginForm(suppressAntiforgery: true);
|
var mvcForm = htmlHelper.BeginForm(antiforgery: false);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -397,10 +397,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
null)) // htmlAttributes
|
null)) // htmlAttributes
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -437,10 +441,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
htmlAttributes))
|
htmlAttributes))
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -489,7 +497,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginForm(method, suppressAntiforgery: false, htmlAttributes: htmlAttributes);
|
var mvcForm = htmlHelper.BeginForm(method, antiforgery: true, htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -525,7 +533,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginForm(method, suppressAntiforgery: true, htmlAttributes: htmlAttributes);
|
var mvcForm = htmlHelper.BeginForm(method, antiforgery: false, htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -673,10 +681,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
null)) // htmlAttributes
|
null)) // htmlAttributes
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -715,10 +727,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
null)) // htmlAttributes
|
null)) // htmlAttributes
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
|
if (method != FormMethod.Get)
|
||||||
|
{
|
||||||
|
htmlGenerator
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
.Returns(HtmlString.Empty)
|
.Returns(HtmlString.Empty)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -757,10 +773,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
htmlAttributes))
|
htmlAttributes))
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -816,7 +836,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: true,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -860,7 +880,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -936,7 +956,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginRouteForm(routeValues, suppressAntiforgery: false);
|
var mvcForm = htmlHelper.BeginRouteForm(routeValues, antiforgery: true);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -970,7 +990,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginRouteForm(routeValues, suppressAntiforgery: true);
|
var mvcForm = htmlHelper.BeginRouteForm(routeValues, antiforgery: false);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -1045,7 +1065,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginRouteForm(routeName, suppressAntiforgery: false);
|
var mvcForm = htmlHelper.BeginRouteForm(routeName, antiforgery: true);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -1079,7 +1099,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(builder);
|
Assert.NotNull(builder);
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var mvcForm = htmlHelper.BeginRouteForm(routeName, suppressAntiforgery: true);
|
var mvcForm = htmlHelper.BeginRouteForm(routeName, antiforgery: false);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(mvcForm);
|
Assert.NotNull(mvcForm);
|
||||||
|
|
@ -1145,10 +1165,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
null)) // htmlAttributes
|
null)) // htmlAttributes
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -1185,10 +1209,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
null)) // htmlAttributes
|
null)) // htmlAttributes
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -1225,10 +1253,14 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
htmlAttributes))
|
htmlAttributes))
|
||||||
.Returns(tagBuilder)
|
.Returns(tagBuilder)
|
||||||
.Verifiable();
|
.Verifiable();
|
||||||
htmlGenerator
|
|
||||||
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
if (method != FormMethod.Get)
|
||||||
.Returns(HtmlString.Empty)
|
{
|
||||||
.Verifiable();
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(htmlHelper.ViewContext))
|
||||||
|
.Returns(HtmlString.Empty)
|
||||||
|
.Verifiable();
|
||||||
|
}
|
||||||
|
|
||||||
// Guards
|
// Guards
|
||||||
Assert.NotNull(htmlHelper.ViewContext);
|
Assert.NotNull(htmlHelper.ViewContext);
|
||||||
|
|
@ -1281,7 +1313,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: false,
|
antiforgery: true,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -1322,7 +1354,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: method,
|
method: method,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
|
||||||
|
|
@ -151,7 +151,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: null);
|
htmlAttributes: null);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -201,7 +201,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName: null,
|
controllerName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -254,7 +254,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
controllerName,
|
controllerName,
|
||||||
routeValues,
|
routeValues,
|
||||||
method,
|
method,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -302,7 +302,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName,
|
routeName,
|
||||||
routeValues,
|
routeValues,
|
||||||
method,
|
method,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: htmlAttributes);
|
htmlAttributes: htmlAttributes);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -404,6 +404,45 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
writer.GetStringBuilder().ToString());
|
writer.GetStringBuilder().ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void BeginForm_EndForm_RendersAntiforgeryTokenWhenMethodIsPost()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginForm(FormMethod.Post, antiforgery: null, htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form><antiforgery></antiforgery></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
// This is an integration for the implicit antiforgery token added by BeginForm.
|
// This is an integration for the implicit antiforgery token added by BeginForm.
|
||||||
[Fact]
|
[Fact]
|
||||||
public void BeginForm_EndForm_RendersAntiforgeryToken_WithExplicitCallToAntiforgery()
|
public void BeginForm_EndForm_RendersAntiforgeryToken_WithExplicitCallToAntiforgery()
|
||||||
|
|
@ -477,7 +516,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(writer);
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
// Act & Assert
|
// Act & Assert
|
||||||
using (var form = htmlHelper.BeginForm(FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
|
using (var form = htmlHelper.BeginForm(FormMethod.Post, antiforgery: false, htmlAttributes: null))
|
||||||
{
|
{
|
||||||
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
}
|
}
|
||||||
|
|
@ -487,6 +526,86 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
writer.GetStringBuilder().ToString());
|
writer.GetStringBuilder().ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void BeginForm_EndForm_SuppressAntiforgeryTokenWhenMethodIsGet()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginForm(FormMethod.Get, antiforgery: null, htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData(FormMethod.Get)]
|
||||||
|
[InlineData(FormMethod.Post)]
|
||||||
|
public void BeginForm_EndForm_DoesNotSuppressAntiforgeryTokenWhenAntiforgeryIsTrue(FormMethod method)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginForm(method, antiforgery: true, htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form><antiforgery></antiforgery></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
// This is an integration for suppressing implicit antiforgery token added by BeginForm.
|
// This is an integration for suppressing implicit antiforgery token added by BeginForm.
|
||||||
[Fact]
|
[Fact]
|
||||||
public void BeginForm_EndForm_SuppressAntiforgeryToken_WithExplicitCallToAntiforgery()
|
public void BeginForm_EndForm_SuppressAntiforgeryToken_WithExplicitCallToAntiforgery()
|
||||||
|
|
@ -517,7 +636,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
Assert.NotNull(writer);
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
// Act & Assert
|
// Act & Assert
|
||||||
using (var form = htmlHelper.BeginForm(FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
|
using (var form = htmlHelper.BeginForm(FormMethod.Post, antiforgery: false, htmlAttributes: null))
|
||||||
{
|
{
|
||||||
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
|
||||||
|
|
@ -569,6 +688,49 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
writer.GetStringBuilder().ToString());
|
writer.GetStringBuilder().ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void BeginRouteForm_EndForm_RendersAntiforgeryTokenWhenMethodIsPost()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateRouteForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginRouteForm(
|
||||||
|
routeName: null,
|
||||||
|
routeValues: null,
|
||||||
|
method: FormMethod.Post,
|
||||||
|
antiforgery: null,
|
||||||
|
htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form><antiforgery></antiforgery></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
// This is an integration for suppressing implicit antiforgery token added by BeginRouteForm.
|
// This is an integration for suppressing implicit antiforgery token added by BeginRouteForm.
|
||||||
[Fact]
|
[Fact]
|
||||||
public void BeginRouteForm_EndForm_SuppressAntiforgeryToken()
|
public void BeginRouteForm_EndForm_SuppressAntiforgeryToken()
|
||||||
|
|
@ -602,7 +764,7 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
routeName: null,
|
routeName: null,
|
||||||
routeValues: null,
|
routeValues: null,
|
||||||
method: FormMethod.Post,
|
method: FormMethod.Post,
|
||||||
suppressAntiforgery: true,
|
antiforgery: false,
|
||||||
htmlAttributes: null))
|
htmlAttributes: null))
|
||||||
{
|
{
|
||||||
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
|
@ -613,6 +775,94 @@ namespace Microsoft.AspNet.Mvc.Rendering
|
||||||
writer.GetStringBuilder().ToString());
|
writer.GetStringBuilder().ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void BeginRouteForm_EndForm_SuppressAntiforgeryTokenWhenMethodIsGet()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateRouteForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginRouteForm(
|
||||||
|
routeName: null,
|
||||||
|
routeValues: null,
|
||||||
|
method: FormMethod.Get,
|
||||||
|
antiforgery: null,
|
||||||
|
htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.False(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData(FormMethod.Get)]
|
||||||
|
[InlineData(FormMethod.Post)]
|
||||||
|
public void BeginRouteForm_EndForm_DoesNotSuppressAntiforgeryTokenWhenAntiforgeryIsTrue(FormMethod method)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var htmlGenerator = new Mock<IHtmlGenerator>(MockBehavior.Strict);
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateRouteForm(
|
||||||
|
It.IsAny<ViewContext>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>(),
|
||||||
|
It.IsAny<string>(),
|
||||||
|
It.IsAny<object>()))
|
||||||
|
.Returns(new TagBuilder("form"));
|
||||||
|
|
||||||
|
htmlGenerator
|
||||||
|
.Setup(g => g.GenerateAntiforgery(It.IsAny<ViewContext>()))
|
||||||
|
.Returns(new TagBuilder("antiforgery"));
|
||||||
|
|
||||||
|
var htmlHelper = DefaultTemplatesUtilities.GetHtmlHelper(htmlGenerator.Object);
|
||||||
|
var serviceProvider = new Mock<IServiceProvider>();
|
||||||
|
serviceProvider.Setup(s => s.GetService(typeof(HtmlEncoder))).Returns(new HtmlTestEncoder());
|
||||||
|
var viewContext = htmlHelper.ViewContext;
|
||||||
|
viewContext.HttpContext.RequestServices = serviceProvider.Object;
|
||||||
|
|
||||||
|
var writer = viewContext.Writer as StringWriter;
|
||||||
|
Assert.NotNull(writer);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
using (var form = htmlHelper.BeginRouteForm(
|
||||||
|
routeName: null,
|
||||||
|
routeValues: null,
|
||||||
|
method: method,
|
||||||
|
antiforgery: true,
|
||||||
|
htmlAttributes: null))
|
||||||
|
{
|
||||||
|
Assert.True(viewContext.FormContext.HasAntiforgeryToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
Assert.Equal(
|
||||||
|
"<form><antiforgery></antiforgery></form>",
|
||||||
|
writer.GetStringBuilder().ToString());
|
||||||
|
}
|
||||||
|
|
||||||
private string GetHtmlAttributesAsString(object htmlAttributes)
|
private string GetHtmlAttributesAsString(object htmlAttributes)
|
||||||
{
|
{
|
||||||
var dictionary = HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAttributes);
|
var dictionary = HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAttributes);
|
||||||
|
|
|
||||||
|
|
@ -1002,7 +1002,7 @@ Environment.NewLine;
|
||||||
string controllerName,
|
string controllerName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool antiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
throw new NotImplementedException();
|
throw new NotImplementedException();
|
||||||
|
|
@ -1012,7 +1012,7 @@ Environment.NewLine;
|
||||||
string routeName,
|
string routeName,
|
||||||
object routeValues,
|
object routeValues,
|
||||||
FormMethod method,
|
FormMethod method,
|
||||||
bool antiforgery,
|
bool? antiforgery,
|
||||||
object htmlAttributes)
|
object htmlAttributes)
|
||||||
{
|
{
|
||||||
throw new NotImplementedException();
|
throw new NotImplementedException();
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
<h2>@ViewBag.Title</h2>
|
<h2>@ViewBag.Title</h2>
|
||||||
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, suppressAntiforgery: true))
|
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, antiforgery: false))
|
||||||
{
|
{
|
||||||
<div class="form-horizontal">
|
<div class="form-horizontal">
|
||||||
<h4>Person</h4>
|
<h4>Person</h4>
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
<h2>@ViewBag.Title</h2>
|
<h2>@ViewBag.Title</h2>
|
||||||
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, suppressAntiforgery: true))
|
@using (Html.BeginForm(FormMethod.Post, htmlAttributes: null, antiforgery: false))
|
||||||
{
|
{
|
||||||
<div class="form-horizontal">
|
<div class="form-horizontal">
|
||||||
<h4>Person</h4>
|
<h4>Person</h4>
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ Secondary content
|
||||||
@{
|
@{
|
||||||
await Html.RenderPartialAsync("_PartialWithFlush");
|
await Html.RenderPartialAsync("_PartialWithFlush");
|
||||||
}
|
}
|
||||||
@using (Html.BeginForm(method: FormMethod.Post, suppressAntiforgery: true, htmlAttributes: null))
|
@using (Html.BeginForm(method: FormMethod.Post, antiforgery: false, htmlAttributes: null))
|
||||||
{
|
{
|
||||||
@Html.TextBox("Name1")
|
@Html.TextBox("Name1")
|
||||||
@await FlushAsync()
|
@await FlushAsync()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue