2

I need to write a method which takes any object and returns an equivalent object but by applying html-encode on all public writable string properties/fields if the object is a reference type. If the object is a string it should obviously return html-encode of the string passed. If it's an enumerable type it should enumerate the type and apply the same logic as above on each of the items in the list.

Does this even sound possible ? I've been toying with some code (using ObjectDumper.cs as the starting point) but haven't been able to get far.

The idea is that i can then apply this as an aspect to all my service methods, such that the returning object fields are safe to be bound with html ui, which is being worked on by several people who sometimes forget triggering the encode on the client side.

Improve this question
2
  • I think reflection is the way to go on this one. But it might be quite a bit of work, sonce your requirements (IEnumerable-objects, any refrence type etc.) are quite diverse. Commented May 11, 2012 at 7:16
  • 1
    How will you tell whether or not they encoded things already? If you just encode everything then you might end up with stuff encoded twice which will presumably render badly. And I don't think there is a foolproof way of telling if something has already been encoded. Better just to test things to see if they have been coded properly or not. Commented Aug 23, 2018 at 15:20

2 Answers 2

Reset to default
2

Does this even sound possible ?

Yes, but the quick and dirty way is to use reflection, which will cause a massive (30-100x) performance hit versus regular property invocation. This may or may not matter to you.

If you go the reflection route, you could:

  • discover type information by calling GetType() on the instance you want to modify
  • discover all public properties using Type.GetProperties()
  • check PropertyInfo to see that the property is a string or enumerable string
  • obtain the get accessor from the PropertyInfo object: GetGetMethod()
  • get the value
  • convert the value
  • set the value using the set accessor GetSetMethod()

For IEnumerable, you would need to do a little extra work, i.e get the collection with a late bound call and then enumerate it. Depending on your types, you may also need to ignore certain properties, modify fields, etc.

If I had to do this (and I question whether or not this is the correct way to address the problem), I would scan the object's interface with reflection once, and create dynamic getters/setters for each property and cache them in a Dictionary based on type. Subsequent requests to process an object would then use those cached methods and achieve performance similar to normal get/set invocation.

Enumerations will be a little more trouble to handle but very doable if you are familiar with IL generation and/or expression trees.

which is being worked on by several people who sometimes forget triggering the encode on the client side.

I think code should be designed to make developer's lives easier, but how can you account for what people forget? I have nothing against bulletproof code, but who knows what else will be forgotten. Just a thought.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks for your reply. I understand that reflection is the way to go. My original idea was to use some inspiration from easylib.googlecode.com/svn-history/r8/trunk/EasyLib/EasyLib/… but i cant get this to work for nuts. Can you point me to some code to help do this ?
I don't know of a specific example that does what you want but I added a list of steps to use reflection. If you haven't worked much with reflection, it's actually pretty easy and it will definitely accomplish what you are seeking.
The code you linked provides a pretty good example of how to get the values of properties (not set them)...it should show you some of the main methods/properties to use.
Exactly, but seems like setting enumerable items seems to be much more difficult that getting them :). Anyways will try and stitch something up. How can i add code here ? Maybe i'll start another question if i have any issues.
If the enumerable is comprised of primitives (like string) you can just recreate and reassign it. If it is a complex type then you will need to pass THAT object to your encoding method and enumerate all its methods (basically, recurse through the object tree). You can definitely open another question with specific code if you get stuck.
1

Use Reflection to encode string properties. Then Cast response object to your object.

MyClass myObject = new MyClass();
myObject.propA = "string Value";
var response = EncodeProperties(myObject.getType(),myObject);
myObject = response as myObject ;

    public static object EncodeProperties(Type type, object obj)
    {
        var propertiesInfo = type.GetProperties();

        foreach (PropertyInfo p in propertiesInfo)
        {
            if (p.PropertyType.IsPrimitive
                && p.PropertyType.FullName == "System.String")               
            {
                    p.SetValue(obj, HttpUtility.HtmlEncode(value), null);

            }
        }
        return obj;
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.