I already posted a question closely related to the this one. I watched the Mix10 video with P. Haacked and S. Hanselman.
I am building an AJAX-powered site whose input forms are created on the fly.
All the code to accomplish this is done within a script tag or a javascript file. For example the following DOM elements are created when the page loads and are wrapped into an existing div defined in a view:
$('#myform').append('); $('#myform').append('');
When I click the submit button I need to get the values of the input form whose id is 'Name': $("#Name").val() and then I return a Json object: { Name: name };
For this kind of scenario there is no way to use Html.Encode() or AntiXss.HtmlEncode() on the client-side. The only way to check if the input is not harmful is done on the server-side (via a service layer).
This seems a limitation. All is fine if and only if a view has a set of predefined inputs. When it is time to create them on the fly, the situation is different.
Have you thought of that situation guys?
Thanks for the attention you have put on this.
Roland Brussels, Belgium