September 2009 Blog Posts
Today we just released ASP.NET MVC 2 Preview 2 for Visual Studio 2008 SP1 (and ASP.NET 3.5 SP1), which builds on top of the work we did in Preview 1 released two months ago.
Some of the cool new features we’ve added to Preview 2 include:
- Client-Side Validation – ASP.NET MVC 2 includes the jQuery validation library to provide client-side validation based on the model’s validation metadata. It is possible to hook in alternative client-side validation libraries by writing an adapter which adapts the client library to the JSON metadata in a manner similar to the xVal validation framework.
- Areas – Preview 2 includes in-the-box support for single project areas for developers who wish to organize their application without requiring multiple projects. Registration of areas has also been streamlined.
- Model Validation Providers - allow hooking in alternative validation logic to provide validation when model binding. The default validation providers uses Data Annotations.
- Metadata Providers - allow hooking in alternative sources of metadata for model objects. The default metadata provider uses Data Annotations.
Based on this list, you’ll notice a theme where in Preview 1, we tied much functionality directly to Data Annotation attributes, in Preview 2 we inserted abstractions around our usage of Data Annotations which allow hooking in custom implementations of validation and metadata providers.
This will allow you to do things like swapping out our default validation with the Enterprise Library Validation Block for example. It also allows providing implementations where model metadata is stored in alternative locations rather than via attributes, with a bit of work.
What About Visual Studio 2010?
The tools for this particular release only work in Visual Studio 2008 SP1. The version of ASP.NET MVC 2 Preview 2 for Visual Studio 2010 will be released in-the-box with Visual Studio 2010 Beta 2. You won’t need to go anywhere else, it’ll just be there waiting for you. Likewise, the RTM of ASP.NET MVC 2 will be included with the RTM of Visual Studio 2010.
Therefore, if you want to try out the new HTML encoding code blocks with ASP.NET MVC 2 Preview 2, you’ll have to wait till Visual Studio 2010 Beta 2 is released. But for now, you can try out Preview 2 on VS 2008 and start providing feedback.
One area where using MoQ is confusing is when mocking successive calls to the same method of an object.
For example, I was writing some tests for legacy code where I needed to fake out multiple calls to a data reader. You remember data readers, don’t you?
Here’s a snippet of the code I was testing. Ignore the map method and focus on the call to reader.Read.
while(reader.Read()) {
yield return map(reader);
}
Notice that there are multiple calls to reader.Read. The first couple times, I wanted Read to return true. The last time, it should return false. And here’s the code I hoped to write to fake this using MoQ:
reader.Setup(r => r.Read()).Returns(true);
reader.Setup(r => r.Read()).Returns(true);
reader.Setup(r => r.Read()).Returns(false);
Unfortunately, MoQ doesn’t work that way. The last call wins and nullifies the previous two calls. Fortunately, there are many overloads of the Returns method, some of which accept functions used to return the value when the method is called.
That’s the approach I found on Matt Hamilton’s blog post (Mad Props indeed!) where he describes his clever solution to this issue involving a Queue:
var pq = new Queue<IDbDataParameter>(new[]
{
mockParam1.Object,
mockParam2.Object
});
mockCommand.Expect(c => c.CreateParameter()).Returns(() => pq.Dequeue());
Each time the method is called, it will return the next value in the queue.
One cool thing I stumbled on is that the syntax can be made even cleaner and more succinct by passing in a method group. Here’s my MoQ code for the original IDataReader issue I mentioned above.
var reader = new Mock<IDataReader>();
reader.Setup(r => r.Read())
.Returns(new Queue<bool>(new[] { true, true, false }).Dequeue);
I’m defining a Queue inline and then passing what is effectively a pointer to its Dequeue method. Notice the lack of parentheses at the end of Dequeue which is how you can tell that I’m passing the method itself and not the result of the method.
Using this apporach, MoQ will call Dequeue each time it calls r.Read() grabbing the next value from the queue. Thanks to Matt for posting his solution! This is a great technique for dealing with sequences using MoQ.
UPDATE: There’s a great discussion in the comments to this post. Fredrik Kalseth proposed an extension method to make this pattern even simpler to apply and much more understandable. Why didn’t I think of this?! Here’s the extension method he proposed (but renamed to the name that Matt proposed because I like it better).
public static class MoqExtensions
{
public static void ReturnsInOrder<T, TResult>(this ISetup<T, TResult> setup,
params TResult[] results) where T : class {
setup.Returns(new Queue<TResult>(results).Dequeue);
}
}
Now with this extension method, I can rewrite my above test to be even more readable.
var reader = new Mock<IDataReader>();
reader.Setup(r => r.Read()).ReturnsInOrder(true, true, false);
In the words of Borat, Very Nice!
This is the first in a three part series related to HTML encoding blocks, aka the <%: ... %> syntax.
One great new feature being introduced in ASP.NET 4 is a new code block (often called a Code Nugget by members of the Visual Web Developer team) syntax which provides a convenient means to HTML encode output in an ASPX page or view.
I often tell people it’s <%= but with the = seen from the front.
Let’s look at an example of how this might be used in an ASP.NET MVC view. Suppose you have a form which allows the user to submit their first and last name. After submitting the form, the same view is used to display the submitted values.
First Name: <%: Model.FirstName %>
Last Name: <%: Model.FirstName %>
<form method="post">
<%: Html.TextBox("FirstName") %>
<%: Html.TextBox("LastName") %>
</form>
By using the the new syntax, Model.FirstName and Model.LastName are properly HTML encoded which helps in mitigating Cross Site Scripting (XSS) attacks.
Expressing Intent with the new IHtmlString interface
If you’re paying close attention, you might be asking yourself “Html.TextBox is supposed to return HTML that is already sanitized. Wouldn’t using this syntax with Html.TextBox cause double encoding?”
ASP.NET 4 also introduces a new interface, IHtmlString along with a default implementation, HtmlString. Any method that returns a value that implements the IHtmlString interface will not get encoded by this new syntax.
In ASP.NET MVC 2, all helpers which return HTML now take advantage of this new interface which means that when you’re writing a view, you can simply use this new syntax all the time and it will just work. By adopting this habit, you’ve effectively changed the act of HTML encoding from an opt-in model to an opt-out model.
The Goals
There were four primary goals we wanted to satisfy with the new syntax.
-
Obvious at a glance. When you look at a page or a view, it should be immediately obvious which code blocks are HTML encoded and which are not. You shouldn’t have to refer back to flags in web.config or the page directive (which could turn encoding on or off) to figure out whether the code is actually being encoded. Also, it’s not uncommon to review code changes via check-in emails which only show a DIFF. This is one reason we didn’t reuse existing syntax.
Not only that, code review becomes a bit easier with this new syntax. For example, it would be easy to do a global search for <%= in a code base and review those lines with more scrutiny (though we hope there won’t be any to review). Also, when you receive a check-in email which shows a DIFF, you have most of the context you need to review that code.
-
Evokes a similar meaning to <%=. We could have used something entirely new, but we didn’t have the time to drastically change the syntax. We also wanted something that had a similar feel to <%= which evokes the sense that it’s related to output. Yeah, it’s a bit touchy feely and arbitrary, but I think it helps people feel immediately familiar with the syntax.
-
Replaces the old syntax and allows developers to show their intent. One issue with the current implementation of output code blocks is there’s no way for developers to indicate that a method is returning already sanitized HTML. Having this in place helps enable our goal of completely replacing the old syntax with this new syntax in practice.
This also means we need to work hard to make sure all new samples, books, blog posts, etc. eventually use the new syntax when targeting ASP.NET 4.
Hopefully, the next generation of ASP.NET developers will experience this as being the default output code block syntax and <%= will just be a bad memory for us old-timers like punch cards, manual memory allocations, and Do While Not rs.EOF.
-
Make it easy to migrate from ASP.NET 3.5. We strongly considered just changing the existing <%= syntax to encode by default. We eventually decided against this for several reasons, some of which are listed in the above goals. Doing so would make it tricky and painful to upgrade an existing application from earlier versions of ASP.NET.
Also, we didn’t want to impose an additional burden for those who already do practice good encoding. For those who don’t already practice good encoding, this additional burden might prevent them from porting their app and thus they wouldn’t get the benefit anyways.
When Can I Use This?
This is a new feature of ASP.NET 4. If you’re developing on ASP.NET 3.5, you will have to continue to use the existing <%= syntax and remember to encode the output yourself.
In ASP.NET 4 Beta 2, you will have the ability to try this out yourself with ASP.NET MVC 2 Preview 2. If you’re running on ASP.NET 3.5, you’ll have to use the old syntax.
What about ASP.NET MVC 2?
As mentioned, ASP.NET MVC 2 supports this new syntax in its helper when running on ASP.NET 4.
In order to make this possible, we are making a breaking change such that the relevant helper methods (ones that return HTML as a string) will return a type that implements IHtmlString.
In a follow-up blog post, I’ll write about the specifics of that change. It was an interesting challenge given that IHtmlString is new to ASP.NET 4, but ASP.NET MVC 2 is actually compiled against ASP.NET 3.5 SP1. :)
In my last post, I presented a general overview of the CodePlex foundation and talked a bit about what it means to the .NET OSS developer, admittedly without much in the way of details. I plan to fix some of that in this post.
Before I continue, I encourage you to read Scott Bellware’s great analysis of the CodePlex foundation which covers some of the points I planned to make (making my life easier). It’s a must-read to better understand the potential and opportunity presented by the foundation.
There’s one particular point he makes which I’d like to expound upon.
The CodePlex Foundation will bring influential open source projects under its auspices. The details aren't clear yet, but it's reasonable to assume that the foundation will support its projects the way that other software foundations support their projects, with protection for these projects as they are used in corporate and commercial contexts and who knows, maybe even some financial support will be part of the deal.
I talked to Bill Staples recently and he pointed out that The Apache Foundation is one source (among many) of inspiration for the CodePlex Foundation. If you go to the Apache FAQ, you’ll find the answer to the following question, “How does the ASF help its projects?” (emphasis mine)
As a corporate entity, the Apache Software Foundation is able to be a party to contracts, such as for technical services or guarantee-bonds for conferences. It can also accept donations on behalf of its projects, clarifying the associated tax issues, and create additional self-funded services via community-building activities, such as Apache-related T-shirts and user conferences.
In addition, the Foundation provides a framework for limiting the legal exposure of individual volunteers while they work on behalf of one of the ASF projects. In the past, these volunteers have been personally vulnerable to lawsuits, whether legitimate or frivolous, which impaired many activities that might have significantly improved contributions to the projects and benefited our users.
The first paragraph is what I alluded to in my last post, and this is something that the CodePlex Foundation would like to do in the long run, but as I mentioned before, it all depends on the level of participation and sponsorship funding. In an ideal world, the foundation would be able to add some level of funding of projects to this list of benefits for a member project.
The second paragraph is something that the CodePlex Foundation definitely wants to do right off the bat.
This is great news for those of us hosting open source projects. It’s generally not a worry for many small .NET open source projects, but the risk is always there that if a project starts to get noticed, some company may come along and sue the project owner for patent infringement etc. Typical projects may not have any money to go after, but I can imagine a commercial company going after a competing OSS product simply to shutter it.
Assigning your project’s copyright to the CodePlex Foundation would afford some level of legal protection against this sort of thing, similar to the way it works with the Apache Foundation.
One nice thing about the CodePlex Foundation is you have the option to assign copyright to the foundation or license your code to the foundation. I’m not a lawyer so I don’t understand if one provides more legal protection than the other. Honestly, once the foundation starts accepting projects at large, I would want to assign Subtext’s copyright over so that my name doesn’t appear as the big red bulls-eye in the Subtext copyright notice! ;)
And if you’re wondering, “am I losing control over my project by assigning copyright over” you are not. As I wrote in my post Who Owns The Copyright For An Open Source Project (part of my series called the Developer’s Guide To Copyright Law) you’d be assigning it under the open source license of your choice (yes, the CodePlex Foundation is more or less license agnostic. It doesn’t require a specific license to join), which always gives you the freedom to fork it should the foundation suddenly be overtaken by evil Ninjas.
As I said before, many of these details are still being hashed out and I’m guessing some of them won’t be finalized until the final board of directors is in place. But in the meanwhile, I think understanding the sources of inspiration for this new foundation will help provide insight into the direction it may take.
I hope this provides more concrete details than my last post.
UPDATE: Be sure to read my follow-up post on this topic as well.
Yesterday, Microsoft announced some exciting news about the formation of the CodePlex Foundation (not to be confused with CodePlex.com project hosting website despite the unfortunately confusing same name) whose mission is to “enable the exchange of code and understanding among software companies and open source communities”.
This is an 501(c)(6) organization completely independent of Microsoft. For example, search the by-laws for mentions of Microsoft and you’ll find zero. Zilch.
One thing to keep in mind about this organization is that it’s very early in its formation. There was debate on trying to hash out all the details first and perhaps announcing the project some time further in the future, but that sort of goes against the open source ethos. As the main website states (emphasis mine):
We don't have it all figured out yet. We know that commercial software developers are under-represented on open source projects. We know that commercial software companies face very specific challenges in determining how to engage with open source communities. We know that there are misunderstandings on both sides. Our aim is to advance the IT industry for both commercial software companies and open source communities by helping to meet these challenges.
Meeting these challenges is a collaborative process. We want your participation.
I’m personally excited about this as I’ve been a proponent of open source on the Microsoft stack for a long time and have called for Microsoft to get more involved in the past. I remember way back then, Scott Hanselman suggested Microsoft form an INETA like organization for open source as an editorial aside in his post on NDoc.
How does it benefit .NET OSS projects?
However, all is not roses just yet. If you read the mission statement carefully, it’s a very broad statement. In fact, it’s not specific to the Microsoft open source ecosystem, though obviously Microsoft will benefit from the mission statement being carried out.
If you look at it from Microsoft’s perspective, there are many legal and other challenges to participating in open source more fully. While Microsoft has made contributions to Linux, has collaborated closely with PHP, etc. Each time presents a unique set of challenges.
If the foundation succeeds in its mission, I believe it will open the doors for Microsoft to collaborate with and encourage the .NET open source ecosystem in a more meaningful manner. I don’t know what shape that will take in the end, but I believe that removing roadblocks to Microsoft’s participation is required and a great first step.
I’m honored to serve as an advisor to the board. In our first advisory board conference call, my first question asked the question, “what does this mean for those running open source projects on the .NET platform?” After all, while I’m a Microsoft employee by day, I also run an open source project at night and I have my own motivations as such.
I’m happy to see the mission statement take such a broad stance as it seems to be focused on the greater good and not focused on Microsoft specifically, but I am personally interested in seeing more details on why this is good for the open source developer who runs a project on the .NET platform. For example, can the foundation provide something more than moral support to .NET OSS projects such as MSDN licenses or more direct funding?
These are all interesting questions and I don’t know the answers. Microsoft put some skin in the game by seeding the foundation with a million dollars for the first year. The foundation, as an independent organization, will be looking for more sponsors to also pony up money. They will have to find the right balance in how they spend that money so that they can continue to operate. I imagine the answer to these questions will depend in how successful they are in finding sponsors and operating within their budget. As an advisor, I’ll be pushing for more clarity around this.
The full details for what the foundation will do are still being hashed out. The interim board has 100 days to choose a more permanent board of directors. Now is the time to get involved if you want to help make sure it continues in the right direction.
Related Blog Posts From Others