On 19 March 2010 09:26, Richard Carde <[email protected]> wrote: > It's Friday... > > On 16 Mar 2010, at 22:24, Jonathan Parker <[email protected]> > wrote: > > Keep a lookout for Umbraco 5 as well as this is going to be written in > <http://ASP.NET>ASP.NET MVC. > > > I see this a fair bit and wonder... "If ASP.NET MVC came out first, would > people now be saying 'going to be [re-]written in ASP.NET Web Forms'"? > *shudder* > > It's new... it must be better? > > I understand the benefits of MVC (or, more realistically, not using the > abuse of HTML & HTTP that is WebForms) as I have a classic ASP background > and good understanding of the protocols used on the Interwebs, but it just > seems like people jump on the latest and greatest without understanding what > that brings (good and bad). More XSS, etc. perhaps? Dunno. > > I know MVC has some helpers to properly encode output and that's great > providing you know how/when/why one uses them. Same goes for outputting into > strings used by JavaScript - watchout for the apostrophes and backslashes > etc. >
I think most people jumping on the MVC bandwagon are doing so because it is new (well, new for .NET developers anyway) rather than any sort of critical analysis of why it is better - BUT - that does not mean it is worse. :) I swore off web.forms when I first clapped eyes on to it and we have a couple of frameworks we've been using over the years in lieu of it. That said, there is a lot of design-goal similarity between ASP.NET MVC and our own frameworks - so much so that I'm considering retiring our own stuff in favour of MVC. I did see some features mentioned in MVC 2 along the lines of client-side model validation which made my cringe - but I've not looked at ASP.NET MVC 2.0 close enough to know whether it has been wrecked by VB programmers. As you say, web.form is rubbish. It was designed by idiots who were trying to map an event-driven vb/vba view of the world onto the Internet where the underlying technology fundamentally does not work that way. I tend to think Google has probably achieved what web.forms attempted to with GWT however if you're worried about *reach* then you would touch neither web.forms or GWT. A case in point, I tried to sign up to Windows Phone Marketplace yesterday: http://developer.windowsphone.com/Default.aspx The register button just produced a script error in all browsers. I wonder how many attempted registrations failed as a result? What is the value of all of the web.forms crap behind the scenes? Nothing. Just more complexity that gets in the way of the primary function of the application so someone can do a demo to show that nitwits can build web sites like VBA. They COULD have just build a <FORM> that captured the leads and worked in everything (including Lynx :) but the people who chose the technology for that site were either clueness or had NFI about the primary mission (capturing leads for potential developers being critical at a time when Win Mo is tanking in the marketplace). > <sarcasm>Thank goodness ASP.NET traps 'dodgy' characters like < and > in > user supplied data</sarcasm> > Yup. It is really a very big worry when people writing the framework can be so fundamentally stupid as to think that avoiding XSS issues is a function of input, not output. -- David Connors ([email protected]) Software Engineer Codify Pty Ltd - www.codify.com Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
