×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

can't agree with you

本文发表在 rolia.net 枫下论坛>>> viewstate的好处很明显,坏处我抄了几段在下面。一个东西即有好处又有坏处,又不是必须要用的,就选择不用了。Web forms对初学者还能省点时间,有几年经验后就因该觉得web forms model既不能省时间,也没品质。

1) Being good or bad depends on what kind of application you are going to develop. The technical solution should be requirement-oriented. I don't think there is a universal criteria. There is no so-called good technology, but there is good solution. For tons of applications, Web Forms or ASP.NET can save significant efforts v.s. classic ASP.

Actually ViewStates (no matter what you call it) are the things you have to deal with when you are developing web app, either you take use of MS's or implement on your own. Personally I won't invent the wheels again or I have to admit I can't invent a better wheel than MS's.

>>> it adds few Kbytes to the page. This effects the loading of the page in the client.
放个dategrid,load 点数据,postback,然后看sourcecode,viewstate占了90-99%,也就是说viewstate把页面变大了10倍到100倍,关这个点够头痛了

2) Again, that depends on the requirements. Is it an Internet or Intranet app? Do clients have high speed access? How good is the server configuration? Should all conditions permit, the size of client HTML (containing viewstates) is not a problem.

A few KBs for most of today's environments are just NOTHING.

Moreover, it's supported to store the viewstates in server side storage, other than the client-side, as long as you have enough memory and processor capacity. That can significantly reduce the client-side page size and avoid the browser limitation.

>>> it is passed as plain text to the client. Anybody can tamper this value, because of this you shouldnt store any important data in the viewstate.

3) To avoid this, you can either a) override viewstates persistence process to encrypt the critical info or b) like above said, store the viewstates in server-side.

Finally, I would like to say it's always good to share some ideas, but not in a criticizing way.更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / 一个简单而复杂的 asp.net 问题
    其实很简单:

    一个 textbox, text = "test"
    一个 linkbutton (or anything else), onclick 是一个 javascript,用 getElementsByTagName("INPUT") 把所有的 input 的 value 设为空
    一个 button 用来 postback

    当我点 linkbutton, javascript 会清空那个 textbox,然后我用 button postback,就会触发 TextChange , 我可以在 Button_Click 里用
    Response.Write(TextBox1.Text)
    写出一个空值

    问题就是,如果 textbox 是只读的,就是 readonly, 上述的就不会发生。
    比如 textbox 里面的 text 是 "test",我点 linkbutton 清空, 点 button postback, 写出来的不是空值,而是 "test"


    这个算不算微软的 bug ?

    有什么可能我在只读的状态清空后,postback 得到的是空值呢?

    用处: 一个表格,其中一个 textbox 不希望用户自己输入,而是通过一个 popup page 去 assign value, 所以需要设置 textbox readonly。 但是仍然希望可以提供一个 clear 的选项给用户
    • should first check page if it is postback, then ....
      • no, this actually has been reported to microsoft previously
        readonly textbox value cannot be post back

        to work around it, instead of setting TextBox.ReadOnly = true,
        using TextBox.Attribute["readonly"] = "readonly"

        kind of weird, but works
        • I *guess* the server-side ReadOnly property kind of persists the value in viewstates and doesn't let it refresh from postback, while Attribute["readonly"] just simply passes to client as HTML attribute setting.
    • 试一下: 把textbox的readonly改为disabled. 这样看上去readonly但你可以用javascript操作它. 我最近这样的事做了不少.我用是ASP,还没到.net. 但HTML,javascript的东西都是一样的. 有什么问题可以交流.
      • 其实我上面找到的那个 ms lab 的link里面已经解释了这个issue,那里有好几个work around,你说的可以是一种,不过disable会改变textbox feel,所以我用了另外一种solution
    • 现在的web develper都不需要懂HTML,Javascript就可以干活了,微软真是有本事。
      • what the hell do u mean? when I was working on web development, u might not start coding yet! on the other hand, it's apparently not a javascript issue, it's a server-side behavior.
        • 我不太写Code了,我只是想说aspx里最好只有一行code,C# 里别有if(Page.ispostback),不然只是入门级.Net web developer
          • u totally lost me, I guess u have no idea what I was discussing
            ReadOnly is a server-side property, in ASP.NET 2.0, MS changed the behavior to handle readonly textbox. That's why we have to use client-side script to make a readonly textbox to workaround.

            I don't know what the heck u want to say now
          • Would you detail your seond part of the comments? Why is that?
          • 我也觉的我没说清楚,不过要说清因该要很多篇幅,简单的说说吧,请进
            就提几个问题当作启发吧:

            1. viewState
            这个东西在稍微大点的项目里因该都会被明文禁止,在web.config里关了后,尝试完成以前postback self的功能,这样是不是不用那么在乎server behavior

            2. 假设楼主做的页面是10000个这样的button ,link ,也这样写吗

            3. 要是这个项目被突然要求改为PHP了怎么办
            • interesting, I am working on a framework, which is a control that will be used by over 10000 pages, u don't need to worry about that. for ViewState point
              you can't avoid that when you need to maintain custom server controls, coz you need to keep track with many properties, read a book please.

              there many things u have to understand server behavior, especially when you are building many custom controls, you have to know what's the event life cycle, know when and what thing will happen, so that how to bind the data

              if the project is changed to PHP? Haha, that's really a joke, It's so irrelevant to the original issue., in that case, u have to fire your project manager or BA. How come they don't understand a customer's need and budget, how come a customer will change such a huge project to a totally different platform in the middle?


              anyway, it seems none of your point is about the original issue, what r u doing here actually?
              • 本文发表在 rolia.net 枫下论坛- you can't avoid that when you need to maintain custom server controls, coz you need to keep track with many properties, read a book please.
                在web.config,加<page enableviewstate=false...不就可以避免了吗。你说的不可避免是说如果不用Web form model你就不会写web app了,是吗。所以我说用postback的都是入门级水平

                there many things u have to understand server behavior, especially when you are building many custom controls, you have to know what's the event life cycle, know when and what thing will happen, so that how to bind the data
                你是觉的1万太多了,不可能,那就20,照你现在的方法做,你不觉的有点累吗。

                if the project is changed to PHP? Haha, that's really a joke, It's so irrelevant to the original issue., in that case, u have to fire your project manager or BA. How come they don't understand a customer's need and budget, how come a customer will change such a huge project to a totally different platform in the middle?
                有些项目是别人让你做,有些是你做完了,你们公司去卖,碰到个客户说他们想买,但是他们只有Linux,管理员不懂microsoft的东西,你说你们公司会不做这笔生意吗。你的老板问你该怎么办,首先你说这是个笑话,然后建议开除设计的人,你觉的你可笑吗。

                anyway, it seems none of your point is about the original issue, what r u doing here actually?
                我都解释了,你觉的有道理吗。更多精彩文章及讨论,请光临枫下论坛 rolia.net
                • 完全没有道理
                  首先,本公司不卖软件,只 customization & outsourcing,所以做一套算一套,你说的那套logic完全不 apply

                  我不明白你说什么20万太多太少,u see, the stuff I was talking about is a web control, which can be used by everything, who the hell cares how many pages, in fact, I believe there are already over 20 thousands user controls are using it

                  谁不知道那个 web.config 的设定,问题是你根本不知道我在做一个什么项目就七嘴八舌的评论,一这是一个非常大的 project,根本不是一个简单 web app,不可能禁止了 viewstate,我们自定义的控件就超过几百个。

                  什么叫 postback 就入门级了,哈哈,真逗,难道现在规定所有的页面只能用 ajax 来 submit,多年以前无论 cgi 还是 servlet ,点一个 button 页面刷新那个就叫做 postback,难道只有你是大师级了吗?
            • i don't get it - why "(viewstate)这个东西在稍微大点的项目里因该都会被明文禁止"? under what kind of specific circumstances?
              • Viewstate has lots of advantages and as well as disadvantages。
                本文发表在 rolia.net 枫下论坛viewstate的好处很明显,坏处我抄了几段在下面。一个东西即有好处又有坏处,又不是必须要用的,就选择不用了。Web forms对初学者还能省点时间,有几年经验后就因该觉得web forms model既不能省时间,也没品质。

                it adds few Kbytes to the page. This effects the loading of the page in the client.
                放个dategrid,load 点数据,postback,然后看sourcecode,viewstate占了90-99%,也就是说viewstate把页面变大了10倍到100倍,关这个点够头痛了

                it is passed as plain text to the client. Anybody can tamper this value, because of this you shouldnt store any important data in the viewstate.


                View state is one of the most important features of ASP.NET, not so much because of its technical relevance, but more because it makes the magic of the Web Forms model possible.

                However, if used carelessly, view state can easily become a burden. Although ViewState is freely accessible in a hidden field called __VIEWSTATE, the view state information is not clear text. By default, a machine-specific authentication code is calculated on the data and appended to the view state string. The resulting text is then Base64 encoded only, but not encrypted. In order to make the view state more secure, the ASP.NET @Page directive supports an attribute called EnableViewStateMac whose only purpose is detecting any possible attempt at corrupting original data.更多精彩文章及讨论,请光临枫下论坛 rolia.net
                • 如果你一定要那么 picky,viewstate 的坏处我闭着眼都能讲出一大堆,ASP.NET 2.0 或者 WFX 的坏处也是随手可来
                  问题是,所有的 framework 目的都是在于 productivity ,都是靠牺牲 performance 来提高 maintenance, scalability 和 extensibility,我很怀疑你是否真的是一个所谓“大师级”的web app developer or consultant, whatever you name yourself,java 的 framework 也一样有这样的毛病, RUBY 又何尝不是?

                  所以,如果一个公司决定要用一个技术,是 compromise 而不是 refuse to use its feature and then tell urself u r doing the correct thing
                • can't agree with you
                  本文发表在 rolia.net 枫下论坛>>> viewstate的好处很明显,坏处我抄了几段在下面。一个东西即有好处又有坏处,又不是必须要用的,就选择不用了。Web forms对初学者还能省点时间,有几年经验后就因该觉得web forms model既不能省时间,也没品质。

                  1) Being good or bad depends on what kind of application you are going to develop. The technical solution should be requirement-oriented. I don't think there is a universal criteria. There is no so-called good technology, but there is good solution. For tons of applications, Web Forms or ASP.NET can save significant efforts v.s. classic ASP.

                  Actually ViewStates (no matter what you call it) are the things you have to deal with when you are developing web app, either you take use of MS's or implement on your own. Personally I won't invent the wheels again or I have to admit I can't invent a better wheel than MS's.

                  >>> it adds few Kbytes to the page. This effects the loading of the page in the client.
                  放个dategrid,load 点数据,postback,然后看sourcecode,viewstate占了90-99%,也就是说viewstate把页面变大了10倍到100倍,关这个点够头痛了

                  2) Again, that depends on the requirements. Is it an Internet or Intranet app? Do clients have high speed access? How good is the server configuration? Should all conditions permit, the size of client HTML (containing viewstates) is not a problem.

                  A few KBs for most of today's environments are just NOTHING.

                  Moreover, it's supported to store the viewstates in server side storage, other than the client-side, as long as you have enough memory and processor capacity. That can significantly reduce the client-side page size and avoid the browser limitation.

                  >>> it is passed as plain text to the client. Anybody can tamper this value, because of this you shouldnt store any important data in the viewstate.

                  3) To avoid this, you can either a) override viewstates persistence process to encrypt the critical info or b) like above said, store the viewstates in server-side.

                  Finally, I would like to say it's always good to share some ideas, but not in a criticizing way.更多精彩文章及讨论,请光临枫下论坛 rolia.net
                  • exactly, I really doubt if that guy can call himself understand viewstate or not
                    如果一个 datagrid is sorted,然后 page,结果还是 sorted 的

                    在新的 asp.net 里,就是通过 viewstate 来完成的,并不是象以前那样重新 query 然后 position

                    至于 viewstate size,有很多方法 avoid,包括 serverside viewstate 等等
            • viewstate很灵活,说禁止viewstate,那是不懂。 微软在网页放的这些垃圾,是asp.net的基础,没有它们,asp.net就没有那么强大,易用了。
      • 正是如此。下一步,将消灭desktop application和web (client) application 的区别。
      • HTML, JS还是要知道一点的,可以起到画龙点睛的效果
    • That is almost the same problem I had recently.. its a bug on DotNet 2.0. If you use DotNet 1.x. "readonly" textbox on postback works perfectly. There is way to work around it.
      • yes yes, already fixed it after I post it a short while later, I have the same URL in the above reply. thanks though.
        • other than your indicated workaround, i think if you use a (server-side) hidden field to actually store user's input and be posted back to server, that will work too.