Thursday, May 21, 2015

.ClientVisible versus .Visible for DevExpress controls

The .Visible does what .Visible does for regular ASP.NET web forms controls in that true is the default and causes no effect while false hides the control outright and ensures that not even a ghost of a control makes its way up into the HTML that gets rendered out. The audience beyond anyone who can see the .aspx markup and C# code behinds gets no inclination that the control exists. In the .ClientVisible implementations however the false state just decorates the control with a display:none; style to hide it from view, but the control is still there if you look at the HTML rendered out and values will still be passed from the controls. A hacker should be able to hack these controls into passing values other than their defaults.

No comments:

Post a Comment