Let’s say I have the following selectlist (Countries) in a ViewModel: //.. private static

Question

0

Asked: May 16, 20262026-05-16T07:00:44+00:00 2026-05-16T07:00:44+00:00

Let’s say I have the following selectlist (Countries) in a ViewModel: //.. private static

0

Let’s say I have the following selectlist (Countries) in a ViewModel:

//..
private static string[] _countries = new[] {
"USA",
"Canada",
"Japan"
};
//...
SelectList Countries = new SelectList(_countries, dinner.Country);
//...

And I render a dropdown list in the following fashion:

<%: Html.DropDownListFor(m => m.Dinner.Country, Model.Countries) %>

I noticed that using firebug, I can inject my own values into the DropDownList and that value may be inserted into the database.

What is the best way to validate that there are no injected values (preferably a DRY method)?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T07:00:44+00:00

Editorial Team

2026-05-16T07:00:44+00:00Added an answer on May 16, 2026 at 7:00 am

I would recommend taking advantage of DataAnnotations and create your own custom validation attribute.

This provides a way to encapsulate your validation logic (satisfying your DRY requirement), and will be applied server-side (preventing html manipulations like the one you described).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Let’s say I have the following selectlist (Countries) in a ViewModel: //.. private static

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply