I have a view model for editing a users settings. One of its properties is defined as
<Display(Name:="View_User_Profile_Language", ResourceType:=GetType(Resources.UIText))>
Public Property Language As String
And in the view, I use it like this:
<%: Html.LabelFor(Function(m) m.UserInfoForm.Language) %>
<%: Html.DropDownListFor(Function(m) m.UserInfoForm.Language,
languages.Select(Function(lang) New SelectListItem With {
.Text = New Globalization.CultureInfo(lang).NativeName,
.Value = lang,
.Selected = (Model.UserInfoForm.Language = lang)
}))%>
<%: Html.ValidationMessageFor(Function(m) m.UserInfoForm.Language)%>
Where languages
is a list of strings defined in the view e.g. "en", "fr", "de"
The problem is that the user can submit a value that is not inside the drop down list (e.g. with javascript, inspect element or not use a browser e.g. fiddler)
How do you validate the selected item, ensuring that it exists in the drop down list?
I am aware of validation attributes such as <StringLength>
and <Required>
, and I use If ModelState.IsValid Then
in the action. Is there a ready made attribute stating where the validator should look for a list of allowed values?
Thanks for reading