diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/MessagingUtilities.cs | 2 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/Mvc/OpenIdAjaxOptions.cs | 17 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/Mvc/OpenIdHelper.cs | 2 |
3 files changed, 19 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs index 5dccc7a..6a55bc9 100644 --- a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs @@ -875,7 +875,7 @@ namespace DotNetOpenAuth.Messaging { /// by using appropriate character escaping. /// </summary> /// <param name="value">The untrusted string value to be escaped to protected against XSS attacks. May be null.</param> - /// <returns>The escaped string.</returns> + /// <returns>The escaped string, surrounded by single-quotes.</returns> internal static string GetSafeJavascriptValue(string value) { if (value == null) { return "null"; diff --git a/src/DotNetOpenAuth/Mvc/OpenIdAjaxOptions.cs b/src/DotNetOpenAuth/Mvc/OpenIdAjaxOptions.cs index 9956966..4b88d04 100644 --- a/src/DotNetOpenAuth/Mvc/OpenIdAjaxOptions.cs +++ b/src/DotNetOpenAuth/Mvc/OpenIdAjaxOptions.cs @@ -7,8 +7,10 @@ namespace DotNetOpenAuth.Mvc { using System; using System.Collections.Generic; + using System.Globalization; using System.Linq; using System.Text; + using DotNetOpenAuth.Messaging; /// <summary> /// A set of customizations available for the scripts sent to the browser in AJAX OpenID scenarios. @@ -41,6 +43,14 @@ namespace DotNetOpenAuth.Mvc { public int FormIndex { get; set; } /// <summary> + /// Gets or sets the id of the form in the document.forms array on the browser that should + /// be submitted when the user is ready to send the positive assertion to the RP. A value + /// in this property takes precedence over any value in the <see cref="FormIndex"/> property. + /// </summary> + /// <value>The form id.</value> + public string FormId { get; set; } + + /// <summary> /// Gets or sets the preloaded discovery results. /// </summary> public string PreloadedDiscoveryResults { get; set; } @@ -55,5 +65,12 @@ namespace DotNetOpenAuth.Mvc { /// asynchronous authentication of the user for diagnostic purposes. /// </summary> public bool ShowDiagnosticIFrame { get; set; } + + /// <summary> + /// Gets the form key to use when accessing the relevant form. + /// </summary> + internal string FormKey { + get { return string.IsNullOrEmpty(this.FormId) ? this.FormIndex.ToString(CultureInfo.InvariantCulture) : MessagingUtilities.GetSafeJavascriptValue(this.FormId); } + } } } diff --git a/src/DotNetOpenAuth/Mvc/OpenIdHelper.cs b/src/DotNetOpenAuth/Mvc/OpenIdHelper.cs index f276019..193e445 100644 --- a/src/DotNetOpenAuth/Mvc/OpenIdHelper.cs +++ b/src/DotNetOpenAuth/Mvc/OpenIdHelper.cs @@ -151,7 +151,7 @@ window.openid_trace = {1}; // causes lots of messages"; blockFormat, additionalOptions.AssertionHiddenFieldId, additionalOptions.ReturnUrlHiddenFieldId, - additionalOptions.FormIndex); + additionalOptions.FormKey); blockFormat = @" $(function () {{ var box = document.getElementsByName('openid_identifier')[0]; |