6

I am trying to understand what are the main differecnes between using [DataType(DataType.EmailAddress)] & [EmailAddress].

inside a model class:-

public class MYViewModel {
[DataType(DataType.EmailAddress)] OR [EmailAddress]
public string Email { get; set; }

i did a test and the two attributes will do the following:-

  1. will prevent users from adding invalud email address

  2. will display the value as "EmailTo:..."

but i can not find any differences in respect to the functionality , of course if i use html.TextboxFor then the Datatype will not have any effect, while if i use html.EditorFor then the Datatype data annotation will work,, but i am talking about the differences in respect to the technical implementation ?

John John
  • 1
  • 72
  • 238
  • 501
  • 1
    [This post](http://stackoverflow.com/a/21655092/304683) should be very helpful. The former "works" with `EditorFor` _client side_ (html5 `email` field), the latter is newer and also does server side model validation. – EdSF Oct 11 '14 at 17:15
  • so both will do server side validation ? – John John Oct 11 '14 at 21:19
  • and also both will do a validation to prevent invalid email address.. although as Per the MSDN, DataType attributes are used primarily for formatting and not validation,... so no tsute if MSDN is not talking about Datatype.EmailAddress since it will do validation alos ?? can u advice? – John John Oct 11 '14 at 21:22

1 Answers1

6

Hope this clarifies...

As you noted, DataType attributes are primarily used for formatting, not validation. The reason it seems to work is:

  • @Html.EditorFor renders the HTML5 <input type="email" .... which defers to the client/browser to do validation. If the browser complies, then client side validation occurs. It will "work" because the client validated it for you (this is not server side validation however)

You can test it by changing @Html.EditorFor to @Html.TextBoxFor in your view, which will render the input field as <input type="text" ...> (a standard text input field, not HTML5 email).

Sample Test

Given a model with something like this:

public class User
{
    [Required(ErrorMessage = "Email must be provided")]
    [DataType(DataType.EmailAddress, ErrorMessage = "this doesn't do email format validation")]        
    [EmailAddress(ErrorMessage = "Not a valid Email")] //Comment un-comment to see effect
    public string EmailAddress { get; set; }

    [Required(ErrorMessage = "Name must be provided")]        
    public string Name { get; set; }
}

A view using @Html.TextBoxFor instead of @Html.EditorFor to take out HTML5 client side validation in your test:

@Html.TextBoxFor(model => model.EmailAddress,....

And a controller like so:

public ActionResult CheckUser(User user)
{
    ViewBag.Foo = string.Empty;
    if(Request.HttpMethod == HttpMethod.Post.ToString())
    {
        ViewBag.Foo = ModelState.IsValid ? "User Model validated" : "Failed Model Validation";
    }
    return View();
}

If you:

  1. comment out [EmailAddress] attribute, leaving only [DataType(DataType.EmailAddress)] your model is valid with any text (no email format validation)
    • if you put "foo" your model is "valid", no error message.
  2. leave it in, you will get "server side" email format validation
    • if you put "foo", it will fail and the "Not a valid Email" error message is displayed

Hth...

EdSF
  • 11,753
  • 6
  • 42
  • 83
  • so in this way Datatype in general will never do server side validations , is this correct ? and i can not rely on client side validation becuase hackers can bypass client side validation and submit wrong vales to the server. So that why the MSDN link mentioned that Datatype should not be used for validation ?? is this correct ? – John John Oct 13 '14 at 00:58
  • 1
    @johnG you don't rely on _client side_ for validation in any case :) "Never trust client". Not restricted to "hackers" - e.g. older browsers that don't do HTML5 validation, user settings, etc. – EdSF Oct 13 '14 at 13:19