c# - Why *should* we use EventHandler -

-

i hate eventhandler. hate have cast sender if want it. hate have make new class inheriting eventargs use eventhandler<t>.

i've been told eventhandler tradition , blah, blah...whatever. can't find reason why dogma still around.

is there reason why bad idea make new delegate:

delegate void eventhandler<tsender, t>(tsender sender, t args);

that way sender typesafe , can pass whatever heck want arguments (including custom eventargs if desire).

there reason requiring second argument derive eventargs if fully-trusted code hosts third-party code partially-trusted.

because callback event handling delegate done in context of raising code , not third party code, possible malicious third-party code add privileged system operation event handler , potentially execute escalation of privilege attack running code in fully-trusted context partially-trusted context not run.

for example, if declare handler type int -> void third-party code enqueue yourevent += enviroment.exit(-1) , have exit process unintentionally. cause easy-to-detect problem, there far more malicious apis enqueued other things.

when signature (object, eventargs) -> void there no privileged operations in framework can enqueued because none of them compatible signature. it's part of security code review in framework ensure (unfortunately cannot find source read this).

so in circumstances there valid security concerns why should use standard pattern. if you're 100% sure code never used in these circumstances event signature guideline isn't important (apart other developers thinking wtf), if might should follow it.


Comments

Post a Comment

Popular posts from this blog

ASP.NET/SQL find the element ID and update database -

-
basically i've got update query runs when click submit button. i have asp:repeater in page layer inside this <asp:repeater id="dgbookings" runat="server" onitemdatabound="itemdb"> <itemtemplate> <div class="bookingscontent"> <div class="bookingdetails" id="<%# databinder.eval(container.dataitem, "booking_ref") %>"> <p class="infotext"><%# databinder.eval(container.dataitem, "adults") %> <asp:linkbutton onclick="editdetails" text="edit..." runat="server"></asp:linkbutton></p> <p class="infotext"><asp:linkbutton onclick="submitdetails" text="submit..." runat="server"></asp:linkbutton></p> </div> </div> </itemtemplate> <asp:repeater> and outputs ...
Read more

jquery - appear modal windows bottom -

-
i have modal windows in application, work fine <div id="modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="mymodallabel" aria-hidden="true"> but when modal appears, appear top of windows, , want appear bottom the application joomla 3.0! , using template of meet gavern any idea? i found solution i modified de css in bootstrap .modal.fade { top:-25%; -webkit-transition:opacity .3s linear, bottom .3s ease-out; -moz-transition:opacity .3s linear, bottom .3s ease-out; -ms-transition:opacity .3s linear, bottom .3s ease-out; -o-transition:opacity .3s linear, bottom .3s ease-out; transition:opacity .3s linear, bottom .3s ease-out; }
Read more

c++ - Compiling static TagLib 1.6.3 libraries for Windows -

-
i having super hard time compiling , using taglib 1.6.3 in qt project. i've tried can think of. taglib claims supported through cmake i'm not having luck. furthermore, i'm confused kinds of files need qt libs! i've built *.a files, *.lib, , *.dll. understand far... believe since i'm working in windows *.lib want. no matter do, end "undefined references" taglib functions try use when try compile qt project. have tried mingw32, msys, visual studio 2008, , cross-compiling windows on linux. turning nothing. what makes less sense me if compile same taglib source qt on mac (g++ think?) works fine! somewhere in windows compilation procedures have going wrong. have been smacking face on desk 30 (on , off) hours trying figure out. since qt uses mingw must compile taglib same compiler? if compile *.lib's visual studio not compatible? are *.a libraries usable in windows? (assuming mingw) i'm still trying handle on c++ stuff, after reading coun...
Read more