Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: VB7
Expertise: Intermediate
Sep 1, 2003

Input validation in ASP.NET 1.1

ASP.NET 1.1 automatically validates input posted to the server against a list of potentially dangerous strings (the values are hard-coded, unfortunately, it would have been nice to be able to edit this list). For example, by default it prevents the user to submit text that contains "<script>", to protect the site against cross-site scripting attacks. If this default input validation fails, a HttpRequestValidationException exception is thrown. On some occasions, though, you may want to allow the user submit any string input, for example from administration page. To disable the automatic input validation you set to false the ValidateRequest attribute of the @ Page directive, at the top of the page. You can disable the validation for the whole application (although this is not advisable, generally), by setting to false the validateRequest attribute of the <pages> tag in the web.config or machine.config files.
Marco Bellinaso
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date