Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

Tip of the Day
Language: VB7
Expertise: Intermediate
Sep 1, 2003



How to Help Your Business Become an AI Early Adopter

Input validation in ASP.NET 1.1

ASP.NET 1.1 automatically validates input posted to the server against a list of potentially dangerous strings (the values are hard-coded, unfortunately, it would have been nice to be able to edit this list). For example, by default it prevents the user to submit text that contains "<script>", to protect the site against cross-site scripting attacks. If this default input validation fails, a HttpRequestValidationException exception is thrown. On some occasions, though, you may want to allow the user submit any string input, for example from administration page. To disable the automatic input validation you set to false the ValidateRequest attribute of the @ Page directive, at the top of the page. You can disable the validation for the whole application (although this is not advisable, generally), by setting to false the validateRequest attribute of the <pages> tag in the web.config or machine.config files.
Marco Bellinaso
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date