dcsimg
Login | Register   
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Tip of the Day
Language: VB7
Expertise: Intermediate
Sep 1, 2003

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps


Input validation in ASP.NET 1.1

ASP.NET 1.1 automatically validates input posted to the server against a list of potentially dangerous strings (the values are hard-coded, unfortunately, it would have been nice to be able to edit this list). For example, by default it prevents the user to submit text that contains "<script>", to protect the site against cross-site scripting attacks. If this default input validation fails, a HttpRequestValidationException exception is thrown. On some occasions, though, you may want to allow the user submit any string input, for example from administration page. To disable the automatic input validation you set to false the ValidateRequest attribute of the @ Page directive, at the top of the page. You can disable the validation for the whole application (although this is not advisable, generally), by setting to false the validateRequest attribute of the <pages> tag in the web.config or machine.config files.
Marco Bellinaso
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date