![]() ![]() They already said they understand what you just posted. Just forgot to mention that you can read the entire article from here which tells you a work around to handle the possible security threat when disabling validation ![]() If you wish to disable request validation for all applications on your server, you can make this modification to To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the section to false: To disable request validation on a page you must set the validateRequest attribute of the Page directive to false:Ĭaution: When request validation is disabled, content can be submitted to a page it is the responsibility of the page developer to ensure that content is properly encoded or processed. The request validation feature of ASP.NET prevents this If the user enters instead of a valid e-mail address, when that data is presented, this script can be executed if the content was not properly encoded. For example, you create a Web page that requests a user’s e-mail addressĪnd then stores that e-mail address in a database. We still strongly recommend that you validate all input data and HTML encode it when appropriate. HTML can be unknowingly submitted to a server, stored, and then presented to other users. This feature is designed to help prevent some script-injection attacks whereby client script code or Request validation, a feature of ASP.NET since version 1.1, prevents the server from accepting content containing un-encoded HTML. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |