Hi Ben,
As for the "RequestValidation" setting, it is controlled by @Page
directive(validateRequest attribute). Also, we can programmtically enable
RequestValidation through the "HttpRequest.ValidateInput" method. e.g.
======in global.asax=========
void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Request.ValidateInput();
}
=========================
However, the above approaches only utilize the built-in validation code
logic, and the ASP.NET framework doesn't allow user to customize the
validation logic. If you do want to perform custom validation on the
ASP.NET request's data collection, you can consider the following options:
1. Turn all request validation on the whole page request, and perform
individual validation on the input fields in the web page. For example, we
can use validation control to validate TextBox controls.
#How To: Use Regular Expressions to Constrain Input in ASP.NET
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000001.asp?frame=tr
ue
2. We can do the request validation ourselves completely. The following
msdn article has demonstrated how to implement own request validation in
ASP.NET 1.0(which doesn't support validateRequest naturally). You can
reference to its code logic.
#Adding Cross-Site Scripting Protection to ASP.NET 1.0
http://msdn.microsoft.com/library/en-us/dnaspp/html/ScriptingProtection.asp?
frame=true
Hope this helps.
Regards,
Steven Cheng
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
