ValidateRequest="false" and HttpUtility.UrlEncode(Doc.OuterXml)

C

CindyH

Hi
I'm using .net 2.0.
I am receiving a http post that is sent httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need to
set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy
 
N

Nanda Lella[MSFT]

Constraining and validating user input is essential in a Web application to
prevent hacker attacks that rely on malicious input strings.
Request validation detects potentially malicious client input and throws
this exception to abort processing of the request.
However, if you disable request validation by setting the validateRequest
attribute in the @ Page directive to false, It is strongly recommended that
your application explicitly check all inputs.

For example you should
1. HTML encode all input from the browser. (You can use Microsoft Anti
Cross Scripting Library fort this)
2. Use ASP.NET server validation controls rigorously. Do not rely on client
validation alone.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

httputility.urlencode(doc.outerxml) as a http post 1
ValidateRequest 1
validateRequest can't be set to false when deploying with aspnet_compiler.exe 0
ValidateRequest Issues 0
ValidateRequest 2
How to return boolean true and false 3
validateRequest doesn't work 1
what's wrong with xml post code? 2

Members online

Total: 76 (members: 1, guests: 75)
Robots: 233

Forum statistics

Threads
473,982
Messages
2,570,186
Members
46,739
Latest member
Clint8040

Latest Threads

Top