About validateRequest -- asp.net

Benny
2/19/2004 11:29:12 PM

Hello Experts,

If the contents of a text box containing a html tag like formmated
characters, i.e. <hello>, and if the validateRequest is set to true, it
gives an error when post back: A potentially dangerous Request.Form
value was detected from the client. Just wondering what are the
drawbacks if the validateRequest is set to true? Under what situations
should the validateRequest set to true or false?

Thanks,

Benny

*** Sent via Developersdex http://www.developersdex.com ***

Websoftwares NO[at]SPAM Hotmail.com
2/20/2004 5:50:38 AM

Setting validateRequest to true will incur additional processing for
each request. However, I think this cost is minimal considering that
it will reduce the risk of your web application from attacks such as
cross-site scripting and SQL Server injection. I think this feature
should always be turned on for all types of web application.

In ASP.NET 1.0, we had to write code to perform these types of
validations manually, so it is nice to see that ASP.NET 1.1 has this
feature build in.

Tommy,

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about asp.net

asp.net : About validateRequest