Do sites like Stackoverflow or asp.net use validateRequest= "false" at their page directive? If "Yes" then how they are checking the user input and if "NO" then how they are able to postback the data ?
How to validate data when validateRequest is set to "false"
835 views Asked by Zerotoinfinity At
1
The main things Validate Request is looking for are < and > characters, to stop you opening your site up to malicious users posting script and or HTML to your site.
Answer to the second question When ValidateRequst="false"
When request validation is disabled, content can be submitted to a page; it is the responsibility of the page developer to ensure that content is properly encoded or processed
For the encoding data : Content can be easily HTML-encoded on the server using the
Server.HtmlEncode(string)
API. Content can also be easily HTML-decoded, that is, reverted back to standard HTML using theServer.HtmlDecode(string
) method.