How to validate data when validateRequest is set to "false"

835 views Asked by At

Do sites like Stackoverflow or asp.net use validateRequest= "false" at their page directive? If "Yes" then how they are checking the user input and if "NO" then how they are able to postback the data ?

1

There are 1 answers

4
Pranay Rana On BEST ANSWER

The main things Validate Request is looking for are < and > characters, to stop you opening your site up to malicious users posting script and or HTML to your site.

Answer to the second question When ValidateRequst="false"

When request validation is disabled, content can be submitted to a page; it is the responsibility of the page developer to ensure that content is properly encoded or processed

For the encoding data : Content can be easily HTML-encoded on the server using the Server.HtmlEncode(string) API. Content can also be easily HTML-decoded, that is, reverted back to standard HTML using the Server.HtmlDecode(string) method.