About validateRequest

  • Thread starter Thread starter Benny
  • Start date Start date
B

Benny

Hello Experts,

If the contents of a text box containing a html tag like formmated
characters, i.e. <hello>, and if the validateRequest is set to true, it
gives an error when post back: A potentially dangerous Request.Form
value was detected from the client. Just wondering what are the
drawbacks if the validateRequest is set to true? Under what situations
should the validateRequest set to true or false?

Thanks,

Benny
 
Setting validateRequest to true will incur additional processing for
each request. However, I think this cost is minimal considering that
it will reduce the risk of your web application from attacks such as
cross-site scripting and SQL Server injection. I think this feature
should always be turned on for all types of web application.

In ASP.NET 1.0, we had to write code to perform these types of
validations manually, so it is nice to see that ASP.NET 1.1 has this
feature build in.

Tommy,
 
Back
Top