ValidateRequest="false" and HttpUtility.UrlEncode(Doc.OuterXml)

[CindyH]

Hi
I'm using .net 2.0.
I am receiving a http post that is sent httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need to
set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy

 

[Nanda Lella[MSFT]]

Constraining and validating user input is essential in a Web application to
prevent hacker attacks that rely on malicious input strings.
Request validation detects potentially malicious client input and throws
this exception to abort processing of the request.
However, if you disable request validation by setting the validateRequest
attribute in the @ Page directive to false, It is strongly recommended that
your application explicitly check all inputs.

For example you should
1. HTML encode all input from the browser. (You can use Microsoft Anti
Cross Scripting Library fort this)
2. Use ASP.NET server validation controls rigorously. Do not rely on client
validation alone.