disabling ValidateRequest for one textbox

A

Andy Fish

Hi,

I have one textbox on the form that needs to have ValidateRequest disabled,
but it seems that it can only be enabled/disabled at a page level.

assuming I have to disable it at for the whole page, how can I invoke
ValidateRequest functionality for the other text boxes individually? I was
looking for some kind of method on I can call that says "validate this
control as if ValidateRequest were true" or a function "would this string
pass ValidateRequest"

TIA

Andy
 
P

Peter Blum

Microsoft has not built a field-by-field capability into ValidateRequest. In
fact, their code for validation is not "public" (its an internal class). So
its simply not available.

I built a far more aggressive system to protect against Cross Site Scripting
and SQL Injection attacks that you may want to investigate. "Visual Input
Security" (http://www.peterblum.com/vise/home.aspx) provides validators that
can be assigned to individual controls and detect script attacks.

An example of being more aggressive: It lets you define a list of HTML tags
that you want to permit on a field and will still block those tags when
illegal javascript is also embedded in them.

--- Peter Blum
www.PeterBlum.com
Email: (e-mail address removed)
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx
 
A

Andy Fish

Thanks peter, I can't blame you for advertising your toolkit which I'm sure
is excellent, but I found a simple way to invoke the microsoft request
validation: details below for anyone who has the same problem.

download Lutz Roeder's reflector and decompile the class
System.Web.CrossSiteScriptingValidation, then past the code into your own
class. Then you can call IsDangerousString on any text field you want to
validate. I was going to post the source here but that might mean some
people would miss out on using this fantastic tool.

Some caveats for anyone who wants to do it this way:

1. you must remove null characters from the string before calling the
validation, otherwise you could fall foul of a known IE vulnerability (see
the source for HttpRequest.ValidateString).

2. if a new version of the framework comes out with improvements to the
validation, you'll need to recreate your class

3. decompiling and reusing the source might contravene your licence
agreement for using the framework (IANAL)

Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ValidateRequest Issues 0
Button enabling before all inputs are filled and disabling when all inputs are filled 1
ValidateRequest 1
@Page validateRequest And UserControls 4
validateRequest ="false" for single control or on demand for page? 0
Loop through record in datareader in aspx for textbox other item 1
Using ValidateRequest 0
*WITHOUT* using: ValidateRequest="False" for the whole page (or my whole site).... 2

Members online

No members online now.
Total: 43 (members: 0, guests: 43)
Robots: 208

Forum statistics

Threads
473,763
Messages
2,569,562
Members
45,039
Latest member
CasimiraVa

Latest Threads

Top