Request Validation

[John Comber]

Hi,

I've a simple web form (webform1.aspx) with a text box &
button. The click event of the button appends the value
of the text box to the URL and redirects to
webform2.aspx. This then gets the value of the text box
from the query string.

I'd like to keep validateRequest=true to prevent malicious
input. If the user does enter some invalid text, is there
a way of catching the HttpRequestValidationException
before it bombs out to the browser? I would then like to
inform the user that their input is invalid.

Alternatively, if I set validateRequest=false, is there a
method to call (like
System.Web.HttpRequest.ValidateString) that will do this
so that I can catch any exceptions that are thrown?

Thanks in advance,

Regards
John.

 

[MSFT]

Hi John,

You try the Application_Error method in global.asax. Anyway, I think a
Validator control may be better in this situation. You can choose valid
user input on client side, so that we don't need to return to server; or
you can use Custome Validator to perform the validate on server side and
display proper message to customer. For more information for ASP.NET
validator control, you may refer to:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfsystemwebuiwebcontrolsregularexpressionvalidatorclasstopic.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemWebUIWebControlsCustomValidatorClassTopic.asp

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)