ValidateRequest="false" and HttpUtility.UrlEncode(Doc.OuterXml)

Discussion in 'ASP .Net' started by CindyH, May 23, 2008.

  1. CindyH

    CindyH Guest

    Hi
    I'm using .net 2.0.
    I am receiving a http post that is sent httpUtility.urlencode(doc.Outerxml).
    Everything works fine and I can receive the post and parse it, but I need to
    set validaterequest="false" or the other side can't post to my side.
    Is setting validaterequest="false" the right way to go?

    Thanks,
    Cindy
     
    CindyH, May 23, 2008
    #1
    1. Advertising

  2. Constraining and validating user input is essential in a Web application to
    prevent hacker attacks that rely on malicious input strings.
    Request validation detects potentially malicious client input and throws
    this exception to abort processing of the request.
    However, if you disable request validation by setting the validateRequest
    attribute in the @ Page directive to false, It is strongly recommended that
    your application explicitly check all inputs.

    For example you should
    1. HTML encode all input from the browser. (You can use Microsoft Anti
    Cross Scripting Library fort this)
    2. Use ASP.NET server validation controls rigorously. Do not rely on client
    validation alone.

    --------------------
    Thank You,
    Nanda Lella,

    This Posting is provided "AS IS" with no warranties, and confers no rights.
     
    Nanda Lella[MSFT], Feb 11, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Klemt
    Replies:
    4
    Views:
    10,349
    mikeb
    Jan 22, 2004
  2. Marc Cardinal

    HttpUtility.UrlEncode security workaround

    Marc Cardinal, Oct 4, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    2,678
    Ken Dopierala Jr.
    Oct 4, 2004
  3. Dario Sala
    Replies:
    1
    Views:
    3,843
    Karl Seguin
    Nov 15, 2004
  4. Matt
    Replies:
    3
    Views:
    539
    Tor Iver Wilhelmsen
    Sep 17, 2004
  5. CindyH
    Replies:
    1
    Views:
    640
    Alvin Bruney [ASP.NET MVP]
    May 14, 2008
Loading...

Share This Page