What characters are allowed by validateRequest page directive?

Discussion in 'ASP .Net Security' started by Ken Sturgeon, Jun 11, 2007.

  1. Ken Sturgeon

    Ken Sturgeon Guest

    I've seen several articles that indicate that if the page directive
    validateRequest="True" (shown below) that the user input is validated
    against a hard coded list of characters. What I cannot find is any
    documentation that shows the hard coded list of characters. Does anyone know
    where I can find this list or know exactly what's in the list?

    <% @ Page validateRequest="True" %>


    Thanks

    -- Ken Sturgeon
     
    Ken Sturgeon, Jun 11, 2007
    #1
    1. Advertising

  2. well - besides having a look with reflector -

    it is mostly

    < followed by a-z

    and

    < followed by #

    there is a third one i forgot.


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I've seen several articles that indicate that if the page directive
    > validateRequest="True" (shown below) that the user input is validated
    > against a hard coded list of characters. What I cannot find is any
    > documentation that shows the hard coded list of characters. Does
    > anyone know where I can find this list or know exactly what's in the
    > list?
    >
    > <% @ Page validateRequest="True" %>
    >
    > Thanks
    >
     
    Dominick Baier, Jun 11, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tascien

    validateRequest directive

    Tascien, Feb 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    359
    Tascien
    Feb 17, 2004
  2. Tim Zych
    Replies:
    2
    Views:
    25,691
    Tim Zych
    May 16, 2004
  3. Phil Winstanley [Microsoft MVP ASP.NET]

    Re: validateRequest=&quot;false&quot; not working in web.config or page directive

    Phil Winstanley [Microsoft MVP ASP.NET], May 16, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    659
    Phil Winstanley [Microsoft MVP ASP.NET]
    May 16, 2004
  4. Andy Fish
    Replies:
    1
    Views:
    242
    Andy Fish
    Oct 27, 2004
  5. Iñaki Baz Castillo
    Replies:
    13
    Views:
    556
    Iñaki Baz Castillo
    May 1, 2011
Loading...

Share This Page