C
cummings695
I have the validateRequest set to true in the web config. I have
written my own iHTTPHandler class and configured the web.config to use
it for all requests to app.aspx. when I try to navigate to that page
with a parameter of xss=<xssmc> the request is processed wothout an
issue. If I try the same parameter on a page that is not handled by my
class, an exception is thrown saying that there is a potentialy harmful
request. I have found that if I call to the request objects
ValidateInput method in my handler, I will get the same exception when
I access the request parameters. Am I correct in thinking the default
aspx handler call this method also. I have searched using reflector but
I cannot find a call to the ValidateInput method anywhere in the
System.Web assembly...
TIA..
written my own iHTTPHandler class and configured the web.config to use
it for all requests to app.aspx. when I try to navigate to that page
with a parameter of xss=<xssmc> the request is processed wothout an
issue. If I try the same parameter on a page that is not handled by my
class, an exception is thrown saying that there is a potentialy harmful
request. I have found that if I call to the request objects
ValidateInput method in my handler, I will get the same exception when
I access the request parameters. Am I correct in thinking the default
aspx handler call this method also. I have searched using reflector but
I cannot find a call to the ValidateInput method anywhere in the
System.Web assembly...
TIA..