Arjan's World: Default Input Validation In ASP.NET
You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Friday, April 21, 2006

Default Input Validation In ASP.NET

Working with a Context.Handler I tried to input HTML comments from page1 to page2. This was before I added any validation controls whatsoeve.Didn't expect the following run-time error:

A potentially dangerous Request.Form value was detected from the client (txtValue="<b>bla!</b>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

A nice way to prevent malicious input just in case you forgot (eh, ..?) to do any validation. Must be a no-brainer to you but for me this was the first time I noticed this....


Post a Comment

<< Home