July 2005 - Posts - Mr Man's Blog

Search

News

Writing quality code is my passion. Building .Net applications in a professional enviroment is my goal. My hobbies are watching movies, traveling, reading comics, collecting retro consoles and playing computer games. All postings are provided "AS IS" with no warranties, and confer no rights.

Syndication

July 2005 - Posts

Fri, Jul 29 2005 5:55 PM

Avoid the HttpRequestValidationException Exception

To avoid the HttpRequestValidationException Exception you' ll have to set the flag validateRequest in the page directive .

See below:

<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>

Ofcourse there is a downside. When you disable the validation you will have to prevent script injection yourself. Just don't forget to encode your html code and querystrings.

This can be done by using the following code snippet:

For HtmlCode

string safeFormFieldName = Server.HtmlEncode(formFieldName);

For QueryString

string safeQuery = Server.UrlEncode(fulfillmentFormName);

The .NET framework will escape the illegal characters like < ' >. It will replace the character < with <

The browser will correctly interpret the < and decode the character to <.

Posted by Chi Wai Man | 1 comment(s)

Filed under: .NET

Fri, Jul 29 2005 1:50 PM

My First post

Well I finally got my own Blog. This is my first post to say hello:)

Posted by Chi Wai Man | with no comments

Mr Man's Blog