Avoid the HttpRequestValidationException Exception

Search

News

Writing quality code is my passion. Building .Net applications in a professional enviroment is my goal. My hobbies are watching movies, traveling, reading comics, collecting retro consoles and playing computer games. All postings are provided "AS IS" with no warranties, and confer no rights.

Syndication

Avoid the HttpRequestValidationException Exception

To avoid the HttpRequestValidationException Exception you' ll have to set the flag validateRequest in the page directive .

See below:

<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>

Ofcourse there is a downside. When you disable the validation you will have to prevent script injection yourself. Just don't forget to encode your html code and querystrings.

This can be done by using the following code snippet:

For HtmlCode

string safeFormFieldName = Server.HtmlEncode(formFieldName);

For QueryString

string safeQuery = Server.UrlEncode(fulfillmentFormName);

The .NET framework will escape the illegal characters like < ' >. It will replace the character < with <

The browser will correctly interpret the < and decode the character to <.

Published Fri, Jul 29 2005 5:55 PM by Chi Wai Man

Filed under: .NET

Comments

# re: Avoid the HttpRequestValidationException Exception

<html>

Tuesday, October 28, 2008 4:24 PM by gfdgfdg

Title (required)
Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Please add 1 and 5 and type the answer here:

Mr Man's Blog

Search

Tags

News

Syndication

Archives

Avoid the HttpRequestValidationException Exception

Comments

# re: Avoid the HttpRequestValidationException Exception

Leave a Comment