What is the use of ValidateRequest attribute in the Page directive?

 Posted by Ddd on 2/8/2011 | Category: ASP.NET Interview questions | Views: 10850 | Points: 40

It is used to reduce the risk of cross-site scripting attacks for pages in ASP.NET applications. error messages like "Potentially dangerous value' are generated
because of this attribute.

example: in a textbox, if we write <script></script>
and then try to retreive its value, this attribute will result in an error.

It is true by default and can also be set to false.

Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Posted by: Rajendrameghwal on: 2/9/2011 | Points: 10
I think just ValidateRequest = "true" in page directive will not work. we may need to set
<httpRuntime requestValidationMode="2.0" />
in web.config also as asp.net 4.0 has changed some thing in validation request.
Source : Page - 1201 (Apress Pro ASP.net 4 in C# 2010)
Posted by: Ddd on: 2/9/2011 | Points: 10
In order to use a Delegate, refer to some asp.net tutorials or MSDN.
My point was only to indicate the use of ValidateRequest attribute.
As regards the changes made in ASP.NET 4.0, I will have to check out and then let
you know. Thanks for the suggestions

Login to post response