473,397 Members | 2,116 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > asp.net event validation

Join Bytes to post your question to a community of 473,397 software developers and data experts.

ASP.NET event validation

Does anyone have experience with turning off ASP.NET event validation ?
What is the complete set of consequences ?

I'm aware that event validation ensures that parameter values submitted to
event handlers for read-only ASP.NET web controls ( such as ListBox ) must
match the list of possible values available at the time the control is
rendered on the server; non-matching values will trigger a runtime
exception. Turning off event validation removes this restriction.

What are the other consequences of turning off event validation ?

<pages theme="theme" enableEventValidation="false">
May 24 '07 #1
3 5923
The only real consequence of disabling eventvalidation is that you are no
longer protected from rogue hackers who've hijacked your page to attempt to
post illegal formfield values that you didn't intend to be available on the
page. That's all that eventvalidation does.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net


"John Grandy" wrote:
Does anyone have experience with turning off ASP.NET event validation ?
What is the complete set of consequences ?

I'm aware that event validation ensures that parameter values submitted to
event handlers for read-only ASP.NET web controls ( such as ListBox ) must
match the list of possible values available at the time the control is
rendered on the server; non-matching values will trigger a runtime
exception. Turning off event validation removes this restriction.

What are the other consequences of turning off event validation ?

<pages theme="theme" enableEventValidation="false">
May 24 '07 #2
I can't tell if you're taking this particular "rogue hacker" threat very
seriously if you're poking fun at Microsoft for what you perceive as their
very serious take on it.

The problem with ASP.NET event validation is that there are legitmate
reasons for not creating lists of allowed values for particular form fields
on the server-side, and instead dynamically creating these lists on the
client-side via script.
"Peter Bromberg [C# MVP]" <pb*******@yahoo.yabbadabbadoo.comwrote in
message news:D0**********************************@microsof t.com...
The only real consequence of disabling eventvalidation is that you are no
longer protected from rogue hackers who've hijacked your page to attempt
to
post illegal formfield values that you didn't intend to be available on
the
page. That's all that eventvalidation does.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net


"John Grandy" wrote:
>Does anyone have experience with turning off ASP.NET event validation ?
What is the complete set of consequences ?

I'm aware that event validation ensures that parameter values submitted
to
event handlers for read-only ASP.NET web controls ( such as ListBox )
must
match the list of possible values available at the time the control is
rendered on the server; non-matching values will trigger a runtime
exception. Turning off event validation removes this restriction.

What are the other consequences of turning off event validation ?

<pages theme="theme" enableEventValidation="false">

May 24 '07 #3
I'm not poking fun at Microsoft at all on this one. Event validation is a
VERY useful feature. However, as you have noted, it can and does interfere
with legitimate dynamically created element (such as ListItems in a
dropdownlist, for example). However, there are ways to do this and still keep
event validation turned on. Do more research, you'll find some excellent
blog posts on this very subject.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net


"John Grandy" wrote:
I can't tell if you're taking this particular "rogue hacker" threat very
seriously if you're poking fun at Microsoft for what you perceive as their
very serious take on it.

The problem with ASP.NET event validation is that there are legitmate
reasons for not creating lists of allowed values for particular form fields
on the server-side, and instead dynamically creating these lists on the
client-side via script.
"Peter Bromberg [C# MVP]" <pb*******@yahoo.yabbadabbadoo.comwrote in
message news:D0**********************************@microsof t.com...
The only real consequence of disabling eventvalidation is that you are no
longer protected from rogue hackers who've hijacked your page to attempt
to
post illegal formfield values that you didn't intend to be available on
the
page. That's all that eventvalidation does.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net


"John Grandy" wrote:
Does anyone have experience with turning off ASP.NET event validation ?
What is the complete set of consequences ?

I'm aware that event validation ensures that parameter values submitted
to
event handlers for read-only ASP.NET web controls ( such as ListBox )
must
match the list of possible values available at the time the control is
rendered on the server; non-matching values will trigger a runtime
exception. Turning off event validation removes this restriction.

What are the other consequences of turning off event validation ?

<pages theme="theme" enableEventValidation="false">


May 24 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
need to have onsubmit event fire after server-side validation.
by: usl2222 | last post by:
Hi folks, I appreciate any assistance in the following problem: I have a form with a bunch of dynamic controls on it. All the controls are dynamically generated on a server, including all...
ASP.NET
3
bypass an event because server side validation failed
by: interuser | last post by:
Hi How can I prevent an event (eg button click) from happening from within page_load? The reason is that I want to make my existing application work for netscape, for which there are no client...
ASP.NET
5
how to fire an event programmatically?
by: Verde | last post by:
This is admittedly an apparently odd request... but please indulge me if you don't mind: Suppose I have two <asp:Button.../> on a page (Button1 and Button2). User clicks Button1 and triggers a...
ASP.NET
1
Adding Validation via OnItemDataBound event (ASP.NET 2.0)
by: rmccinc | last post by:
OK, I am running into some issues that I cant figure out a work-around. I am not going to post code cause I figured out WHY my issue is happening: -I have a datagrid, and a button that fires a...
ASP.NET
6
Event with multiple subscribers. Cancel invocation of other handlers.
by: Peter M. | last post by:
Hi all, If an event has multiple subscribers, is it possible to cancel the invocation of event handlers from an event handler? Or to be more specific: I'm subscribing to the ColumnChanging...
C# / C Sharp
1
Setting e.Cancel outside an event Handler?
by: David Veeneman | last post by:
I am writing a control that relies on its host to validate the contents of one of its fields. The control fires a custom 'FooNeedsValidating' event and passes the field's data with the event. The...
C# / C Sharp
3
Autopostback and onkeyup event issue
by: Brad | last post by:
The first text on my form is a numeric field. I have a javascript that runs on this field for onkeyup (validate the key strokes and modifies fields on the screen) but when I do this and have the...
ASP.NET
14
Textbox LostFocus event fires after Command Button's OnClick event
by: teddysnips | last post by:
WINDOWS FORMS I've a form that has a textbox that allows the user to enter a string. On the LostFocus event, the textbox formats the string into a preferred format. However, if the user...
Visual Basic .NET
1
Can't cancel keyup event.
by: Frank O'Hara | last post by:
I think I'm losing my mind, granted it is kind of late here so... I'm trying to do some simple validation on the client as keys are pressed. The validation routine works well enough however I...
Javascript
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!