469,927 Members | 1,601 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,927 developers. It's quick & easy.

httpUtility.urlencode(doc.Outerxml) and validaterequest="false"

Hi
I'm using .net 2.0.
I am receiving a http post that is sent httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need to
set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy
Jun 27 '08 #1
2 1969
Yes if the sender is sending data across the wire that is potentially
dangerous and you are aware of that fact , with a hughe XML file with lots
of data it is not so strange that one of the words or tag combinations is in
the list that raises the exception,
Request validation is performed by comparing all input data to a list of
potentially dangerous values. If a match occurs, ASP.NET raises an
HttpRequestValidationException.
note that you can set this property on page level instead of only the
web.config
with
pagesSection.ValidateRequest = False
or
<%@ Page validateRequest="false" %>

However if i were you i would encapsulate the posted data in a validation
object before i would process it anny further ( before you now it some
script kiddy finds the page and tries to execute some harmfull stuff
:-) )
HTH
Michel Posseth [MCP]

"CindyH" <ch*******@new.rr.comschreef in bericht
news:ex**************@TK2MSFTNGP04.phx.gbl...
Hi
I'm using .net 2.0.
I am receiving a http post that is sent
httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need
to set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy

Jun 27 '08 #2
How would I go about 'encapsulate the posted data'?

"Michel Posseth [MCP]" <MS**@posseth.comwrote in message
news:e1**************@TK2MSFTNGP04.phx.gbl...
Yes if the sender is sending data across the wire that is potentially
dangerous and you are aware of that fact , with a hughe XML file with lots
of data it is not so strange that one of the words or tag combinations is
in the list that raises the exception,
Request validation is performed by comparing all input data to a list of
potentially dangerous values. If a match occurs, ASP.NET raises an
HttpRequestValidationException.
note that you can set this property on page level instead of only the
web.config
with
pagesSection.ValidateRequest = False
or
<%@ Page validateRequest="false" %>

However if i were you i would encapsulate the posted data in a validation
object before i would process it anny further ( before you now it some
script kiddy finds the page and tries to execute some harmfull stuff
-) )
HTH
Michel Posseth [MCP]

"CindyH" <ch*******@new.rr.comschreef in bericht
news:ex**************@TK2MSFTNGP04.phx.gbl...
>Hi
I'm using .net 2.0.
I am receiving a http post that is sent
httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need
to set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy


Jun 27 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.

By using this site, you agree to our Privacy Policy and Terms of Use.