This is a subject that crosses multiple disciplines, but I'm posting it here (AJAX forum) because it was a partial postback (with Sys.Webforms.PageRequestManagerServerErrorException error) that stumped me.
I have a form that submits regular <input /> tags inside an UpdatePanel (not server controls). I was finishing debugging when I tried submitting something like "test<test>test" for a form value. The page would not do the partial update, and instead threw the error mentioned earlier in an alert box.
After messing around I figured out that it is ASP.NET guarding me against some malicious entry by hackers.
Changing ValidateRequest to false fixed the problem, but I hate to wipe something out completely, without knowing what I'm wiping out.
Is there some way to fine-tune control of what gets validated? Is there any way to know exactly what I've just disabled by setting ValidateRequest to false?
Thanks...
I'll give this one obnoxious bump, just to see if there's someone who may have some knowledge on this topic. If not, maybe it's just one of those areas where MS doesn't want to say what's going on under the covers. It would be nice to know what is going on with the validation, and what, if anything, can be controlled. For example, it would be great to subclass the functionality.
Hi,
It checks the following strings:
1. Is there a "&#" contained in the input string
2. Is there a "<[char]", "<!", "</" in the input string.
Great, thanks Raymond!
No comments:
Post a Comment