httpUtility.urlencode(doc.Outerxml) and validaterequest="false"

C

CindyH

Hi
I'm using .net 2.0.
I am receiving a http post that is sent httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need to
set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy
 
M

Michel Posseth [MCP]

Yes if the sender is sending data across the wire that is potentially
dangerous and you are aware of that fact , with a hughe XML file with lots
of data it is not so strange that one of the words or tag combinations is in
the list that raises the exception,
Request validation is performed by comparing all input data to a list of
potentially dangerous values. If a match occurs, ASP.NET raises an
HttpRequestValidationException.


note that you can set this property on page level instead of only the
web.config
with
pagesSection.ValidateRequest = False
or
<%@ Page validateRequest="false" %>

However if i were you i would encapsulate the posted data in a validation
object before i would process it anny further ( before you now it some
script kiddy finds the page and tries to execute some harmfull stuff
:) )


HTH
Michel Posseth [MCP]
 
C

Cindy H

How would I go about 'encapsulate the posted data'?



Michel Posseth said:
Yes if the sender is sending data across the wire that is potentially
dangerous and you are aware of that fact , with a hughe XML file with lots
of data it is not so strange that one of the words or tag combinations is
in the list that raises the exception,
Request validation is performed by comparing all input data to a list of
potentially dangerous values. If a match occurs, ASP.NET raises an
HttpRequestValidationException.


note that you can set this property on page level instead of only the
web.config
with
pagesSection.ValidateRequest = False
or
<%@ Page validateRequest="false" %>

However if i were you i would encapsulate the posted data in a validation
object before i would process it anny further ( before you now it some
script kiddy finds the page and tries to execute some harmfull stuff
-) )


HTH
Michel Posseth [MCP]





CindyH said:
Hi
I'm using .net 2.0.
I am receiving a http post that is sent
httpUtility.urlencode(doc.Outerxml).
Everything works fine and I can receive the post and parse it, but I need
to set validaterequest="false" or the other side can't post to my side.
Is setting validaterequest="false" the right way to go?

Thanks,
Cindy
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ValidateRequest="false" and HttpUtility.UrlEncode(Doc.OuterXml) 1
httputility.urlencode(doc.outerxml) as a http xml post 6
httputility.urlencode(doc.outerxml) as a http post 1
what's wrong with xml post code? 6
validateRequest and foreign characters 3
About validateRequest 1
validateRequest="false" not working in web.config or page directive 2
validateRequest doesn't work 1

Top