ASP.Net request validation is a feature that automatically protects ASP.Net applications from XSS attacks. Request validation in asp.net triggers error when it found HTML markup in any of the input data. But some real life applications still require HTML data in some of the input fields. For e.g. When receiving feedback from user, you may need to get the feedback as HTML. Prior to 4.5 the developers have the ability to switch off the request validation either in page level or for the entire application. Even though this was helpful, for accepting HTML markup from any one field in the page, you were required to disable the validation for entire page or disable it for entire application.
ASP.Net 4.5 brings some improvements to the request validation features. There is a new attribute introduced to httpRuntime element called requestValidationMode. You can set value for this attribute to 4.5 so that new improvements will be applied to your application.
No comments:
Post a Comment