By default ValidateRequest = true inside <% @page >. Because of that I'm having problem while submitting HTML code from client side to server side. If I make ValidateRequest = false than it works. But I don't want to disable server side validation. Any idea?
Thanks,
This is the intended behavior of the ValidateRequest directive. It is meant to prevent basic CSS attacks.
- http://www.asp.net/learn/whitepapers/request-validation
- http://msdn.microsoft.com/en-us/library/w1sw53ds.aspx
You could HTML encode the input before you pass it to the server, which I believe would get around this. This is what you would want to do for security reasons anyway.
精彩评论