What is the difference between enableEventValidation and validateRequest? Although the former is on postback/callback caused by a control (Server side only I assume? Please advise), the latter is on every request, which is caused by a control posting back anyway? Or would validateRequest kick in by a standard html link being cli开发者_如何转开发cked?
Thanks
According to MSDN
EnableEventValidation's definition: "Gets or sets a value indicating whether the page validates postback and callback events."
ValidateRequest's definition: "Gets or sets a value that determines whether ASP.NET examines input from the browser for dangerous values."
EnableEventValidation addresses tampering with expected control values. So, for example, if I send {1, 2, 3} as the values in a drop down and the post back contains 4, event validation fails. Someone added an unexpected value to the page. This is why EnableEventValidation does not play well with client-side script that adds new values to controls.
RequestValidate addresses dangerous values in the post back. For example, alert('injected'); is a dangerous value in a textbox.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论