What does requestValidationMode="2.0" actually do?

Oren A picture Oren A · Jun 1, 2011 · Viewed 25.9k times · Source


I'm trying to solve a "A potentially dangerous Request.Form value was detected from the client" problem, and SO answers and Scott Hanselman recommend setting

<httpRuntime requestValidationMode="2.0" />

in Web.config (along with adding an attribute to problematic Methods).
I realize this changes the validation mode to ASP.NET 2.0's, but what does that mean?
And also, does this change has any side effects I should be aware of?

Thanks.

Answer

David d C e Freitas picture David d C e Freitas · Dec 7, 2011

Check out the description at MSDN's HttpRuntimeSection.RequestValidationMode Property.

2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.