ValidateRequest ="false" for single control

asp.net validate-request
ajbeaven picture ajbeaven · Mar 18, 2010 · Viewed 14.7k times · Source

I'm wanting to allow users to enter HTML in only a single TextBox. I understand it's possible to change ValidateRequest in the page directive to false in order to remove protection.

I'm guessing that this allows HTML to be entered in any TextBox on the page. Is there anyway to apply ValidateRequest="false" on only a single control?

Thanks for any help.

Answer

Guffa picture Guffa · Mar 18, 2010

No, the request validation is for the entire request or nothing.

The validation was added as a default to protect developers who are clueless about input validation. If you know that all input has to be treated as unsafe and know how to properly encode data that you use from the input to protect yourself from things like SQL injection and cross site scripting, you can turn the validation off.

Edit:

Update: In .NET 4.5 the ValidateRequestMode property was added, which allows excluding controls from the page global validation.

Related questions

ValidateRequest="false" doesn't work in Asp.Net 4

I have a form at which I use ckeditor. This form worked fine at Asp.Net 2.0 and 3.5 but now it doesn't work in Asp.Net 4+. I have ValidateRequest="false" directive. Any suggestions?

Read More
A potentially dangerous Request.Form value was detected from the client

I have one asp.net application, which has some problems while i am entering the special characters such as ": &#, " in the search box. If i enter this text in search box, i got the exception like this. A potentially …

Read More
Alternative to ValidateRequest="false"

Is there a way to prevent the error "A potentially dangerous Request.Form value was detected from the client" other than setting ValidateRequest="false"? Update: I removed the "on the page" part. I'd like to not use ValidateRequest="false" at …

Read More