ASP.NET in a Nutshell, Second Edition > The System.Web Namespace > HttpRequestValidationException - Pg. : Safari Books Online

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

ASP.NET in a Nutshell, Second Edition

ASP.NET in a Nutshell, Second Edition

Search

Contents

Pt. I. Introduction to ASP.NET

Pt. II. Intrinsic Class Reference

Pt. III. Namespace Reference

Ch. 21. Namespace Reference

Ch. 22. Converting from C# to VB Syntax

Ch. 23. The System.Web Namespace

AspNetHostingPermission

AspNetHostingPermissionAttribute

AspNetHostingPermissionLevel

BeginEventHandler

EndEventHandler

HttpApplication

HttpApplicationState

HttpBrowserCapabilities

HttpCacheability

HttpCachePolicy

HttpCacheRevalidation

HttpCacheValidateHandler

HttpCacheVaryByHeaders

HttpCacheVaryByParams

HttpClientCertificate

HttpCompileException

HttpCookieCollection

HttpFileCollection

HttpModuleCollection

HttpParseException

HttpRequestValidationException

HttpServerUtility

HttpStaticObjectsCollection

HttpUnhandledException

HttpValidationStatus

HttpWorkerRequest

HttpWorkerRequest.EndOfSendNotification

IHttpAsyncHandler

IHttpHandlerFactory

ProcessModelInfo

ProcessShutdownReason

Ch. 24. The System.Web.Caching Namespace

Ch. 25. The System.Web.Configuration Namespace

Ch. 26. The System.Web.Hosting Namespace

Ch. 27. The System.Web.Mail Namespace

Ch. 28. The System.Web.Mobile Namespace

Ch. 29. The System.Web.Security Namespace

Ch. 30. The System.Web.Services Namespace

Ch. 31. The System.Web.Services.Configuration Namespace

Ch. 32. The System.Web.Services.Description Namespace

Ch. 33. The System.Web.Services.Discovery Namespace

Ch. 34. The System.Web.Services.Protocols Namespace

Ch. 35. The System.Web.SessionState Namespace

Ch. 36. The System.Web.UI Namespace

Ch. 37. The System.Web.UI.Design Namespace

Ch. 38. The System.Web.UI.Design.WebControls Namespace

Ch. 39. The System.Web.UI.HtmlControls Namespace

Ch. 40. The System.Web.UI.MobileControls Namespace

Ch. 41. The System.Web.UI.MobileControls.Adapters Namespace

Ch. 42. The System.Web.UI.WebControls Namespace

Appx. A. Type, Method, Property, and Field Index

URL

Help

HttpRequestValidationException

ASP.NET 1.1 adds a request validation feature designed to prevent some types of script injection attacks. If request validation is enabled (the default), ASP.NET will check all posted values, cookies, and the query string for potentially dangerous input. One example of potentially dangerous input is if the user enters a JavaScript block into a textbox. This becomes a problem if your code attempts to display the textbox content by writing it to a web page without first encoding it using the HttpServerUtility.HtmlEncode( ) method. In this case, your page will not just display the textbox contents—instead, it will execute the script block. With request validation, however, this shouldn't occur, as ASP.NET will throw the HttpRequestValidationException when a page with potentially dangerous content is posted back to the server.

You can disable request validation by setting the validateRequest attribute in the Page directive to false. In this case, your application should explicitly check or HTML encode all user input. Note that request validation and the HttpRequestValidationException class are only found in Version 1.1 of the .NET Framework.

public sealed class HttpRequestValidationException : HttpException {
// No public or protected members
}

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial