|
-
Jun 21st, 2003, 04:27 PM
#1
Thread Starter
Frenzied Member
can you rely on validateRequest?
Can you really depnd on validateRequest to catch all the malicious inputs from the client? If yes, where I can catch the exception produced by that? I mean the HttpRequestValidationException.
'Heading for the automatic overload'
Marillion, Brave, The Great Escape, 1994
'How will WE stand the FIRE TOMORROW?'
Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979
-
Jun 21st, 2003, 08:11 PM
#2
Frenzied Member
Well, you should'nt really rely on that aone. You can use Server.HtmlEncode to encode the input, or use regular expressions to check for malicious input.
-
Jun 22nd, 2003, 12:10 AM
#3
Thread Starter
Frenzied Member
I am aware of HtmlEncode and Regex but when validateRequest is not set to false in page directives then when you submit the page back to server it catches the malicious input before you can send them to HtmlEncode or Regex.
'Heading for the automatic overload'
Marillion, Brave, The Great Escape, 1994
'How will WE stand the FIRE TOMORROW?'
Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote