We're tired of getting exceptions regarding "Invalid postback or callback argument" in our web app. What scenario(s) causes this error?
After talking to users, we've determined that one possible cause of this is when they click something that causes a postback, and then click something else before the initial postback completes.
What is the harm in disabling event validation? For what it's worth, we have SecureIIS installed for increased security.
UPDATE: In some places, we use Javascript to modify certain controls values, such as a drop-down list options (we do this to make a better user experience - less postbacks). This is likely causing the error. We have strict edits in place for all user input, so we are going to proceed with disabling EventValidation. Thank you!
Event Validation verifies that the values have not been tampered with manually, e.g. outside the scope permitted by the controls involved. For example, if you have a drop-down list with three choices 1, 2, or 3... if the user (or malicious middleman) changes the value to 4, validation will fail.
As long as you are doing your own checking in each handler to ensure incoming values are valid, and your code is structured in such a way that unexpected input will cause nothing to happen (safest), you will be fine with validation turned off.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With