Where to find or duplicate code that produces HttpRequestValidationException

Question

I have some PageMethods (static methods in a page marked with <WebMethod>) defined on some pages and call them using an ajax call. This POST to the server apparently doesn't trigger the ASP.NET code that would raise HttpRequestValidationException if the data sent is deemed possible XSS, so I'd like to duplicate that checking code to run it in my page methods.

Anyone know the details of that code or where I can find it? I looked in the MS AntiXss library, but it only does encoding, not actually checking input, AFAIK.

Edit: Or point me in the direction of code or a library that does some similar checking.

Answer 1

Analyzing the stack trace when a System.Web.HttpRequestValidationException is raised we can find out what code is throwing it.

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (IdentifierTextBox="

at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)

Using Reflector we find that ValidateString is calling: RequestValidator.Current.IsValidRequestString, which in turn calls CrossSiteScriptingValidation.IsDangerousString which is:

internal static bool IsDangerousString(string s, out int matchIndex)
{
matchIndex = 0;
int startIndex = 0;
while (true)
{
    int num2 = s.IndexOfAny(startingChars, startIndex);
    if (num2 < 0)
    {
        return false;
    }
    if (num2 == (s.Length - 1))
    {
        return false;
    }
    matchIndex = num2;
    char ch = s[num2];
    if (ch != '&')
    {
        if ((ch == '<') && ((IsAtoZ(s[num2 + 1]) || (s[num2 + 1] == '!')) || ((s[num2 + 1] == '/') || (s[num2 + 1] == '?'))))
        {
            return true;
        }
    }
    else if (s[num2 + 1] == '#')
    {
        return true;
    }
    startIndex = num2 + 1;
}
}