I'm wanting to allow users to enter HTML in only a single TextBox. I understand it's possible to change ValidateRequest
in the page directive to false in order to remove protection.
I'm guessing that this allows HTML to be entered in any TextBox on the page. Is there anyway to apply ValidateRequest="false"
on only a single control?
Thanks for any help.
No, the request validation is for the entire request or nothing.
The validation was added as a default to protect developers who are clueless about input validation. If you know that all input has to be treated as unsafe and know how to properly encode data that you use from the input to protect yourself from things like SQL injection and cross site scripting, you can turn the validation off.
Update: In .NET 4.5 the ValidateRequestMode
property was added, which allows excluding controls from the page global validation.
New in .NET 4.5 : You can set ValidateRequestMode="Disabled"
on a control. See MSDN.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With