Every time I come back the data to the user, I see that .NET automatically encode data, to prevent malicious script.
So why ValidateRequest?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Every time I come back the data to the user, I see that .NET automatically encode data, to prevent malicious script.
So why ValidateRequest?
according to asp.net: http://www.asp.net/whitepapers/request-validation this method is used to prevent some script-injection attacks .. the network is full of attackers so you should encode the data even if .NET automatically do it