Well, we all know there are always XSS vulnerabilities that can be discovered in

Question

0

Asked: June 3, 20262026-06-03T05:14:13+00:00 2026-06-03T05:14:13+00:00

Well, we all know there are always XSS vulnerabilities that can be discovered in

0

Well, we all know there are always XSS vulnerabilities that can be discovered in the future and can undermine ASP.net’s default request-validation security.

However, by default, validateRequest is true. Therefore, much of the html values cannot be entered into ASP.net textboxes and other inputs in the first place, correct?

Therefore, although it isn’t 100% solid security against XSS, it definitely covers a majority of it right?

I don’t believe I would need to do further HtmlEncodes() or a custom plainText() function every time I spit something to ASP.net html (via .Text = …) from the database, correct?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-03T05:14:14+00:00

Editorial Team

2026-06-03T05:14:14+00:00Added an answer on June 3, 2026 at 5:14 am

For the most part you should be protected if you have request validation enabled. Unfortunately, if you need to save markup you will have to strip it first or the validation will throw an HttpRequestValidationException:

enter image description here