Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Request.ValidateInput... Code bug or documentation bug?

3 views
Skip to first unread message

Fumiaki Yoshimatsu

unread,
Apr 28, 2003, 9:27:54 PM4/28/03
to
This is the 1.1 ASP.NET issue.

On the document[1], it is said that HttpRequest.ValidateInput
"be called by your code if the validation feature is not enabled".
It seems to be wrong. Check out the aspx below:

<%@Page Language="C#" ValidateRequest="false"%>
<html><body><form runat="server">
<asp:TextBox id="text1" runat="server"/>
<asp:Button id="button1" runat="server"/>
</form>
<script runat="server">
void Page_Load(object s, EventArgs e) {
if (IsPostBack) {
Request.ValidateInput();
}
}
</script></body></html>


This doesn't raise exception even if you enter script code in the textbox.
Is this a bug?

[1]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpRequestClassValidateInputTopic.asp?frame=true

Thanks,
Fumiaki Yoshimatsu

Victor Garcia Aprea [MVP]

unread,
Apr 29, 2003, 12:55:18 AM4/29/03
to
Hi Fumiaki,
 
Its not a bug, but maybe the doc isn't clear enough. The actual validation is not performed by ValidateInput() method, what this method does is just set a couple of flags that will cause validation to fire when you try to access any the Cookies, Form or  QueryString collections. This happens when the get accessor for any of these properties is called but not when you call ValidateInput(). So following your example, if you try to access the Form collection, i.e.:
 
String text = Request.Form[0];
 
that will trigger the validation for the Form collection and a HttpRequestValidationException should be thrown.
 
--
Victor Garcia Aprea
Microsoft MVP | ASP.NET
"Fumiaki Yoshimatsu" <fumi...@infoteria.co.jp> wrote in message news:unN4U6eD...@TK2MSFTNGP10.phx.gbl...

Fumiaki Yoshimatsu

unread,
Apr 29, 2003, 1:14:22 AM4/29/03
to
Thanks Victor,

Now it is working as I want. What a stupid question I have made...

Fumiaki Yoshimatsu

Victor Garcia Aprea [MVP]

unread,
Apr 29, 2003, 7:20:51 PM4/29/03
to
No, it wasn't a stupid question at all. After reading the docs you pointed I
believe they're confusing and may need some modification.

--
Victor Garcia Aprea
Microsoft MVP | ASP.NET

"Fumiaki Yoshimatsu" <fumi...@infoteria.co.jp> wrote in message

news:%2325eB5g...@TK2MSFTNGP10.phx.gbl...

Victor Garcia Aprea [MVP]

unread,
May 2, 2003, 12:17:22 AM5/2/03
to
Hi again,

I've just added an entry to my blog describing how this feature works
internally. If you want to learn more about it, please take a look at
http://dotnetweblogs.com/vga/

--
Victor Garcia Aprea
Microsoft MVP | ASP.NET

"Victor Garcia Aprea [MVP]" <v...@NOobiesSPAM.com> wrote in message
news:eM28jXqD...@TK2MSFTNGP12.phx.gbl...

0 new messages