One work around is to set validateRequest="false" in Page element in web.config. Only trouble with that is, it allegedly then leaves the page vulnerable to script-injection attacks.
And apparently Html.Encoding() the control’s contents on the grid alone will not prevent the error either, but using a combination of both steps, is a fairly acceptable workaround.
Alternatively, validateRequest="false" can be used just in the page directive of a specific page rather than in the web.config file, and the second step is to then html encode the contents of controls on the web page or grid view. e.g. Textbox.Text = HttpUtility.HtmlEncode(databasevalue)
And apparently Html.Encoding() the control’s contents on the grid alone will not prevent the error either, but using a combination of both steps, is a fairly acceptable workaround.
Alternatively, validateRequest="false" can be used just in the page directive of a specific page rather than in the web.config file, and the second step is to then html encode the contents of controls on the web page or grid view. e.g. Textbox.Text = HttpUtility.HtmlEncode(databasevalue)
No comments:
Post a Comment