Equivalent for validateRequest in mvc3
Question
I am reading here: http://msdn.microsoft.com/en-us/library/ff649310.aspx#paght000004_step1 on the very first step in your machine.config to set:
<system.web>
<pages buffer="true" validateRequest="true" />
</system.web>
Is this already handled in mvc3 with the [Authorize] filter? or should i still put this in my web.config
2 answers
solution1
1 ACCPTED 2012-10-15 19:36:18
You can use attribute:
[ValidateInput(false)]
public ActionResult Index(string InputText)
{
return View();
}
Also look at this article: Understanding Request Validation in ASP.NET MVC 3
solution2
0 2012-10-15 20:02:54
With [Authorize] filter you restrict access for specific action/controller to selected users and roles.
Request validation basically asserts that values submitted in action are not potentially harmful html strings (putting them un-encoded back to page could be dangerous). You can control request validation on global level with configuration files by attribute validateRequest="true/false". You may override configuration file setting with an action filter ([ValidateInput(true/false)]) (there are some other options, too).
Surely, you can relate those two things, they are both some type of validation and security mechanisms. Still, they are both very different type of validation, and you should see them as rather independent things.
Looking back to your question, you should rather put validateRequest="true" in web.config (so you will have request validation regardless of machine.config setting).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.