ASP.NET Request Validation

ASP.NET Provides built-in request validation on form submission or postback handling. Request validation is on by default, and is handled differently by versions of the framework.

ASP.NET 1.1 Request Validation Summary

 * Filter "&#"
 * Filter ‘<’ then alphas or ! or / (tags)
 * Filter "script:"
 * Filter on handlers (onXXX=)
 * Filter “expression(“
 * Ignore elements named "__VIEWSTATE"

ASP.NET 2.0 Request Validation Summary

 * Filter "&#"
 * Filter ‘<’ then alphas or ! or / (tags)
 * Ignore elements with names prefixed with double underscore (__)

To toggle request validation (it is set to true by default):
On a single page:

<%@ Page validateRequest="true|false" %>

For the entire application:

  