Is there a difference between requestValidationMode=”4.5″ and requestValidationMode=”2.0″? I have a .net 4.5 application, there is a control which I don’t want to validate, as users can enter html tags in:
<asp:TextBox ID="txtTitle" runat="server" ValidateRequestMode="Disabled" />
in my web.config i have:
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">...</compilation> <httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
initially I have put requestValidationMode=”4.5″ but that didn’t work, I would still get the error about the tags – “A potentially dangerous Request.Form value was detected from the client …” as soon as would submit the form. However if I set it to requestValidationMode=”2.0″ it works, i’m able to hit the PageLoad and encode the value from that field.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Yes there is a difference between the two. Anything requestValidationMode specified as 4.0 or above will use the 4.0 way and any requestValidationMode specified as below 4.0 will use the 2.0 way. Below is a description of the two:
4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.
2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.
As a note: There are other solutions, since you are using asp.net 4.5 you may want to look it to validating on a per control level, that way you can leave the requestValidationMode property in the web.config at 4.5 and only change it on controls that need it.
http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx
Method 2
I agree with Chris_dotnet’s answer.
However, I would like to add a small side note:
In your web.config file, enclose the requestValidationMode="2.0" tag under the location tag so you only allow a specific page to have this “waiver” to skip the validation.
<location path="YourPage.aspx">
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
</location>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0