RequestValidation Error in ASP.NET


While working with ASP.NET 2.0, if you try to put some XML text in a textbox or an invalid email in a textbox, then you get following error, when you submit the page.

This occurs becuase the request is being validated by the server when you submit it. To avoid this error, you have to add following line to your web.config file inside the section :

<pages validateRequest=”false”>

So, when you get this error, try this solution.


Comments (3)

  1. Chris Love says:

    I would not put that in the web.config, but only on the page you are recieving the possible invalid data on.  You want this protection to guard against Cross Site scripting hacks.  I would also suggest that you then carefully check the information being submitted to make sure it is “valid” for your needs too.  You have to be careful these days.

  2. Sandeep says:

    Well said. thanks for pointing

  3. mike says:

    If you turn off validation, you MUST apply some sort of filtering to any page that accepts input (or better yet, to all pages). Here’s a topic in the documentation that suggests one way to create a simple whitelist filter:

    How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings

    http://msdn2.microsoft.com/en-us/library/a2a4yykt.aspx

    More info about what ValidateRequest does:

    http://mikepope.com/blog/DisplayBlog.aspx?permalink=441