You are developing an ASP.NET MVC application. The application must allow users to enter JavaScript in a feedback text box only. You need to disable request validation.
What should you do?
A . Apply and set the CausesClientSideValidation attribute on the text box to FALS
C . Apply and set the ValidateInput attribute on the text box to FALS
E . Use the HttpRequest.Unvalidated property to read the unvalidated form value.
F . Use the HttpRequest.Form property to read the unvalidated form value.
Answer: C
Explanation:
The HttpRequest.Unvalidated property gets the HTTP request values without triggering request validation.
Request validation checks for HTML markup and script that might indicate a potential cross-site scripting attack. By default, all values are checked using request validation and if any values contain markup or script, ASP.NET throws an HttpRequestValidationException exception. Use this method if you anticipate that the request will contain markup (for example, you are allowing users to post content that contains markup) and you want to get the raw value of a request.
References: https://msdn.microsoft.com/en-us/library/system.web.httprequest.unvalidated.aspx
Leave a Reply