ASP.NET 4 Request Validation at Page Level

Request validation is the .NET framework’s protector against XSS. If not explicitly turned off, all ASP.NET web application will check against XSS. it is to help from un-trusted data in URL and it is by default enabled, like image below.

RequestValidation1In ASP.NET 4 , you can’t disable the “Request Validation” on specific ASPX pages, while you can do that in earlier versions.

RequestValidation2

Solution

To revert back to 2.0 request validation mode and disable request validation on pages level, you need to specify the “requestValidationMode” to be “2.0” in your web.config

RequestValidation3

Then try now 😉

RequestValidation4

Summery

  1. In Page directive add: ValidateRequest=”false”
  2. In web.config add: <httpRuntime requestValidationMode=”2.0″ />