Disable input validation for one field

Question

Disable input validation for one field

I have an ASP.NET 4 site where I want to allow people to put '<' in their password. However, .NET interferes with blocking (what it sees) an attempt to put HTML in the form field. I know that I can completely disable input validation, but I only want to disable this field. Does anyone know an easy way to do this?

+5

validation asp.net webforms

eliah Sep 27 '10 at 14:09

source share

5 answers

. [AllowHtml] , .

. ValidateInputAttribute Exclude

+1

Peter 21 . '17 10:09

.NET 4.5.

Web.config:

<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />

ValidateRequestMode="Disabled" ValidateRequestMode="Disabled":

<asp:YourControl id="YourControl" runat="server" ValidateRequestMode="Disabled"/>

. web.config WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for 'jquery'. . ASP.Net 2012 Unobtrusive Validation jQuery .

RequestValidationMode 4.5: requestValidationMode 4.5 vs 2.0

+1

kmdsax 05 . '18 17:29

MVC ValidateInputAttribute. / ( ), . Microsoft Web Protection Library.

0

John Bledsoe 27 . '10 14:12

, ASP.NET 4 ValidateRequest @Page <httpRuntime requestValidationMode="2.0" /> web.config. . : http://www.asp.net/whitepapers/aspnet4/breaking-changes

:

namespace Controls
{
    public class HtmlTextBox : TextBox
    {
        protected override bool LoadPostData(string postDataKey, System.Collections.Specialized.NameValueCollection postCollection)
        {
            bool res = base.LoadPostData(postDataKey, postCollection);
            Text = Text.Replace("&lt;", "<").Replace("&gt;", ">").Replace("&amp;", "&");
            return res;
        }

        protected override void OnPreRender(EventArgs e)
        {
            base.OnPreRender(e);

            ScriptManager.RegisterOnSubmitStatement(this, this.GetType(), "htmlTextBox" + UniqueID, "try { var item = document.getElementsByName('" + UniqueID + "')[0]; item.value = item.value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;'); } catch (err) {}");
        }
    }
}

web.config:

<system.web>
  <pages>
    <controls>
      <add tagPrefix="uc1" namespace="Controls" />
    </controls>
  </pages>
</system.web>

That way you can just use <uc1:HtmlTextBox runat="server" />it if you want the text box to host html, but other controls on the page will still be blocked from posting html, unlike the approach where you disable ValidateRequest.

0

Michael Apr 13 '12 at 3:45

source share

Jason berkan · Accepted Answer · 2010-09-28T15:30:02+0000

You can only disable input validation for the entire page. The only solution I can come up with is to disable input validation, and then clear all other (without password) input fields using something like Anti-XSS .

Disable input validation for one field

More articles: