html code submitting to code-behind not working with ValidateRequest = true in <% @page > [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, 开发者_运维百科but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 11 years ago.

By default ValidateRequest = true inside <% @page >. Because of that I'm having problem while submitting HTML code from client side to server side. If I make ValidateRequest = false than it works. But I don't want to disable server side validation. Any idea?

Thanks,

---

This is the intended behavior of the ValidateRequest directive. It is meant to prevent basic CSS attacks.

• http://www.asp.net/learn/whitepapers/request-validation
• http://msdn.microsoft.com/en-us/library/w1sw53ds.aspx

You could HTML encode the input before you pass it to the server, which I believe would get around this. This is what you would want to do for security reasons anyway.