regarding validate request property

what are the possible benefits of using Valida开发者_JAVA技巧teRequest request to set false in asp.net page?

Because I'm going to use it.

The "benefit" is that you have more control over the input validation. If ValidateRequest = true and the input has invalid characters then an ugly error page is showed to the user.

Although a little old, here you have a MSDN post about "Prevent Cross-Site Scripting in ASP.NET"

Validate Request is essentially a terrible design. It was a good idea and would have worked but there is no good way to catch the exception and report error back to user as one would want. The exception can't be caught except at app level.

Also, you can use regular expression validator to avoid the exception but even if you have server side validation and Javascript is turned off then the exception is thrown.