Validation Class
Note: This API is now obsolete.
Excludes fields of the Request object from being checked for potentially unsafe HTML markup and client script.
Inheritance Hierarchy
System.Object
System.Web.Helpers.Validation
Namespace: System.Web.Helpers
Assembly: System.Web.WebPages (in System.Web.WebPages.dll)
Syntax
'Declaration
<ExtensionAttribute> _
<ObsoleteAttribute("Use System.Web.HttpRequest.Unvalidated instead.")> _
Public NotInheritable Class Validation
'Usage
[ObsoleteAttribute("Use System.Web.HttpRequest.Unvalidated instead.")]
public static class Validation
[ExtensionAttribute]
[ObsoleteAttribute(L"Use System.Web.HttpRequest.Unvalidated instead.")]
public ref class Validation abstract sealed
[<AbstractClassAttribute>]
[<SealedAttribute>]
[<ObsoleteAttribute("Use System.Web.HttpRequest.Unvalidated instead.")>]
type Validation = class end
public final class Validation
Methods
| Name | Description | |
|---|---|---|
.jpeg "Public method") .gif "Static member") |
Unvalidated(HttpRequest) | Returns a version of form values, cookies, and query-string variables without checking them first for HTML markup and client script. |
|
Unvalidated(HttpRequestBase) | Returns all values from the Request object (including form fields, cookies, and the query string) without checking them first for HTML markup and client script. |
|
Unvalidated(HttpRequest, String) | Returns a value from the specified form field, cookie, or query-string variable without checking it first for HTML markup and client script. |
|
Unvalidated(HttpRequestBase, String) | Returns the specified value from the Request object without checking it first for HTML markup and client script. |
Top
Remarks
Request validation checks for HTML markup and client script when a page is submitted. Validation examines form fields, cookies, and query-string variables. By default, if any markup or script is detected, ASP.NET throws an exception and the page is not processed. This helps protect the web application against security exploits such as cross-site scripting (XSS) attacks.
In some instances, it is useful to let users submit markup in specific fields (input and textarea elements) on a page. For example, this is typical in a field where users can enter free-form comments. In that case, you can exclude that field from request validation, and users can include markup such as <b>, <em>, and so on.
.gif "Security note") Security Note |
|---|
If you exclude a field from request validation, you must check it yourself to be sure it does not include malicious markup or code. |
Note
The methods in this class are not intended to be called directly. For example, to exclude httpRequest, you would not use System.Web.Helpers.Validation.Unvalidated(httpRequest). Instead, use Request.Unvalidated(httpRequest).
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.