Reputation: 12437
Equivalent for validateRequest in mvc3
I am reading here: http://msdn.microsoft.com/en-us/library/ff649310.aspx#paght000004_step1 on the very first step in your machine.config to set:
<system.web>
<pages buffer="true" validateRequest="true" />
</system.web>
Is this already handled in mvc3 with the [Authorize] filter? or should i still put this in my web.config
Upvotes: 0
Views: 573
Answers (2)
Reputation: 2694
With [Authorize] filter you restrict access for specific action/controller to selected users and roles.
Request validation basically asserts that values submitted in action are not potentially harmful html strings (putting them un-encoded back to page could be dangerous). You can control request validation on global level with configuration files by attribute validateRequest="true/false". You may override configuration file setting with an action filter ([ValidateInput(true/false)]) (there are some other options, too).
Surely, you can relate those two things, they are both some type of validation and security mechanisms. Still, they are both very different type of validation, and you should see them as rather independent things.
Looking back to your question, you should rather put validateRequest="true" in web.config (so you will have request validation regardless of machine.config setting).
Upvotes: 0
Reputation: 17288
You can use attribute:
[ValidateInput(false)]
public ActionResult Index(string InputText)
{
return View();
}
Also look at this article: Understanding Request Validation in ASP.NET MVC 3
Upvotes: 1
Related Questions
- ValidateRequest in Razor syntax
- Request Validation with ASP.Net MVC 5
- Request validation in asp.net mvc
- MVC3 Validation
- validations in ASP.Net MVC3
- ValidateRequest at Model level
- ValidateRequest="false" not worked
- Request Validation - ASP.NET MVC 2
- ASP.NET MVC3 and server side validation
- ASP.NET MVC Validation