Export (0) Print
Expand All

UnvalidatedRequestValues Class

.NET Framework 4.5

Provides access to HTTP request values without triggering ASP.NET request validation.

System.Object
  System.Web.UnvalidatedRequestValues

Namespace:  System.Web
Assembly:  System.Web (in System.Web.dll)

public sealed class UnvalidatedRequestValues

The UnvalidatedRequestValues type exposes the following members.

  NameDescription
Public propertyCookiesGets the collection of cookies that the client sent, without triggering ASP.NET request validation.
Public propertyFilesGets the collection of files that the client uploaded, without triggering ASP.NET request validation.
Public propertyFormGets the collection of form variables that the client submitted, without triggering ASP.NET request validation.
Public propertyHeadersGets the collection of HTTP headers that the client sent, without triggering request validation.
Public propertyItemGets the specified object from the Form, Cookies, QueryString, or ServerVariables collection, without triggering ASP.NET request validation.
Public propertyPathGets the virtual path of the requested resource without triggering ASP.NET request validation.
Public propertyPathInfoGets additional path information for a resource that has a URL extension, without triggering ASP.NET request validation.
Public propertyQueryStringGets the collection of HTTP query string variables that the client submitted, without triggering ASP.NET request validation.
Public propertyRawUrlGets the part of the requested URL that follows the website name, without triggering ASP.NET request validation.
Public propertyUrlGets the URL data for the request without triggering ASP.NET request validation.
Top

  NameDescription
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

When ASP.NET reads the values in HTTP request collections (such as the Form, QueryString, and Cookies collections), it performs request validation. During request validation, ASP.NET examines the posted values and determines whether they contain markup, script, or reserved characters. By default, if ASP.NET detects any of these types of input, it throws an HttpRequestValidationException exception. This helps prevent malicious script injection attacks on your website.

However, in some cases, you might want to bypass ASP.NET request validation and allow values that contain markup, script, or reserved characters. For example, if your application uses a rich-text editor that enables users to submit HTML markup as formatted content, you can use the members of the UnvalidatedRequestValues class to retrieve the rich-text request values without triggering the default ASP.NET request validation. In your code, you access members of this class by using the Unvalidated property.

Security noteSecurity Note

If you use this class, you must manually check the data for potential cross-site scripting attacks.

.NET Framework

Supported in: 4.6, 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft