Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
UnvalidatedRequestValues Class
Collapse the table of content
Expand the table of content

UnvalidatedRequestValues Class

.NET Framework 4.6 and 4.5

Provides access to HTTP request values without triggering ASP.NET request validation.

System.Object
  System.Web.UnvalidatedRequestValues

Namespace:  System.Web
Assembly:  System.Web (in System.Web.dll)

public sealed class UnvalidatedRequestValues

The UnvalidatedRequestValues type exposes the following members.

  NameDescription
Public propertyCookiesGets the collection of cookies that the client sent, without triggering ASP.NET request validation.
Public propertyFilesGets the collection of files that the client uploaded, without triggering ASP.NET request validation.
Public propertyFormGets the collection of form variables that the client submitted, without triggering ASP.NET request validation.
Public propertyHeadersGets the collection of HTTP headers that the client sent, without triggering request validation.
Public propertyItemGets the specified object from the Form, Cookies, QueryString, or ServerVariables collection, without triggering ASP.NET request validation.
Public propertyPathGets the virtual path of the requested resource without triggering ASP.NET request validation.
Public propertyPathInfoGets additional path information for a resource that has a URL extension, without triggering ASP.NET request validation.
Public propertyQueryStringGets the collection of HTTP query string variables that the client submitted, without triggering ASP.NET request validation.
Public propertyRawUrlGets the part of the requested URL that follows the website name, without triggering ASP.NET request validation.
Public propertyUrlGets the URL data for the request without triggering ASP.NET request validation.
Top

  NameDescription
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

When ASP.NET reads the values in HTTP request collections (such as the Form, QueryString, and Cookies collections), it performs request validation. During request validation, ASP.NET examines the posted values and determines whether they contain markup, script, or reserved characters. By default, if ASP.NET detects any of these types of input, it throws an HttpRequestValidationException exception. This helps prevent malicious script injection attacks on your website.

However, in some cases, you might want to bypass ASP.NET request validation and allow values that contain markup, script, or reserved characters. For example, if your application uses a rich-text editor that enables users to submit HTML markup as formatted content, you can use the members of the UnvalidatedRequestValues class to retrieve the rich-text request values without triggering the default ASP.NET request validation. In your code, you access members of this class by using the Unvalidated property.

Security noteSecurity Note

If you use this class, you must manually check the data for potential cross-site scripting attacks.

.NET Framework

Supported in: 4.6, 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2015 Microsoft