Validation Class

Excludes fields of the Request object from being checked for potentially unsafe HTML markup and client script.

System.Object
  System.Web.Helpers.Validation

Namespace:  System.Web.Helpers
Assembly:  System.Web.WebPages (in System.Web.WebPages.dll)

public static class Validation

  NameDescription
Public methodStatic memberUnvalidated(HttpRequest)Returns a version of form values, cookies, and query-string variables without checking them first for HTML markup and client script.
Public methodStatic memberUnvalidated(HttpRequestBase)Returns all values from the Request object (including form fields, cookies, and the query string) without checking them first for HTML markup and client script.
Public methodStatic memberUnvalidated(HttpRequest, String)Returns a value from the specified form field, cookie, or query-string variable without checking it first for HTML markup and client script.
Public methodStatic memberUnvalidated(HttpRequestBase, String)Returns the specified value from the Request object without checking it first for HTML markup and client script.
Top

Request validation checks for HTML markup and client script when a page is submitted. Validation examines form fields, cookies, and query-string variables. By default, if any markup or script is detected, ASP.NET throws an exception and the page is not processed. This helps protect the web application against security exploits such as cross-site scripting (XSS) attacks.

In some instances, it is useful to let users submit markup in specific fields (input and textarea elements) on a page. For example, this is typical in a field where users can enter free-form comments. In that case, you can exclude that field from request validation, and users can include markup such as <b>, <em>, and so on.

Security noteSecurity Note:

If you exclude a field from request validation, you must check it yourself to be sure it does not include malicious markup or code.

NoteNote:

The methods in this class are not intended to be called directly. For example, to exclude httpRequest, you would not use System.Web.Helpers.Validation.Unvalidated(httpRequest). Instead, use Request.Unvalidated(httpRequest).

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show: