Excludes fields of the Request object from being checked for potentially unsafe HTML markup and client script.
Assembly: System.Web.WebPages (in System.Web.WebPages.dll)
|Unvalidated(HttpRequest)||Returns a version of form values, cookies, and query-string variables without checking them first for HTML markup and client script.|
|Unvalidated(HttpRequestBase)||Returns all values from the Request object (including form fields, cookies, and the query string) without checking them first for HTML markup and client script.|
|Unvalidated(HttpRequest, String)||Returns a value from the specified form field, cookie, or query-string variable without checking it first for HTML markup and client script.|
|Unvalidated(HttpRequestBase, String)||Returns the specified value from the Request object without checking it first for HTML markup and client script.|
Request validation checks for HTML markup and client script when a page is submitted. Validation examines form fields, cookies, and query-string variables. By default, if any markup or script is detected, ASP.NET throws an exception and the page is not processed. This helps protect the web application against security exploits such as cross-site scripting (XSS) attacks.
In some instances, it is useful to let users submit markup in specific fields (input and textarea elements) on a page. For example, this is typical in a field where users can enter free-form comments. In that case, you can exclude that field from request validation, and users can include markup such as <b>, <em>, and so on.
If you exclude a field from request validation, you must check it yourself to be sure it does not include malicious markup or code.
The methods in this class are not intended to be called directly. For example, to exclude httpRequest, you would not use System.Web.Helpers.Validation.Unvalidated(httpRequest). Instead, use Request.Unvalidated(httpRequest).