Provides access to HTTP request values without triggering ASP.NET request validation.
Assembly: System.Web (in System.Web.dll)
Thetype exposes the following members.
|Cookies||Gets the collection of cookies that the client sent, without triggering ASP.NET request validation.|
|Files||Gets the collection of files that the client uploaded, without triggering ASP.NET request validation.|
|Form||Gets the collection of form variables that the client submitted, without triggering ASP.NET request validation.|
|Headers||Gets the collection of HTTP headers that the client sent, without triggering request validation.|
|Item||Gets the specified object from the Form, Cookies, QueryString, or ServerVariables collection, without triggering ASP.NET request validation.|
|Path||Gets the virtual path of the requested resource without triggering ASP.NET request validation.|
|PathInfo||Gets additional path information for a resource that has a URL extension, without triggering ASP.NET request validation.|
|QueryString||Gets the collection of HTTP query string variables that the client submitted, without triggering ASP.NET request validation.|
|RawUrl||Gets the part of the requested URL that follows the website name, without triggering ASP.NET request validation.|
|Url||Gets the URL data for the request without triggering ASP.NET request validation.|
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
When ASP.NET reads the values in HTTP request collections (such as the Form, QueryString, and Cookies collections), it performs request validation. During request validation, ASP.NET examines the posted values and determines whether they contain markup, script, or reserved characters. By default, if ASP.NET detects any of these types of input, it throws an HttpRequestValidationException exception. This helps prevent malicious script injection attacks on your website.
However, in some cases, you might want to bypass ASP.NET request validation and allow values that contain markup, script, or reserved characters. For example, if your application uses a rich-text editor that enables users to submit HTML markup as formatted content, you can use the members of the class to retrieve the rich-text request values without triggering the default ASP.NET request validation. In your code, you access members of this class by using the Unvalidated property.
If you use this class, you must manually check the data for potential cross-site scripting attacks.