RequestValidator.IsValidRequestString Method (HttpContext, String, RequestValidationSource, String, Int32)

.NET Framework (current version)
 

Validates a string that contains HTTP request data.

Namespace:   System.Web.Util
Assembly:  System.Web (in System.Web.dll)

protected internal virtual bool IsValidRequestString(
	HttpContext context,
	string value,
	RequestValidationSource requestValidationSource,
	string collectionKey,
	out int validationFailureIndex
)

Parameters

context
Type: System.Web.HttpContext

The context of the current request.

value
Type: System.String

The HTTP request data to validate.

requestValidationSource
Type: System.Web.Util.RequestValidationSource

An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:

QueryString

Form

Cookies

Files

RawUrl

Path

PathInfo

Headers

collectionKey
Type: System.String

The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, collectionKey can be null.

validationFailureIndex
Type: System.Int32

When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.

Return Value

Type: System.Boolean

true if the string to be validated is valid; otherwise, false.

You implement this method to perform custom validation of request data. The base behavior of the IsValidRequestString(HttpContext, String, RequestValidationSource, String, Int32) method is like the behavior that ASP.NET implements internally to check for dangerous strings in cross-site scripting validation. For more information, see How To: Prevent Cross-Site Scripting in ASP.NET.

If custom validation logic detects an error, this method should return false and provide a value in validationFailureIndex to indicate the starting point of the text that caused the error. The value in validationFailureIndex must be 0 or a positive integer.

The logic in a request validation check proceeds as follows:

  • The HttpRequest class performs a null-character removal check on the incoming data.

  • The HttpRequest class calls either the IsValidRequestString method (the default implementation of the base method) or calls a derived version of the method.

  • If IsValidRequestString method returns false to indicate a validation failure, ASP.NET constructs an error string (if necessary) and throws an HttpRequestValidationException exception.

.NET Framework
Available since 4.0
Return to top
Show: