Don't miss out Virtual Happy Hour this Friday (April 26).
Try our conversational search powered by Generative AI!
AI OnAI Off
Disabling page validation in Episerver 6
If you have XForms on only a few page types you could just add ValidateRequest="false" to the ASPX page directive for those templates.
XForm rendering and submission code will probably be just fine but of course you add a little risk for vulnerbilities for places where you output form values in site's own templates.
I usually have validateRequest on unless site has features where HTML is posted by forms. Users shouldn't post HTML chars otherwise.
Sep 07, 2017 22:01
In Episerver 6.1.379.0, .Net 4.5 is validating an xform that has a '<' charater in the input and throwing the error:>
A potentially dangerous Request.Form value was detected from the client
The Episerver knowledge base describes disabling validateRequest in, http://world.episerver.com/kb/10443/.
My question, there a risk in disabling this at the .NET level or does Episerver appropriately guard against these attacks since the knowledge base very casually suggests doing this to fix the issue?