As seen on Sam Gentiles blog:
While it's great that there is support in the 1.1 Framework to protect against cross site scripting attacks it stills helps to know how to turn off support for it in certain instances.
For example for a current project we are leveraging the Community Starter kit found on the www.asp.net site. Unfortunately they don't have a version specificially built for the 1.1 framework so the site won't run on the 1.1 Framework due to protection against cross site scripting found that version of the framework. So if you find yourself in a similiar situation here is how you disable the protection for cross site scripting.
At the Page Level just specify in the @Page directive validateRequest="false".
You can also specify this in web.config or machine.config for the site as a whole by adding the following:
<pages buffer="true" enableSessionState="true" enableViewState="true" enableViewStateMac="true" autoEventWireup="true" validateRequest="false"/>
[Sean 'Early' Campbell & Scott 'Adopter' Swigart's Radio Weblog]
7:55:04 PM
|