ValidateInput attribute is used to enable or disable request validation. By default, request validation is enabled in asp.net mvc i.e [ValidateInput(true)]
[ValidateInput(true)]: When it is true (By default it is true), any input controllers will not allow any type of Javascript code and HTML code. It restricts cross-site scripting attack.
[HttpPost]
[ValidateInput(true)]
public string Index(string comments)
{
return "Your Comments: " + comments;
}
[ValidateInput(false)]: When it is false it is open for cross-site scripting attack.
[HttpPost]
[ValidateInput(false)]
public string Index(string comments)
{
return "Your Comments: " + comments;
}
[ValidateInput(true)]: When it is true (By default it is true), any input controllers will not allow any type of Javascript code and HTML code. It restricts cross-site scripting attack.
[HttpPost]
[ValidateInput(true)]
public string Index(string comments)
{
return "Your Comments: " + comments;
}
[ValidateInput(false)]: When it is false it is open for cross-site scripting attack.
[HttpPost]
[ValidateInput(false)]
public string Index(string comments)
{
return "Your Comments: " + comments;
}
No comments:
Post a Comment