What are the security implications of using ValidateRequest = "false" to bypass the "Potentially dangerous Request.Form value"?

Question

What are the security implications of using ValidateRequest = "false" to bypass the "Potentially dangerous Request.Form value"?

The following message appeared:

A potentially dangerous Request.Form value was detected from the client

When trying to store a value $

.

I have looked at some common answers on the internet and they suggested using ValidateRequest="false"

in the head of the .ASPX file.

Is this a good security solution? Isn't this a security risk?

+3

security c # .net asp.net

ron Dec 18 14 at 11:31

source to share

1 answer

C Bauer · Accepted Answer · 2014-12-18T12:37:50+0000

To expand on CodeCaster's comment, this is definitely dangerous. You allow users to enter information, which means that the power user can now play with the internals of your site.

Cross-site scripting

If the value is sent to some news feed or whatever, allowing free-form input could mean injecting javascript into your feeds, which will run against other site users and open them up for attack. It can be as simple as sticking ads on your site, or even redirecting them to another attack page that will make you look pretty bad.

What are the security implications of using ValidateRequest = "false" to bypass the "Potentially dangerous Request.Form value"?

More articles: