Portal Engine Questions on portal engine and web parts.
Version 6.x > Portal Engine > validateRequest="false" View modes: 
User avatar
Member
Member
anshuman.shandilya-aonhewitt - 9/18/2012 4:51:02 AM
   
validateRequest="false"
Hi,

I see that in web.config, validateRequest="false" is used. But I don't want that script tags "<", ">" can be inserted from my webpart. If I turn it on (validateRequest="true") in web.config, will it break any inbuilt kentico code.
I have also added my own web.config in the folder where i have custom webparts with the following text

<?xml version="1.0"?>
<configuration>
<system.web>
<pages validateRequest="true" />
</system.web>
</configuration>

But even then I can insert script tag from my webpart.
Also I could not find the @Page directive because I am creating all pages in CMS DESK.

Please help how can I turn on validaterRequest property for my webparts if not for entire kentico CMS.

Thanks
Anshuman

User avatar
Certified Developer 8
Certified Developer 8
Jiveabillion - 9/18/2012 11:15:55 AM
   
RE:validateRequest="false"
There are other protections in place against script tag injection that should keep your application safe. It is possible that changing that value could result in problems with the CMS. I would say to leave it as it is.

User avatar
Certified Developer 8
Certified Developer 8
Jiveabillion - 9/18/2012 11:17:30 AM
   
RE:validateRequest="false"
Also, you should sanitize your request data in your own code before you use it. This will offer optimal protection.

User avatar
Member
Member
anshuman.shandilya-aonhewitt - 9/19/2012 1:56:59 AM
   
RE:validateRequest="false"
Thanks, I will try to sanitize my request by performing htmlencode on content coming from text boxes.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 9/19/2012 6:48:38 AM
   
RE:validateRequest="false"
hi,

It was also discussed here.

Best regards,
Juraj Ondrus

User avatar
Member
Member
chris.worthington-barclayvouchers.co - 3/5/2014 2:10:08 AM
   
RE:validateRequest="false"
I just came across this thread. I need to sanitize form data sent as inquiries. I'm running Kentico 6 and am new to it. Can you help me?

Thank you.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 3/6/2014 1:50:27 AM
   
RE:validateRequest="false"
Hi,

If you could describe your issue in more details it would be much appreciated. Also, if you could mention what everything you have already tried so we don't tell you something that was done already. Have you also checked the other thread?

Best regards,
Juraj Ondrus