Edit

Share via


RequestValidator.IsValidRequestString Method

Definition

Validates a string that contains HTTP request data.

protected public:
 virtual bool IsValidRequestString(System::Web::HttpContext ^ context, System::String ^ value, System::Web::Util::RequestValidationSource requestValidationSource, System::String ^ collectionKey, [Runtime::InteropServices::Out] int % validationFailureIndex);
protected internal virtual bool IsValidRequestString (System.Web.HttpContext context, string value, System.Web.Util.RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex);
abstract member IsValidRequestString : System.Web.HttpContext * string * System.Web.Util.RequestValidationSource * string * int -> bool
override this.IsValidRequestString : System.Web.HttpContext * string * System.Web.Util.RequestValidationSource * string * int -> bool
Protected Friend Overridable Function IsValidRequestString (context As HttpContext, value As String, requestValidationSource As RequestValidationSource, collectionKey As String, ByRef validationFailureIndex As Integer) As Boolean

Parameters

context
HttpContext

The context of the current request.

value
String

The HTTP request data to validate.

requestValidationSource
RequestValidationSource

An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:

  • QueryString
  • Form
  • Cookies
  • Files
  • RawUrl
  • Path
  • PathInfo
  • Headers.
collectionKey
String

The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, collectionKey can be null.

validationFailureIndex
Int32

When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.

Returns

true if the string to be validated is valid; otherwise, false.

Remarks

You implement this method to perform custom validation of request data. The base behavior of the IsValidRequestString(HttpContext, String, RequestValidationSource, String, Int32) method is like the behavior that ASP.NET implements internally to check for dangerous strings in cross-site scripting validation. For more information, see How To: Prevent Cross-Site Scripting in ASP.NET.

If custom validation logic detects an error, this method should return false and provide a value in validationFailureIndex to indicate the starting point of the text that caused the error. The value in validationFailureIndex must be 0 or a positive integer.

The logic in a request validation check proceeds as follows:

Applies to