RequestValidator.IsValidRequestString Method

Reference

Definition

Namespace:: System.Web.Util

Assembly:: System.Web.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Validates a string that contains HTTP request data.

protected public:
 virtual bool IsValidRequestString(System::Web::HttpContext ^ context, System::String ^ value, System::Web::Util::RequestValidationSource requestValidationSource, System::String ^ collectionKey, [Runtime::InteropServices::Out] int % validationFailureIndex);

protected internal virtual bool IsValidRequestString (System.Web.HttpContext context, string value, System.Web.Util.RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex);

abstract member IsValidRequestString : System.Web.HttpContext * string * System.Web.Util.RequestValidationSource * string * int -> bool
override this.IsValidRequestString : System.Web.HttpContext * string * System.Web.Util.RequestValidationSource * string * int -> bool

Protected Friend Overridable Function IsValidRequestString (context As HttpContext, value As String, requestValidationSource As RequestValidationSource, collectionKey As String, ByRef validationFailureIndex As Integer) As Boolean

Parameters

context: HttpContext

The context of the current request.

value: String

The HTTP request data to validate.

requestValidationSource: RequestValidationSource

An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:

QueryString
Form
Cookies
Files
RawUrl
Path
PathInfo
Headers.

collectionKey: String

The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, collectionKey can be null.

validationFailureIndex: Int32

When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.

Returns

Boolean

true if the string to be validated is valid; otherwise, false.

Remarks

You implement this method to perform custom validation of request data. The base behavior of the IsValidRequestString(HttpContext, String, RequestValidationSource, String, Int32) method is like the behavior that ASP.NET implements internally to check for dangerous strings in cross-site scripting validation. For more information, see How To: Prevent Cross-Site Scripting in ASP.NET.

If custom validation logic detects an error, this method should return false and provide a value in validationFailureIndex to indicate the starting point of the text that caused the error. The value in validationFailureIndex must be 0 or a positive integer.

The logic in a request validation check proceeds as follows:

The HttpRequest class performs a null-character removal check on the incoming data.
The HttpRequest class calls either the IsValidRequestString method (the default implementation of the base method) or calls a derived version of the method.
If IsValidRequestString method returns false to indicate a validation failure, ASP.NET constructs an error string (if necessary) and throws an HttpRequestValidationException exception.

Applies to

Share via