I have a "Sign up for email" user control consisting of an asp:TextBox, asp:Button, asp:RegularExpressionValidator. Nothing fancy. I'm seeing some garbage/sql injection addresses in the database suggesting the client-side validation may be bypassed. Investigation suggests that the server-side validation is also not firing.
When I set EnableClientScripting=false on the RegXValidator, the button is not causing validation on the server unless I explicitly set its CausesValidation property to true which is the default.
If I test for Button.CausesValidation it reports it is set to true. If I test Page.IsValid it reports it is false when I enter a bad address, but the page still processes and the database is updated.
If I explicitly set Button.CausesValidiation = true in the ASP mark-up, everything works as expected: the page does not submit and the validation message is displayed on the page.
Thoughts?