I have a form where one of the fields would allow entry of HTML tags.
<asp:TextBox ID="someID" runat="server" TextMode="MultiLine" />
In this field I have a RequiredFieldValidator validation only. Unfortunately, after any PostBack if the content of any of the fields includes HTML tags or any other potentially dangerous code - the entire ViewState is cleaned.
Setting ValidateRequest to false does not help.
I'm using IIS 7.5 and .NET 4.0.
Any ideas?
I would add a jqueryvalidator instead, and then validate on post as well.. It gives you more control and can give you some "smoother" effects.
For example: http://docs.jquery.com/Plugins/Validation/Validator
You also need to set the
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
in addition to : <%@ Page ValidateRequest="false"> on top of the page.
If you want to disable request validation for whole application, set :
<system.web>
<pages validateRequest="false" />
</system.web>