I have some PageMethods (static methods in a page marked with <WebMethod>
) defined on some pages and call them using an ajax call. This POST to the server apparently doesn't trigger the ASP.NET code that would raise HttpRequestValidationException if the data sent is deemed possible XSS, so I'd like to duplicate that checking code to run it in my page methods.
Anyone know the details of that code or where I can find it? I looked in the MS AntiXss library, but it only does encoding, not actually checking input, AFAIK.
Edit: Or point me in the direction of code or a library that does some similar checking.