Turn off request validation programmatically

Question

I have a control that I'm writing where I want to turn off .NET's inbuilt request validation that prevents XSS attacks and similiar sort of nasties.

The control allows the owner of a web-site to adjust the content on that page. They can potentially enter markup if they want to. Since it's their site to edit, they must be able to stick whatever they want on there.

I'm wondering if it is possible to disable this validation programmatically?

The only way I can find to do it is either by shutting off request validation completely in the web.config or by using a page directive. For various reasons, I can't have this control in another page - so that option is out.

Answer 1

In the System.Web.Configuration

PagesSection pageSection = new PagesSection();
pageSection.ValidateRequest = false;

Reference

Answer 2

@Chris led me in the right direction.

What I did was to turn off the setting in the web.config and used a HTTP module to do the request validation for all requests where the user is not in EditMode.

In .NET 2.0, there is a method on the Request class called: ValidateInput. This will do the validation even when it is turned off in the web.config.