include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

At Controller level:

----
[ValidateInput(false)]
public ActionResult Welcome(string name)
{
  ...
}
----

At application level, configured in the Web.config file:

----
<configuration>
   <system.web>
      <pages validateRequest="false" />
      ...
      <httpRuntime requestValidationMode="0.0" />
   </system.web>
</configuration>
----


== Compliant Solution

At Controller level:

[source,csharp]
----
[ValidateInput(true)]
public ActionResult Welcome(string name)
{
  ...
}
----
or 

[source,csharp]
----
public ActionResult Welcome(string name)
{
  ...
}
----

At application level, configured in the Web.config file:

[source,csharp]
----
<configuration>
   <system.web>
      <pages validateRequest="true" />
      ...
      <httpRuntime requestValidationMode="4.5" /> 
   </system.web>
</configuration>
----


include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]