Re: What characters are allowed by validateRequest page directive?

well - besides having a look with reflector -

it is mostly

< followed by a-z

and

< followed by #

there is a third one i forgot.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I've seen several articles that indicate that if the page directive
validateRequest="True" (shown below) that the user input is validated
against a hard coded list of characters. What I cannot find is any
documentation that shows the hard coded list of characters. Does
anyone know where I can find this list or know exactly what's in the
list?

<% @ Page validateRequest="True" %>

Thanks



.

Relevant Pages

  • Re: 128 bit password
    ... If a password is for example 128bit, how long is it in characters (a-z ... If the password is "THISisMYpassword". ... It's the level of coding the security ...
    (microsoft.public.security)
  • preg_match allowing a-z AND å ä ö ü
    ... lowercase) characters of A-Z, 0-9 and for instance Swedish characters Å Ä Ö. ... but both returns false on everything except a-z A-Z. ... e-mail header causing the e-mail to fail. ...
    (comp.lang.php)
  • Re: small simple regexp favor
    ... anything other than A-Z 1-0 and also allow these 5 special characters?? ... Dim oRE: ... Dim nIdx, sMsg, sRes ...
    (microsoft.public.scripting.vbscript)
  • Re: small simple regexp favor
    ... anything other than A-Z 1-0 and also allow these 5 special characters?? ... Dim oRE: ... Dim nIdx, sMsg, sRes ...
    (microsoft.public.scripting.vbscript)
  • Re: FASTEST way to try all strings (a until ZZZZZZZZZZZZZZZZZZZZZZZZ)
    ... DraguVaso wrote: ... Even using just 17 characters ... With 53 symbols (a-z, A-Z, space) you get ... of repeated string concatenation would be a good start. ...
    (microsoft.public.dotnet.languages.vb)