Is it necessary to validate an xml postback in my asp.net MVC4 controller method?



We receive an http post (not from a form) that has a parameter containing xml, like:


I've decoded for readability purposes:


http://ift.tt/1ua4eSs


This results in "A potentially dangerous Request.QueryString value was detected from the client"


I searched and found that I could use [ValidateInput(false)] to get around this.


Is this a security risk?


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)