Asp – When is it ok to disable event validation on a page

asp.netasp.net-ajax

I am using ASP.NET ajax to dynamically add/remove controls from a page without using full postbacks. The UI is very complicated. Under certain scenarios, when a control on the page causes a full postback, after changing the controls via async postbacks, I get this error:

Invalid postback or callback argument. Event validation is enabled using '<pages enableEventValidation="true"/>'

I can fix it by setting EnableEventValidation="false" at the page level.

What are the implications of doing this? Are there times when it is ok to do this or is this a hack?

Best Answer

If you have a WYSIWYG input text box or a textbox expecting HTML, then you have to disable validation or do some JavaScript hack.

The catch is that you will need to provide thorough validation to prevent XSS and such.

Related Solutions

R – ASP.NET Master Page: Event Validation Error

Are you doing any databinding on that page? If so, is it happening between a check for !IsPostBack ?

if (!IsPostBack) { // do databinding }

A similar issue was mentioned here.

Purpose for

Read the documentation.

EDIT: For security reasons, it's probably best to leave it set to true wherever you can.

I would therefore recommend that you set it to false only on the individual AJAX pages where it causes problems, while leaving it true in web.config.

Best Answer

Related Solutions

R – ASP.NET Master Page: Event Validation Error

Purpose for

Related Topic