ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 5 question 3 discussion

Actual exam question from Microsoft's 70-486
Question #: 3
Topic #: 5
[All 70-486 Questions]

You are developing an ASP.NET MVC application.
The application must allow users to enter JavaScript in a feedback text box only.
You need to disable request validation.
What should you do?

  • A. Apply and set the CausesClientSideValidation attribute on the text box to FALSE.
  • B. Apply and set the ValidateInput attribute on the text box to FALSE.
  • C. Use the HttpRequest.Unvalidated property to read the unvalidated form value.
  • D. Use the HttpRequest.Form property to read the unvalidated form value.
  • E. Apply and set the CausesValidation attribute on the controller action to FALSE.
  • F. Apply and set the ValidateInput attribute on the controller action to FALSE.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
The HttpRequest.Unvalidated property gets the HTTP request values without triggering request validation.
Request validation checks for HTML markup and script that might indicate a potential cross-site scripting attack. By default, all values are checked using request validation and if any values contain markup or script, ASP.NET throws an HttpRequestValidationException exception. Use this method if you anticipate that the request will contain markup (for example, you are allowing users to post content that contains markup) and you want to get the raw value of a request.
References:
https://msdn.microsoft.com/en-us/library/system.web.httprequest.unvalidated.aspx https://docs.microsoft.com/en-us/aspnet/whitepapers/request-validation
by applepie at May 28, 2020, 11:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
applepie
4 years, 11 months ago
The answer should be F and C https://www.dotnettricks.com/learn/mvc/html-submission-by-validateinput-and-allowhtml-attribute-in-mvc4
upvoted 2 times
kakuru
4 years, 8 months ago
I was curious how you came to this conclusion. I stumbled upon this, which verifies that F is INCORRECT. Also, there's identical question which also had statement in C as the only valid answer. ----- Some people recommended adding [ValidateInput(false)] to the whole action method, but DON'T DO THAT this puts your app at risk disabling validation for all user input, not just one parameter. In MVC 3 Beta it was posible to do this: //does not work any more :( [HttpPost, ValidateInput(true, Exclude = "fieldName")] public virtual ActionResult Save(int id, string fieldName) { //... } But this has been removed from the release ----- https://www.jitbit.com/alexblog/273-aspnet-mvc-allowing-html-for-particular-action-parameters/
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel