After you install the Visual Studio 2010, when the default page input box, enter "<" or ">" time. In accordance with the access policy, which will result in some security issues, such as: XSS (cross-site scripting attack). More accurately describe the problem is, when you are in the .NET Framework 4.0 or later installed, when your application to .NET Framework 4.0 framework version, any of your server request, the server will be requested for authentication (ValidationRequest), which not only includes ASP.NET, Web Services also includes other HTTP request, not only for the aspx page, but also for the HTTP Handler, HTTP Module, etc., because of this verification (Valify) process that will take place in BeginRequest before the event.
Based on the above principle, in previous versions of ASP.NET, the default request validation is opened, but occur at the page level (aspx), and only take effect when the execution of the request, therefore, in the old version, we just need to you can configure the following manner:
Provided at page level (ASPX) is
the ValidateRequest = "to false"
or
at a global level (Web.config) is set
< Configuration >
< System.Web >
< Pages the validateRequest = " to false " >
However, the above setting only ASP.NET4.0 more effective. On ASP.NET4.0 version, we need more line configuration:
At the global level (Web.config) is set
< Configuration >
< System.Web >
< the httpRuntime requestValidationMode = " 2.0 " >
This is actually a page in which the error occurred has been explained. In actual use, not only that, but as long as requestValidationMode less than 4.0 can be set to, for example: 1.0,2.0,3.0,3.9 are possible, error indicated by 2.0, using default object merely illustrative of ASP.NET 2.0 way to work.
Reproduced in: https: //www.cnblogs.com/TSPWater/archive/2012/01/31/2333210.html