http://www.intersoftsolutions.com/Community/Tags/HTTP/http://www.intersoftsolutions.comenCopyright 2002 - 2015 Intersoft Solutions Corp. All rights reserved.60http://www.intersoftsolutions.com/Community/Tags/HTTP/Thu, 25 Nov 2010 11:24:49 GMTEricWebGridFilterAJAXpostbackinput validationIVPOSTHTTP<p>Hi,</p> <p>We use the latest version of WebGrid 6.</p> <p>In our server infrastructure there are some servers in front of our IIS. These servers do input validation to prevent cross site scripting attacks. I have no control on what is filtered there, but I received a blocking log.</p> <p>The problem is that anything that looks like XML will be blocked. A string like:</p> <pre>" abc = … &gt;</pre> <p>anywhere in a POST data field will be blocked. And I found a blocked (AJAX?) POST request, looking like it came from WebGrid.</p> <p>Interestingly our application works - including all WebGrid functionality. But we do see some problems.</p> <p>Questions:</p> <ul><li>Does your WebGrid support such industry-standard high security environments in general?</li><li>Is there a way to avoid XML data in POST fields?</li><li>Is there a known bug in data encoding?</li><li>Do these AJAX postbacks have a special HTTP header field that could be used to distinguish if this is a special postback and not a standard form post? If yes, maybe the input validation can be disabled (or relaxed) for such requests.</li></ul> <p>It would be great if you could answer these four questions.</p> <p>Regards,</p> <p>Eric</p>