<ConfigurationPropertyAttribute("requestValidationType", DefaultValue := "System.Web.Util.RequestValidator")> _ <StringValidatorAttribute(MinLength := )> _ Public Property RequestValidationType As String Get Set End PropertyIn it, I need to define my own class name to validate. Then, I need to set up the class such as:
Public Class CustomRequestValidation Inherits RequestValidator Public Sub New() End Sub Protected Overloads Overrides Function IsValidRequestString(ByVal context As HttpContext, ByVal value As String, _ ByVal requestValidationSource__1 As RequestValidationSource, ByVal collectionKey As String, _ ByRef validationFailureIndex As Integer) As Boolean ' Set a default value for the out parameter validationFailureIndex = -1 ' This application does not use RawUrl directly so you can ignore the check If requestValidationSource__1 = RequestValidationSource.RawUrl Then Return True End If ' Allow the query-string key data to have a value that is formated like XML If (requestValidationSource__1 = RequestValidationSource.QueryString) AndAlso (collectionKey = "data") Then ' The query-string value "<example>1234</example>" is allowed If value = "<example>1234</example>" Then validationFailureIndex = -1 Return True Else ' Leave any further checks to ASP.NET Return MyBase.IsValidRequestString(context, value, requestValidationSource__1, collectionKey, validationFailureIndex) End If Else ' All other HTTP input checks are left to the base ASP.NET implementation. Return MyBase.IsValidRequestString(context, value, requestValidationSource__1, collectionKey, validationFailureIndex) End If End Function End Class...where all the code in it, up until the last Else, would be adjusted to verify for such possibiity and redirect to the domain.