validateRequest=false 可以禁用请求验证

参看了MVP的利用WebClient和WebRequest类获得网页源代码于是想自己动手写点，当然是参考其的办法啦。

我这次下载了visual web developer 2005 express

按照上面的文章编写了代码，

我的btn函数如下

        string urlPage = "";

        urlPage = UrlText.Text;

        WebRequest request = WebRequest.Create(urlPage);

        WebResponse response = request.GetResponse();

        Stream resStream = response.GetResponseStream();

        StreamReader sr = new StreamReader(resStream, System.Text.Encoding.Default);

        ContentHtml.Text =sr.ReadToEnd();

        resStream.Close();

        sr.Close();

但是一debug运行发现出现了一下错误

A potentially dangerous Request.Form value was detected from the client

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an
attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that
your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ContentHtml="<html>

<head>

<met...").

仔细找了下解决方法和问题的原因原来是validaterequest的问题，以下是网络的参考连接，写的很详细，非常好呵呵

http://access911.net/index.asp?board=4&recordid=71FAB51E15DCE7F3

http://support.microsoft.com/default.aspx?scid=kb;en-us;821343&Product=aspnet

按照上面的说法解决方案又三种，

1.静止页面的validateRequest

<%@ Page validateRequest="false"  %>

2.设置web.config

 <configuration>

  <system.web>

    <pages validateRequest="false" />

  </system.web>

</configuration>

3.我个人认为是最好的，就是采用Server.HtmlEncode这个方法

我改动如下

  string urlPage = "";

        urlPage = UrlText.Text;

        WebRequest request = WebRequest.Create(urlPage);

        WebResponse response = request.GetResponse();

        Stream resStream = response.GetResponseStream();

        StreamReader sr = new StreamReader(resStream, System.Text.Encoding.Default);

        ContentHtml.Text = Server.HtmlEncode(sr.ReadToEnd());

        resStream.Close();

        sr.Close();

ok运行一下，搞定。不错不错