tinymce with asp.net, ValidateRequest=false in page, is it dangerous?

Question

I am using tinymce editor in asp.net page. It was configured fine but when I tried to write soem text in editor it raised error "A potentially dangerous Request.Form value was detected from the client with timymce" I searched and came to know it was bascailly scan of input message form script and sql injection attaks.

To remove this error I put ValidateRequest=fasle in page heade in aspx page. Now I am sure input is not beign validated but is it unsecue now ?

Please guide me what type of threat it has now and what safty measure I can take to prevent it. The editor is being used for compose and store emails. I just read on some sites that client side script attaks are possible from input. Please guide and help.

Answer 1

I believe this answer is along the lines of what you are looking for.

Basically, you have to make sure you html encode/decode all the input fields where applicable. In reality, you cannot completely avoid it, unless you disable the validation. But if you are, make sure you take steps to avoid direct use of the input.